Use blacklist to skip verification of certificates

2024-11-04 08:17:17 -05:00 · 2017-07-23 18:59:05 +02:00 · 2017-07-23 18:59:05 +02:00 · 442f4936dc
commit 442f4936dc
parent f43f5714e8
6 changed files with 9 additions and 8 deletions
--- a/src/network/connection.c
+++ b/src/network/connection.c
@ -1019,7 +1019,6 @@ load_uri(struct uri *uri, struct uri *referrer, struct download *download,
 	if (download) {
 		download->progress = conn->progress;
 		download->conn = conn;
 		conn->socket->verify = ((struct session *)download->data)->verify;
 		download->cached = NULL;
 		download->state = connection_state(S_OK);
 		add_to_list(conn->downloads, download);
--- a/src/network/socket.c
+++ b/src/network/socket.c
@ -146,7 +146,6 @@ init_socket(void *conn, struct socket_operations *ops)
 	socket->fd = -1;
 	socket->conn = conn;
 	socket->ops = ops;
 	socket->verify = 1;
 	return socket;
 }
@ -261,6 +260,7 @@ make_connection(struct socket *socket, struct uri *uri,
 	unsigned char *host = get_uri_string(uri, URI_DNS_HOST);
 	struct connect_info *connect_info;
 	enum dns_result result;
 	enum blacklist_flags verify;
 	socket->ops->set_timeout(socket, connection_state(0));
@ -286,6 +286,9 @@ make_connection(struct socket *socket, struct uri *uri,
 		socket->set_no_tls = 1;
 	}
 	verify = get_blacklist_flags(uri);
 	socket->verify = ((verify & SERVER_BLACKLIST_NO_CERT_VERIFY) == 0);
 	debug_transfer_log("\nCONNECTION: ", -1);
 	debug_transfer_log(host, -1);
 	debug_transfer_log("\n", -1);
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@ -405,6 +405,7 @@ ssl_connect(struct socket *socket)
 	/* TODO: Recode server_name to UTF-8.  */
 	server_name = get_uri_string(conn->proxied_uri, URI_HOST);
 	if (!server_name) {
 		socket->ops->done(socket, connection_state(S_OUT_OF_MEM));
 		return -1;
--- a/src/protocol/http/blacklist.h
+++ b/src/protocol/http/blacklist.h
@ -9,6 +9,7 @@ enum blacklist_flags {
 	SERVER_BLACKLIST_HTTP10 = 1,
 	SERVER_BLACKLIST_NO_CHARSET = 2,
 	SERVER_BLACKLIST_NO_TLS = 4,
 	SERVER_BLACKLIST_NO_CERT_VERIFY = 8,
 };
 void add_blacklist_entry(struct uri *, enum blacklist_flags);
--- a/src/session/session.c
+++ b/src/session/session.c
@ -31,6 +31,7 @@
 #include "network/connection.h"
 #include "network/state.h"
 #include "osdep/newwin.h"
 #include "protocol/http/blacklist.h"
 #include "protocol/protocol.h"
 #include "protocol/uri.h"
 #ifdef CONFIG_SCRIPTING_SPIDERMONKEY
@ -263,7 +264,7 @@ retry_connection_without_verification(void *data)
 	struct delayed_open *deo = (struct delayed_open *)data;
 	if (deo) {
-		deo->ses->verify = 0;
+		add_blacklist_entry(deo->uri, SERVER_BLACKLIST_NO_CERT_VERIFY);
 		goto_uri(deo->ses, deo->uri);
 		done_uri(deo->uri);
 		mem_free(deo);
@ -299,7 +300,7 @@ print_error_dialog(struct session *ses, struct connection_state state,
 	add_to_string(&msg, get_state_message(state, ses->tab->term));
-	if (!ses->verify || !uri) {
+	if (!uri) {
 		info_box(ses->tab->term, MSGBOX_FREE_TEXT,
 		N_("Error"), ALIGN_CENTER,
 		msg.source);
@ -919,8 +920,6 @@ init_session(struct session *base_session, struct terminal *term,
 		return NULL;
 	}
 	ses->verify = 1;
 	ses->option = copy_option(config_options,
 	                          CO_SHALLOW | CO_NO_LISTBOX_ITEM);
 	create_history(&ses->history);
--- a/src/session/session.h
+++ b/src/session/session.h
@ -229,8 +229,6 @@ struct session {
 	/** The info for status displaying */
 	struct session_status status;
 	/** Verify SSL */
 	unsigned int verify:1;
 	/** @} */
 };