Add config option to disable tls validation

2021-03-06 20:52:08 +01:00 · 2021-03-06 20:52:08 +01:00 · 47e97d490c
parent 973ec13ad8
commit 47e97d490c
7 changed files with 42 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -359,7 +359,7 @@ if(USE_BUNDLED_MTXCLIENT)
 	FetchContent_Declare(
 		MatrixClient
 		GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
-		GIT_TAG        53f8883a15649adb798b1f5e73671c84f68e3274
+		GIT_TAG        d0905f8facef2aa3dbaf40715d4375d5a99c9fc4
 		)
 	set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
 	set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
--- a/io.github.NhekoReborn.Nheko.json
+++ b/io.github.NhekoReborn.Nheko.json
@ -220,7 +220,7 @@
      "name": "mtxclient",
      "sources": [
        {
-          "commit": "53f8883a15649adb798b1f5e73671c84f68e3274",
+          "commit": "d0905f8facef2aa3dbaf40715d4375d5a99c9fc4",
          "type": "git",
          "url": "https://github.com/Nheko-Reborn/mtxclient.git"
        }
--- a/src/ChatPage.cpp
+++ b/src/ChatPage.cpp
@ -464,6 +464,8 @@ ChatPage::bootstrap(QString userid, QString homeserver, QString token)

        http::client()->set_server(homeserver.toStdString());
        http::client()->set_access_token(token.toStdString());
+        http::client()->verify_certificates(
+          !UserSettings::instance()->disableCertificateValidation());

        // The Olm client needs the user_id & device_id that will be included
        // in the generated payloads & keys.
@ -764,7 +766,11 @@ ChatPage::startInitialSync()
                          const auto err_code   = mtx::errors::to_string(err->matrix_error.errcode);
                          const int status_code = static_cast<int>(err->status_code);

-                          nhlog::net()->error("initial sync error: {} {}", status_code, err_code);
+                          nhlog::net()->error("initial sync error: {} {} {} {}",
+                                              err->parse_error,
+                                              status_code,
+                                              err->error_code.message(),
+                                              err_code);

                          // non http related errors
                          if (status_code <= 0 || status_code >= 600) {
@ -890,7 +896,11 @@ ChatPage::trySync()
                                  return;
                          }

-                          nhlog::net()->error("sync error: {} {}", status_code, err_code);
+                          nhlog::net()->error("initial sync error: {} {} {} {}",
+                                              err->parse_error,
+                                              status_code,
+                                              err->error_code.message(),
+                                              err_code);
                          emit tryDelayedSyncCb();
                          return;
                  }
--- a/src/LoginPage.cpp
+++ b/src/LoginPage.cpp
@ -19,6 +19,7 @@
 #include "LoginPage.h"
 #include "MatrixClient.h"
 #include "SSOHandler.h"
+#include "UserSettingsPage.h"
 #include "ui/FlatButton.h"
 #include "ui/LoadingIndicator.h"
 #include "ui/OverlayModal.h"
@ -256,6 +257,7 @@ LoginPage::onMatrixIdEntered()
                serverInput_->setText(homeServer);

                http::client()->set_server(user.hostname());
+
                http::client()->well_known([this](const mtx::responses::WellKnown &res,
                                                  mtx::http::RequestErr err) {
                        if (err) {
@ -383,6 +385,8 @@ void
 LoginPage::onLoginButtonClicked(LoginMethod loginMethod)
 {
        error_label_->setText("");
+        http::client()->verify_certificates(
+          !UserSettings::instance()->disableCertificateValidation());

        User user;

--- a/src/RegisterPage.cpp
+++ b/src/RegisterPage.cpp
@ -404,6 +404,8 @@ RegisterPage::onRegisterButtonClicked()
                auto server   = server_input_->text().toStdString();

                http::client()->set_server(server);
+                http::client()->verify_certificates(
+                  !UserSettings::instance()->disableCertificateValidation());
                http::client()->registration(
                  username,
                  password,
--- a/src/UserSettingsPage.cpp
+++ b/src/UserSettingsPage.cpp
@ -119,6 +119,9 @@ UserSettings::load(std::optional<QString> profile)
        userId_      = settings.value(prefix + "auth/user_id", "").toString();
        deviceId_    = settings.value(prefix + "auth/device_id", "").toString();

+        disableCertificateValidation_ =
+          settings.value("disable_certificate_validation", false).toBool();
+
        applyTheme();
 }
 void
@ -526,6 +529,17 @@ UserSettings::setHomeserver(QString homeserver)
        save();
 }

+void
+UserSettings::setDisableCertificateValidation(bool disabled)
+{
+        if (disabled == disableCertificateValidation_)
+                return;
+        disableCertificateValidation_ = disabled;
+        http::client()->verify_certificates(!disabled);
+        emit disableCertificateValidationChanged(disabled);
+        save();
+}
+
 void
 UserSettings::applyTheme()
 {
@ -641,6 +655,8 @@ UserSettings::save()
        settings.setValue(prefix + "auth/user_id", userId_);
        settings.setValue(prefix + "auth/device_id", deviceId_);

+        settings.setValue("disable_certificate_validation", disableCertificateValidation_);
+
        settings.sync();
 }

--- a/src/UserSettingsPage.h
+++ b/src/UserSettingsPage.h
@ -92,6 +92,8 @@ class UserSettings : public QObject
          QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged)
        Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged)
        Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged)
+        Q_PROPERTY(bool disableCertificateValidation READ disableCertificateValidation WRITE
+                     setDisableCertificateValidation NOTIFY disableCertificateValidationChanged)

        UserSettings();

@ -150,6 +152,7 @@ public:
        void setAccessToken(QString accessToken);
        void setDeviceId(QString deviceId);
        void setHomeserver(QString homeserver);
+        void setDisableCertificateValidation(bool disabled);
        void setHiddenTags(QStringList hiddenTags);

        QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; }
@ -202,6 +205,7 @@ public:
        QString accessToken() const { return accessToken_; }
        QString deviceId() const { return deviceId_; }
        QString homeserver() const { return homeserver_; }
+        bool disableCertificateValidation() const { return disableCertificateValidation_; }
        QStringList hiddenTags() const { return hiddenTags_; }

 signals:
@ -244,6 +248,7 @@ signals:
        void accessTokenChanged(QString accessToken);
        void deviceIdChanged(QString deviceId);
        void homeserverChanged(QString homeserver);
+        void disableCertificateValidationChanged(bool disabled);

 private:
        // Default to system theme if QT_QPA_PLATFORMTHEME var is set.
@ -285,6 +290,7 @@ private:
        bool screenShareRemoteVideo_;
        bool screenShareHideCursor_;
        bool useStunServer_;
+        bool disableCertificateValidation_ = false;
        QString profile_;
        QString userId_;
        QString accessToken_;