From 47e97d490c928f4e330e27253672ac254d82d678 Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Sat, 6 Mar 2021 20:52:08 +0100 Subject: [PATCH] Add config option to disable tls validation --- CMakeLists.txt | 2 +- io.github.NhekoReborn.Nheko.json | 2 +- src/ChatPage.cpp | 14 ++++++++++++-- src/LoginPage.cpp | 4 ++++ src/RegisterPage.cpp | 2 ++ src/UserSettingsPage.cpp | 16 ++++++++++++++++ src/UserSettingsPage.h | 6 ++++++ 7 files changed, 42 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b4f63953..8d31ee05 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -359,7 +359,7 @@ if(USE_BUNDLED_MTXCLIENT) FetchContent_Declare( MatrixClient GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git - GIT_TAG 53f8883a15649adb798b1f5e73671c84f68e3274 + GIT_TAG d0905f8facef2aa3dbaf40715d4375d5a99c9fc4 ) set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "") set(BUILD_LIB_TESTS OFF CACHE INTERNAL "") diff --git a/io.github.NhekoReborn.Nheko.json b/io.github.NhekoReborn.Nheko.json index 1794f92f..72142fcb 100644 --- a/io.github.NhekoReborn.Nheko.json +++ b/io.github.NhekoReborn.Nheko.json @@ -220,7 +220,7 @@ "name": "mtxclient", "sources": [ { - "commit": "53f8883a15649adb798b1f5e73671c84f68e3274", + "commit": "d0905f8facef2aa3dbaf40715d4375d5a99c9fc4", "type": "git", "url": "https://github.com/Nheko-Reborn/mtxclient.git" } diff --git a/src/ChatPage.cpp b/src/ChatPage.cpp index 99739e08..9a823f17 100644 --- a/src/ChatPage.cpp +++ b/src/ChatPage.cpp @@ -464,6 +464,8 @@ ChatPage::bootstrap(QString userid, QString homeserver, QString token) http::client()->set_server(homeserver.toStdString()); http::client()->set_access_token(token.toStdString()); + http::client()->verify_certificates( + !UserSettings::instance()->disableCertificateValidation()); // The Olm client needs the user_id & device_id that will be included // in the generated payloads & keys. @@ -764,7 +766,11 @@ ChatPage::startInitialSync() const auto err_code = mtx::errors::to_string(err->matrix_error.errcode); const int status_code = static_cast(err->status_code); - nhlog::net()->error("initial sync error: {} {}", status_code, err_code); + nhlog::net()->error("initial sync error: {} {} {} {}", + err->parse_error, + status_code, + err->error_code.message(), + err_code); // non http related errors if (status_code <= 0 || status_code >= 600) { @@ -890,7 +896,11 @@ ChatPage::trySync() return; } - nhlog::net()->error("sync error: {} {}", status_code, err_code); + nhlog::net()->error("initial sync error: {} {} {} {}", + err->parse_error, + status_code, + err->error_code.message(), + err_code); emit tryDelayedSyncCb(); return; } diff --git a/src/LoginPage.cpp b/src/LoginPage.cpp index 8e2aef26..c08e586f 100644 --- a/src/LoginPage.cpp +++ b/src/LoginPage.cpp @@ -19,6 +19,7 @@ #include "LoginPage.h" #include "MatrixClient.h" #include "SSOHandler.h" +#include "UserSettingsPage.h" #include "ui/FlatButton.h" #include "ui/LoadingIndicator.h" #include "ui/OverlayModal.h" @@ -256,6 +257,7 @@ LoginPage::onMatrixIdEntered() serverInput_->setText(homeServer); http::client()->set_server(user.hostname()); + http::client()->well_known([this](const mtx::responses::WellKnown &res, mtx::http::RequestErr err) { if (err) { @@ -383,6 +385,8 @@ void LoginPage::onLoginButtonClicked(LoginMethod loginMethod) { error_label_->setText(""); + http::client()->verify_certificates( + !UserSettings::instance()->disableCertificateValidation()); User user; diff --git a/src/RegisterPage.cpp b/src/RegisterPage.cpp index 6425e0b5..5c5545ec 100644 --- a/src/RegisterPage.cpp +++ b/src/RegisterPage.cpp @@ -404,6 +404,8 @@ RegisterPage::onRegisterButtonClicked() auto server = server_input_->text().toStdString(); http::client()->set_server(server); + http::client()->verify_certificates( + !UserSettings::instance()->disableCertificateValidation()); http::client()->registration( username, password, diff --git a/src/UserSettingsPage.cpp b/src/UserSettingsPage.cpp index 0714ed40..0edc1288 100644 --- a/src/UserSettingsPage.cpp +++ b/src/UserSettingsPage.cpp @@ -119,6 +119,9 @@ UserSettings::load(std::optional profile) userId_ = settings.value(prefix + "auth/user_id", "").toString(); deviceId_ = settings.value(prefix + "auth/device_id", "").toString(); + disableCertificateValidation_ = + settings.value("disable_certificate_validation", false).toBool(); + applyTheme(); } void @@ -526,6 +529,17 @@ UserSettings::setHomeserver(QString homeserver) save(); } +void +UserSettings::setDisableCertificateValidation(bool disabled) +{ + if (disabled == disableCertificateValidation_) + return; + disableCertificateValidation_ = disabled; + http::client()->verify_certificates(!disabled); + emit disableCertificateValidationChanged(disabled); + save(); +} + void UserSettings::applyTheme() { @@ -641,6 +655,8 @@ UserSettings::save() settings.setValue(prefix + "auth/user_id", userId_); settings.setValue(prefix + "auth/device_id", deviceId_); + settings.setValue("disable_certificate_validation", disableCertificateValidation_); + settings.sync(); } diff --git a/src/UserSettingsPage.h b/src/UserSettingsPage.h index f0b452cb..3ad0293b 100644 --- a/src/UserSettingsPage.h +++ b/src/UserSettingsPage.h @@ -92,6 +92,8 @@ class UserSettings : public QObject QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged) Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged) Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged) + Q_PROPERTY(bool disableCertificateValidation READ disableCertificateValidation WRITE + setDisableCertificateValidation NOTIFY disableCertificateValidationChanged) UserSettings(); @@ -150,6 +152,7 @@ public: void setAccessToken(QString accessToken); void setDeviceId(QString deviceId); void setHomeserver(QString homeserver); + void setDisableCertificateValidation(bool disabled); void setHiddenTags(QStringList hiddenTags); QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; } @@ -202,6 +205,7 @@ public: QString accessToken() const { return accessToken_; } QString deviceId() const { return deviceId_; } QString homeserver() const { return homeserver_; } + bool disableCertificateValidation() const { return disableCertificateValidation_; } QStringList hiddenTags() const { return hiddenTags_; } signals: @@ -244,6 +248,7 @@ signals: void accessTokenChanged(QString accessToken); void deviceIdChanged(QString deviceId); void homeserverChanged(QString homeserver); + void disableCertificateValidationChanged(bool disabled); private: // Default to system theme if QT_QPA_PLATFORMTHEME var is set. @@ -285,6 +290,7 @@ private: bool screenShareRemoteVideo_; bool screenShareHideCursor_; bool useStunServer_; + bool disableCertificateValidation_ = false; QString profile_; QString userId_; QString accessToken_;