Add config option to disable tls validation

CMakeLists.txt

@@ -359,7 +359,7 @@ if(USE_BUNDLED_MTXCLIENT)
 	FetchContent_Declare(
 		MatrixClient
 		GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
-		GIT_TAG        53f8883a15649adb798b1f5e73671c84f68e3274
+		GIT_TAG        d0905f8facef2aa3dbaf40715d4375d5a99c9fc4
 		)
 	set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
 	set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")

io.github.NhekoReborn.Nheko.json

@@ -220,7 +220,7 @@
       "name": "mtxclient",
       "sources": [
         {
-          "commit": "53f8883a15649adb798b1f5e73671c84f68e3274",
+          "commit": "d0905f8facef2aa3dbaf40715d4375d5a99c9fc4",
           "type": "git",
           "url": "https://github.com/Nheko-Reborn/mtxclient.git"
         }

src/ChatPage.cpp

@@ -464,6 +464,8 @@ ChatPage::bootstrap(QString userid, QString homeserver, QString token)
 
         http::client()->set_server(homeserver.toStdString());
         http::client()->set_access_token(token.toStdString());
+        http::client()->verify_certificates(
+          !UserSettings::instance()->disableCertificateValidation());
 
         // The Olm client needs the user_id & device_id that will be included
         // in the generated payloads & keys.
@@ -764,7 +766,11 @@ ChatPage::startInitialSync()
                           const auto err_code   = mtx::errors::to_string(err->matrix_error.errcode);
                           const int status_code = static_cast<int>(err->status_code);
 
-                          nhlog::net()->error("initial sync error: {} {}", status_code, err_code);
+                          nhlog::net()->error("initial sync error: {} {} {} {}",
+                                              err->parse_error,
+                                              status_code,
+                                              err->error_code.message(),
+                                              err_code);
 
                           // non http related errors
                           if (status_code <= 0 || status_code >= 600) {
@@ -890,7 +896,11 @@ ChatPage::trySync()
                                   return;
                           }
 
-                          nhlog::net()->error("sync error: {} {}", status_code, err_code);
+                          nhlog::net()->error("initial sync error: {} {} {} {}",
+                                              err->parse_error,
+                                              status_code,
+                                              err->error_code.message(),
+                                              err_code);
                           emit tryDelayedSyncCb();
                           return;
                   }

src/LoginPage.cpp

@@ -19,6 +19,7 @@
 #include "LoginPage.h"
 #include "MatrixClient.h"
 #include "SSOHandler.h"
+#include "UserSettingsPage.h"
 #include "ui/FlatButton.h"
 #include "ui/LoadingIndicator.h"
 #include "ui/OverlayModal.h"
@@ -256,6 +257,7 @@ LoginPage::onMatrixIdEntered()
                 serverInput_->setText(homeServer);
 
                 http::client()->set_server(user.hostname());
+
                 http::client()->well_known([this](const mtx::responses::WellKnown &res,
                                                   mtx::http::RequestErr err) {
                         if (err) {
@@ -383,6 +385,8 @@ void
 LoginPage::onLoginButtonClicked(LoginMethod loginMethod)
 {
         error_label_->setText("");
+        http::client()->verify_certificates(
+          !UserSettings::instance()->disableCertificateValidation());
 
         User user;
 

src/RegisterPage.cpp

@@ -404,6 +404,8 @@ RegisterPage::onRegisterButtonClicked()
                 auto server   = server_input_->text().toStdString();
 
                 http::client()->set_server(server);
+                http::client()->verify_certificates(
+                  !UserSettings::instance()->disableCertificateValidation());
                 http::client()->registration(
                   username,
                   password,

src/UserSettingsPage.cpp

@@ -119,6 +119,9 @@ UserSettings::load(std::optional<QString> profile)
         userId_      = settings.value(prefix + "auth/user_id", "").toString();
         deviceId_    = settings.value(prefix + "auth/device_id", "").toString();
 
+        disableCertificateValidation_ =
+          settings.value("disable_certificate_validation", false).toBool();
+
         applyTheme();
 }
 void
@@ -526,6 +529,17 @@ UserSettings::setHomeserver(QString homeserver)
         save();
 }
 
+void
+UserSettings::setDisableCertificateValidation(bool disabled)
+{
+        if (disabled == disableCertificateValidation_)
+                return;
+        disableCertificateValidation_ = disabled;
+        http::client()->verify_certificates(!disabled);
+        emit disableCertificateValidationChanged(disabled);
+        save();
+}
+
 void
 UserSettings::applyTheme()
 {
@@ -641,6 +655,8 @@ UserSettings::save()
         settings.setValue(prefix + "auth/user_id", userId_);
         settings.setValue(prefix + "auth/device_id", deviceId_);
 
+        settings.setValue("disable_certificate_validation", disableCertificateValidation_);
+
         settings.sync();
 }
 

src/UserSettingsPage.h

@@ -92,6 +92,8 @@ class UserSettings : public QObject
           QString accessToken READ accessToken WRITE setAccessToken NOTIFY accessTokenChanged)
         Q_PROPERTY(QString deviceId READ deviceId WRITE setDeviceId NOTIFY deviceIdChanged)
         Q_PROPERTY(QString homeserver READ homeserver WRITE setHomeserver NOTIFY homeserverChanged)
+        Q_PROPERTY(bool disableCertificateValidation READ disableCertificateValidation WRITE
+                     setDisableCertificateValidation NOTIFY disableCertificateValidationChanged)
 
         UserSettings();
 
@@ -150,6 +152,7 @@ public:
         void setAccessToken(QString accessToken);
         void setDeviceId(QString deviceId);
         void setHomeserver(QString homeserver);
+        void setDisableCertificateValidation(bool disabled);
         void setHiddenTags(QStringList hiddenTags);
 
         QString theme() const { return !theme_.isEmpty() ? theme_ : defaultTheme_; }
@@ -202,6 +205,7 @@ public:
         QString accessToken() const { return accessToken_; }
         QString deviceId() const { return deviceId_; }
         QString homeserver() const { return homeserver_; }
+        bool disableCertificateValidation() const { return disableCertificateValidation_; }
         QStringList hiddenTags() const { return hiddenTags_; }
 
 signals:
@@ -244,6 +248,7 @@ signals:
         void accessTokenChanged(QString accessToken);
         void deviceIdChanged(QString deviceId);
         void homeserverChanged(QString homeserver);
+        void disableCertificateValidationChanged(bool disabled);
 
 private:
         // Default to system theme if QT_QPA_PLATFORMTHEME var is set.
@@ -285,6 +290,7 @@ private:
         bool screenShareRemoteVideo_;
         bool screenShareHideCursor_;
         bool useStunServer_;
+        bool disableCertificateValidation_ = false;
         QString profile_;
         QString userId_;
         QString accessToken_;