LibTLS: Add option to allow self-signed certificates

With this option enabled self-signed certificates will be accepted, eventhough they cannot be verified.
Author: https://github.com/msvisser Commit: https://github.com/SerenityOS/serenity/commit/7bc3b193c0 Pull-request: https://github.com/SerenityOS/serenity/pull/12739 Reviewed-by: https://github.com/alimpfard
2024-09-30 00:31:14 +00:00 · 2022-02-23 18:21:21 +01:00 · 2022-02-23 18:21:21 +01:00 · 7bc3b193c0 · 2024-07-17 11:44:49 +09:00
parent 804af863b4
commit 7bc3b193c0
2 changed files with 2 additions and 1 deletions
--- a/Userland/Libraries/LibTLS/TLSv12.cpp
+++ b/Userland/Libraries/LibTLS/TLSv12.cpp
@ -283,7 +283,7 @@ bool Context::verify_chain(StringView host) const
        } else {
            if (subject_string == issuer_string) {
                dbgln("verify_chain: Non-root self-signed certificate");
-                return false;
+                return options.allow_self_signed_certificates;
            }
            if ((cert_index + 1) >= local_chain->size()) {
                dbgln("verify_chain: No trusted root certificate found before end of certificate chain");
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@ -252,6 +252,7 @@ struct Options {
    OPTION_WITH_DEFAULTS(bool, use_sni, true)
    OPTION_WITH_DEFAULTS(bool, use_compression, false)
    OPTION_WITH_DEFAULTS(bool, validate_certificates, true)
+    OPTION_WITH_DEFAULTS(bool, allow_self_signed_certificates, false)
    OPTION_WITH_DEFAULTS(Optional<Vector<Certificate>>, root_certificates, )
    OPTION_WITH_DEFAULTS(Function<void(AlertDescription)>, alert_handler, [](auto) {})
    OPTION_WITH_DEFAULTS(Function<void()>, finish_callback, [] {})