Add config option to disable tls validation

This commit is contained in:
Nicolas Werner 2021-03-06 20:52:08 +01:00
parent 973ec13ad8
commit 47e97d490c
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
7 changed files with 42 additions and 4 deletions

View file

@ -359,7 +359,7 @@ if(USE_BUNDLED_MTXCLIENT)
FetchContent_Declare( FetchContent_Declare(
MatrixClient MatrixClient
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
GIT_TAG 53f8883a15649adb798b1f5e73671c84f68e3274 GIT_TAG d0905f8facef2aa3dbaf40715d4375d5a99c9fc4
) )
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "") set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "") set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")

View file

@ -220,7 +220,7 @@
"name": "mtxclient", "name": "mtxclient",
"sources": [ "sources": [
{ {
"commit": "53f8883a15649adb798b1f5e73671c84f68e3274", "commit": "d0905f8facef2aa3dbaf40715d4375d5a99c9fc4",
"type": "git", "type": "git",
"url": "https://github.com/Nheko-Reborn/mtxclient.git" "url": "https://github.com/Nheko-Reborn/mtxclient.git"
} }

View file

@ -464,6 +464,8 @@ ChatPage::bootstrap(QString userid, QString homeserver, QString token)
http::client()->set_server(homeserver.toStdString()); http::client()->set_server(homeserver.toStdString());
http::client()->set_access_token(token.toStdString()); http::client()->set_access_token(token.toStdString());
http::client()->verify_certificates(
!UserSettings::instance()->disableCertificateValidation());
// The Olm client needs the user_id & device_id that will be included // The Olm client needs the user_id & device_id that will be included
// in the generated payloads & keys. // in the generated payloads & keys.
@ -764,7 +766,11 @@ ChatPage::startInitialSync()
const auto err_code = mtx::errors::to_string(err->matrix_error.errcode); const auto err_code = mtx::errors::to_string(err->matrix_error.errcode);
const int status_code = static_cast<int>(err->status_code); const int status_code = static_cast<int>(err->status_code);
nhlog::net()->error("initial sync error: {} {}", status_code, err_code); nhlog::net()->error("initial sync error: {} {} {} {}",
err->parse_error,
status_code,
err->error_code.message(),
err_code);
// non http related errors // non http related errors
if (status_code <= 0 || status_code >= 600) { if (status_code <= 0 || status_code >= 600) {
@ -890,7 +896,11 @@ ChatPage::trySync()
return; return;
} }
nhlog::net()->error("sync error: {} {}", status_code, err_code); nhlog::net()->error("initial sync error: {} {} {} {}",
err->parse_error,
status_code,
err->error_code.message(),
err_code);
emit tryDelayedSyncCb(); emit tryDelayedSyncCb();
return; return;
} }

View file

@ -19,6 +19,7 @@
#include "LoginPage.h" #include "LoginPage.h"
#include "MatrixClient.h" #include "MatrixClient.h"
#include "SSOHandler.h" #include "SSOHandler.h"
#include "UserSettingsPage.h"
#include "ui/FlatButton.h" #include "ui/FlatButton.h"
#include "ui/LoadingIndicator.h" #include "ui/LoadingIndicator.h"
#include "ui/OverlayModal.h" #include "ui/OverlayModal.h"
@ -256,6 +257,7 @@ LoginPage::onMatrixIdEntered()
serverInput_->setText(homeServer); serverInput_->setText(homeServer);
http::client()->set_server(user.hostname()); http::client()->set_server(user.hostname());
http::client()->well_known([this](const mtx::responses::WellKnown &res, http::client()->well_known([this](const mtx::responses::WellKnown &res,
mtx::http::RequestErr err) { mtx::http::RequestErr err) {
if (err) { if (err) {
@ -383,6 +385,8 @@ void
LoginPage::onLoginButtonClicked(LoginMethod loginMethod) LoginPage::onLoginButtonClicked(LoginMethod loginMethod)
{ {
error_label_->setText(""); error_label_->setText("");
http::client()->verify_certificates(
!UserSettings::instance()->disableCertificateValidation());
User user; User user;

View file

@ -404,6 +404,8 @@ RegisterPage::onRegisterButtonClicked()
auto server = server_input_->text().toStdString(); auto server = server_input_->text().toStdString();
http::client()->set_server(server); http::client()->set_server(server);
http::client()->verify_certificates(
!UserSettings::instance()->disableCertificateValidation());
http::client()->registration( http::client()->registration(
username, username,
password, password,

View file

@ -119,6 +119,9 @@ UserSettings::load(std::optional<QString> profile)
userId_ = settings.value(prefix + "auth/user_id", "").toString(); userId_ = settings.value(prefix + "auth/user_id", "").toString();
deviceId_ = settings.value(prefix + "auth/device_id", "").toString(); deviceId_ = settings.value(prefix + "auth/device_id", "").toString();
disableCertificateValidation_ =
settings.value("disable_certificate_validation", false).toBool();
applyTheme(); applyTheme();
} }
void void
@ -526,6 +529,17 @@ UserSettings::setHomeserver(QString homeserver)
save(); save();
} }
void
UserSettings::setDisableCertificateValidation(bool disabled)
{
if (disabled == disableCertificateValidation_)
return;
disableCertificateValidation_ = disabled;
http::client()->verify_certificates(!disabled);
emit disableCertificateValidationChanged(disabled);
save();
}
void void
UserSettings::applyTheme() UserSettings::applyTheme()
{ {
@ -641,6 +655,8 @@ UserSettings::save()
settings.setValue(prefix + "auth/user_id", userId_); settings.setValue(prefix + "auth/user_id", userId_);
settings.setValue(prefix + "auth/device_id", deviceId_); settings.setValue(prefix + "auth/device_id", deviceId_);
settings.setValue("disable_certificate_validation", disableCertificateValidation_);
settings.sync(); settings.sync();
} }

View file

@ -92,6 +92,8 @@ class UserSettings : public QObject
QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged) QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged)
Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged) Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged)
Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged) Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged)
Q_PROPERTY(bool disableCertificateValidation READ disableCertificateValidation WRITE
setDisableCertificateValidation NOTIFY disableCertificateValidationChanged)
UserSettings(); UserSettings();
@ -150,6 +152,7 @@ public:
void setAccessToken(QString accessToken); void setAccessToken(QString accessToken);
void setDeviceId(QString deviceId); void setDeviceId(QString deviceId);
void setHomeserver(QString homeserver); void setHomeserver(QString homeserver);
void setDisableCertificateValidation(bool disabled);
void setHiddenTags(QStringList hiddenTags); void setHiddenTags(QStringList hiddenTags);
QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; } QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; }
@ -202,6 +205,7 @@ public:
QString accessToken() const { return accessToken_; } QString accessToken() const { return accessToken_; }
QString deviceId() const { return deviceId_; } QString deviceId() const { return deviceId_; }
QString homeserver() const { return homeserver_; } QString homeserver() const { return homeserver_; }
bool disableCertificateValidation() const { return disableCertificateValidation_; }
QStringList hiddenTags() const { return hiddenTags_; } QStringList hiddenTags() const { return hiddenTags_; }
signals: signals:
@ -244,6 +248,7 @@ signals:
void accessTokenChanged(QString accessToken); void accessTokenChanged(QString accessToken);
void deviceIdChanged(QString deviceId); void deviceIdChanged(QString deviceId);
void homeserverChanged(QString homeserver); void homeserverChanged(QString homeserver);
void disableCertificateValidationChanged(bool disabled);
private: private:
// Default to system theme if QT_QPA_PLATFORMTHEME var is set. // Default to system theme if QT_QPA_PLATFORMTHEME var is set.
@ -285,6 +290,7 @@ private:
bool screenShareRemoteVideo_; bool screenShareRemoteVideo_;
bool screenShareHideCursor_; bool screenShareHideCursor_;
bool useStunServer_; bool useStunServer_;
bool disableCertificateValidation_ = false;
QString profile_; QString profile_;
QString userId_; QString userId_;
QString accessToken_; QString accessToken_;