Add option for HTTPS clients to not verify the peer's certificate

This commit is contained in:
2025-11-29 19:56:09 +01:00
parent 008772aef1
commit 954bcb7e3e
8 changed files with 70 additions and 10 deletions
+12 -1
View File
@@ -197,6 +197,17 @@ void http_request_builder_trace(HTTP_RequestBuilder builder, bool trace_bytes)
conn->trace_bytes = trace_bytes;
}
// TODO: comment
void http_request_builder_insecure(HTTP_RequestBuilder builder,
bool insecure)
{
HTTP_ClientConn *conn = request_builder_to_conn(builder);
if (conn == NULL)
return; // Invalid builder
conn->dont_verify_cert = insecure;
}
void http_request_builder_method(HTTP_RequestBuilder builder,
HTTP_Method method)
{
@@ -413,7 +424,7 @@ int http_request_builder_send(HTTP_RequestBuilder builder)
ConnectTarget target = url_to_connect_target(conn->url);
bool secure = http_streq(conn->url.scheme, HTTP_STR("https"));
if (socket_connect(&client->sockets, 1, &target, secure, conn) < 0)
if (socket_connect(&client->sockets, 1, &target, secure, conn->dont_verify_cert, conn) < 0)
goto error;
conn->state = HTTP_CLIENT_CONN_FLUSHING;
+7
View File
@@ -81,6 +81,9 @@ typedef struct {
// TODO: comment
bool trace_bytes;
// TODO: comment
bool dont_verify_cert;
// Allocated copy of the URL string
HTTP_String url_buffer;
@@ -170,6 +173,10 @@ void http_request_builder_set_user(HTTP_RequestBuilder builder,
void http_request_builder_trace(HTTP_RequestBuilder builder,
bool trace_bytes);
// TODO: comment
void http_request_builder_insecure(HTTP_RequestBuilder builder,
bool insecure);
// Set the method of the current request. This is the first
// function of the request builder that the user must call.
void http_request_builder_method(HTTP_RequestBuilder builder,
+1 -1
View File
@@ -229,7 +229,7 @@ void http_server_process_events(HTTP_Server *server,
if (events[i].type == SOCKET_EVENT_DISCONNECT) {
http_server_conn_free(conn);
http_server_conn_free(conn); // TODO: what if this was in the ready queue?
server->num_conns--;
} else if (events[i].type == SOCKET_EVENT_READY) {
+9 -2
View File
@@ -524,6 +524,9 @@ static void socket_update(Socket *s)
break;
}
SSL_set_verify(s->ssl, s->dont_verify_cert
? SSL_VERIFY_NONE : SSL_VERIFY_PEER, NULL);
AddressAndPort addr;
if (s->num_addr > 1)
addr = s->addrs[s->next_addr];
@@ -1007,7 +1010,8 @@ static int resolve_connect_targets(ConnectTarget *targets,
#define MAX_CONNECT_TARGETS 16
int socket_connect(SocketManager *sm, int num_targets,
ConnectTarget *targets, bool secure, void *user)
ConnectTarget *targets, bool secure, bool dont_verify_cert,
void *user)
{
if (sm->num_used == sm->max_used)
return HTTP_ERROR_UNSPECIFIED;
@@ -1057,8 +1061,11 @@ int socket_connect(SocketManager *sm, int num_targets,
s->server_secure_context = NULL;
s->client_secure_context = NULL;
s->ssl = NULL;
if (secure)
s->dont_verify_cert = false;
if (secure) {
s->client_secure_context = &sm->client_secure_context;
s->dont_verify_cert = dont_verify_cert;
}
#endif
sm->num_used++;
+3 -1
View File
@@ -173,6 +173,7 @@ typedef struct {
ClientSecureContext *client_secure_context;
ServerSecureContext *server_secure_context;
SSL *ssl;
bool dont_verify_cert;
#endif
} Socket;
@@ -312,7 +313,8 @@ typedef struct {
// one succedes. If secure=true, the socket uses TLS.
// Returns 0 on success, -1 on error.
int socket_connect(SocketManager *sm, int num_targets,
ConnectTarget *targets, bool secure, void *user);
ConnectTarget *targets, bool secure, bool dont_verify_cert,
void *user);
int socket_recv(SocketManager *sm, SocketHandle handle,
char *dst, int max);