From 47e97d490c928f4e330e27253672ac254d82d678 Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Sat, 6 Mar 2021 20:52:08 +0100
Subject: [PATCH] Add config option to disable tls validation
---
CMakeLists.txt | 2 +-
io.github.NhekoReborn.Nheko.json | 2 +-
src/ChatPage.cpp | 14 ++++++++++++--
src/LoginPage.cpp | 4 ++++
src/RegisterPage.cpp | 2 ++
src/UserSettingsPage.cpp | 16 ++++++++++++++++
src/UserSettingsPage.h | 6 ++++++
7 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b4f639531..8d31ee053 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -359,7 +359,7 @@ if(USE_BUNDLED_MTXCLIENT)
FetchContent_Declare(
MatrixClient
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
- GIT_TAG 53f8883a15649adb798b1f5e73671c84f68e3274
+ GIT_TAG d0905f8facef2aa3dbaf40715d4375d5a99c9fc4
)
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
diff --git a/io.github.NhekoReborn.Nheko.json b/io.github.NhekoReborn.Nheko.json
index 1794f92f6..72142fcb9 100644
--- a/io.github.NhekoReborn.Nheko.json
+++ b/io.github.NhekoReborn.Nheko.json
@@ -220,7 +220,7 @@
"name": "mtxclient",
"sources": [
{
- "commit": "53f8883a15649adb798b1f5e73671c84f68e3274",
+ "commit": "d0905f8facef2aa3dbaf40715d4375d5a99c9fc4",
"type": "git",
"url": "https://github.com/Nheko-Reborn/mtxclient.git"
}
diff --git a/src/ChatPage.cpp b/src/ChatPage.cpp
index 99739e087..9a823f178 100644
--- a/src/ChatPage.cpp
+++ b/src/ChatPage.cpp
@@ -464,6 +464,8 @@ ChatPage::bootstrap(QString userid, QString homeserver, QString token)
http::client()->set_server(homeserver.toStdString());
http::client()->set_access_token(token.toStdString());
+ http::client()->verify_certificates(
+ !UserSettings::instance()->disableCertificateValidation());
// The Olm client needs the user_id & device_id that will be included
// in the generated payloads & keys.
@@ -764,7 +766,11 @@ ChatPage::startInitialSync()
const auto err_code = mtx::errors::to_string(err->matrix_error.errcode);
const int status_code = static_cast<int>(err->status_code);
- nhlog::net()->error("initial sync error: {} {}", status_code, err_code);
+ nhlog::net()->error("initial sync error: {} {} {} {}",
+ err->parse_error,
+ status_code,
+ err->error_code.message(),
+ err_code);
// non http related errors
if (status_code <= 0 || status_code >= 600) {
@@ -890,7 +896,11 @@ ChatPage::trySync()
return;
}
- nhlog::net()->error("sync error: {} {}", status_code, err_code);
+ nhlog::net()->error("initial sync error: {} {} {} {}",
+ err->parse_error,
+ status_code,
+ err->error_code.message(),
+ err_code);
emit tryDelayedSyncCb();
return;
}
diff --git a/src/LoginPage.cpp b/src/LoginPage.cpp
index 8e2aef262..c08e586fc 100644
--- a/src/LoginPage.cpp
+++ b/src/LoginPage.cpp
@@ -19,6 +19,7 @@
#include "LoginPage.h"
#include "MatrixClient.h"
#include "SSOHandler.h"
+#include "UserSettingsPage.h"
#include "ui/FlatButton.h"
#include "ui/LoadingIndicator.h"
#include "ui/OverlayModal.h"
@@ -256,6 +257,7 @@ LoginPage::onMatrixIdEntered()
serverInput_->setText(homeServer);
http::client()->set_server(user.hostname());
+
http::client()->well_known([this](const mtx::responses::WellKnown &res,
mtx::http::RequestErr err) {
if (err) {
@@ -383,6 +385,8 @@ void
LoginPage::onLoginButtonClicked(LoginMethod loginMethod)
{
error_label_->setText("");
+ http::client()->verify_certificates(
+ !UserSettings::instance()->disableCertificateValidation());
User user;
diff --git a/src/RegisterPage.cpp b/src/RegisterPage.cpp
index 6425e0b55..5c5545ecd 100644
--- a/src/RegisterPage.cpp
+++ b/src/RegisterPage.cpp
@@ -404,6 +404,8 @@ RegisterPage::onRegisterButtonClicked()
auto server = server_input_->text().toStdString();
http::client()->set_server(server);
+ http::client()->verify_certificates(
+ !UserSettings::instance()->disableCertificateValidation());
http::client()->registration(
username,
password,
diff --git a/src/UserSettingsPage.cpp b/src/UserSettingsPage.cpp
index 0714ed40d..0edc12881 100644
--- a/src/UserSettingsPage.cpp
+++ b/src/UserSettingsPage.cpp
@@ -119,6 +119,9 @@ UserSettings::load(std::optional<QString> profile)
userId_ = settings.value(prefix + "auth/user_id", "").toString();
deviceId_ = settings.value(prefix + "auth/device_id", "").toString();
+ disableCertificateValidation_ =
+ settings.value("disable_certificate_validation", false).toBool();
+
applyTheme();
}
void
@@ -526,6 +529,17 @@ UserSettings::setHomeserver(QString homeserver)
save();
}
+void
+UserSettings::setDisableCertificateValidation(bool disabled)
+{
+ if (disabled == disableCertificateValidation_)
+ return;
+ disableCertificateValidation_ = disabled;
+ http::client()->verify_certificates(!disabled);
+ emit disableCertificateValidationChanged(disabled);
+ save();
+}
+
void
UserSettings::applyTheme()
{
@@ -641,6 +655,8 @@ UserSettings::save()
settings.setValue(prefix + "auth/user_id", userId_);
settings.setValue(prefix + "auth/device_id", deviceId_);
+ settings.setValue("disable_certificate_validation", disableCertificateValidation_);
+
settings.sync();
}
diff --git a/src/UserSettingsPage.h b/src/UserSettingsPage.h
index f0b452cb7..3ad0293b8 100644
--- a/src/UserSettingsPage.h
+++ b/src/UserSettingsPage.h
@@ -92,6 +92,8 @@ class UserSettings : public QObject
QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged)
Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged)
Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged)
+ Q_PROPERTY(bool disableCertificateValidation READ disableCertificateValidation WRITE
+ setDisableCertificateValidation NOTIFY disableCertificateValidationChanged)
UserSettings();
@@ -150,6 +152,7 @@ public:
void setAccessToken(QString accessToken);
void setDeviceId(QString deviceId);
void setHomeserver(QString homeserver);
+ void setDisableCertificateValidation(bool disabled);
void setHiddenTags(QStringList hiddenTags);
QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; }
@@ -202,6 +205,7 @@ public:
QString accessToken() const { return accessToken_; }
QString deviceId() const { return deviceId_; }
QString homeserver() const { return homeserver_; }
+ bool disableCertificateValidation() const { return disableCertificateValidation_; }
QStringList hiddenTags() const { return hiddenTags_; }
signals:
@@ -244,6 +248,7 @@ signals:
void accessTokenChanged(QString accessToken);
void deviceIdChanged(QString deviceId);
void homeserverChanged(QString homeserver);
+ void disableCertificateValidationChanged(bool disabled);
private:
// Default to system theme if QT_QPA_PLATFORMTHEME var is set.
@@ -285,6 +290,7 @@ private:
bool screenShareRemoteVideo_;
bool screenShareHideCursor_;
bool useStunServer_;
+ bool disableCertificateValidation_ = false;
QString profile_;
QString userId_;
QString accessToken_;
--
GitLab