From 7bc3b193c0b7590e9eff477f8b9fd42863260958 Mon Sep 17 00:00:00 2001 From: Michiel Visser Date: Wed, 23 Feb 2022 18:21:21 +0100 Subject: [PATCH] LibTLS: Add option to allow self-signed certificates With this option enabled self-signed certificates will be accepted, eventhough they cannot be verified. --- Userland/Libraries/LibTLS/TLSv12.cpp | 2 +- Userland/Libraries/LibTLS/TLSv12.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp index bfd4749745..820e5078b1 100644 --- a/Userland/Libraries/LibTLS/TLSv12.cpp +++ b/Userland/Libraries/LibTLS/TLSv12.cpp @@ -283,7 +283,7 @@ bool Context::verify_chain(StringView host) const } else { if (subject_string == issuer_string) { dbgln("verify_chain: Non-root self-signed certificate"); - return false; + return options.allow_self_signed_certificates; } if ((cert_index + 1) >= local_chain->size()) { dbgln("verify_chain: No trusted root certificate found before end of certificate chain"); diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h index 8f6bef402b..a3055c18d5 100644 --- a/Userland/Libraries/LibTLS/TLSv12.h +++ b/Userland/Libraries/LibTLS/TLSv12.h @@ -252,6 +252,7 @@ struct Options { OPTION_WITH_DEFAULTS(bool, use_sni, true) OPTION_WITH_DEFAULTS(bool, use_compression, false) OPTION_WITH_DEFAULTS(bool, validate_certificates, true) + OPTION_WITH_DEFAULTS(bool, allow_self_signed_certificates, false) OPTION_WITH_DEFAULTS(Optional>, root_certificates, ) OPTION_WITH_DEFAULTS(Function, alert_handler, [](auto) {}) OPTION_WITH_DEFAULTS(Function, finish_callback, [] {})