Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add wxWebRequest::DisablePeerVerify()

Browse Source 
This method allows insecure HTTPS connections when required
This commit is contained in:
Tobias Taschner
2021-01-19 12:04:36 +01:00
parent bf1b0716e0
commit 036b7f29a7
8 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/wx/private/webrequest.h
View File

@@ -96,6 +96,10 @@ public:
virtual wxWebRequestHandle GetNativeHandle() const = 0; virtual wxWebRequestHandle GetNativeHandle() const = 0;
void DisablePeerVerify(bool disable) { m_peerVerifyDisabled = disable; }
bool IsPeerVerifyDisabled() { return m_peerVerifyDisabled; }
void SetState(wxWebRequest::State state, const wxString& failMsg = wxString()); void SetState(wxWebRequest::State state, const wxString& failMsg = wxString());
void ReportDataReceived(size_t sizeReceived); void ReportDataReceived(size_t sizeReceived);
@@ -110,6 +114,7 @@ protected:
wxWebRequestHeaderMap m_headers; wxWebRequestHeaderMap m_headers;
wxFileOffset m_dataSize; wxFileOffset m_dataSize;
wxScopedPtr<wxInputStream> m_dataStream; wxScopedPtr<wxInputStream> m_dataStream;
bool m_peerVerifyDisabled;
wxWebRequestImpl(wxWebSession& session, wxWebRequestImpl(wxWebSession& session,
wxWebSessionImpl& sessionImpl, wxWebSessionImpl& sessionImpl,

4
include/wx/webrequest.h
View File

@@ -188,6 +188,10 @@ public:
wxWebRequestHandle GetNativeHandle() const; wxWebRequestHandle GetNativeHandle() const;
void DisablePeerVerify(bool disable = true);
bool IsPeerVerifyDisabled();
private: private:
// Ctor is only used by wxWebSession. // Ctor is only used by wxWebSession.
friend class wxWebSession; friend class wxWebSession;

16
interface/wx/webrequest.h
View File

@@ -391,6 +391,22 @@ public:
server. server.
*/ */
void SetStorage(Storage storage); void SetStorage(Storage storage);
/**
Disable SSL certificate verification.
This can be used to connect to self signed servers or other invalid
SSL connections. Disabling verification makes the communication
insecure.
*/
void DisablePeerVerify(bool disable = true);
/**
Returns if peer verification has been disabled.
@see DisablePeerVerify()
*/
bool IsPeerVerifyDisabled();
///@} ///@}
/** @name Progress methods /** @name Progress methods

13
src/common/webrequest.cpp
View File

@@ -62,6 +62,7 @@ wxWebRequestImpl::wxWebRequestImpl(wxWebSession& session,
: m_storage(wxWebRequest::Storage_Memory), : m_storage(wxWebRequest::Storage_Memory),
m_headers(sessionImpl.GetHeaders()), m_headers(sessionImpl.GetHeaders()),
m_dataSize(0), m_dataSize(0),
m_peerVerifyDisabled(false),
m_session(session), m_session(session),
m_handler(handler), m_handler(handler),
m_id(id), m_id(id),
@@ -516,6 +517,18 @@ wxWebRequestHandle wxWebRequest::GetNativeHandle() const
return m_impl ? m_impl->GetNativeHandle() : NULL; return m_impl ? m_impl->GetNativeHandle() : NULL;
} }
void wxWebRequest::DisablePeerVerify(bool disable)
{
m_impl->DisablePeerVerify(disable);
}
bool wxWebRequest::IsPeerVerifyDisabled()
{
return m_impl->IsPeerVerifyDisabled();
}
// //
// wxWebAuthChallenge // wxWebAuthChallenge

3
src/common/webrequest_curl.cpp
View File

@@ -247,6 +247,9 @@ void wxWebRequestCURL::Start()
} }
curl_easy_setopt(m_handle, CURLOPT_HTTPHEADER, m_headerList); curl_easy_setopt(m_handle, CURLOPT_HTTPHEADER, m_headerList);
if ( IsPeerVerifyDisabled() )
curl_easy_setopt(m_handle, CURLOPT_SSL_VERIFYPEER, 0);
StartRequest(); StartRequest();
} }

10
src/msw/webrequest_winhttp.cpp
View File

@@ -364,6 +364,16 @@ void wxWebRequestWinHTTP::Start()
return; return;
} }
if ( IsPeerVerifyDisabled() )
{
wxWinHTTPSetOption(m_request, WINHTTP_OPTION_SECURITY_FLAGS,
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA |
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE
);
}
SendRequest(); SendRequest();
} }

6
src/osx/webrequest_urlsession.mm
View File

@@ -150,6 +150,12 @@
*request *request
)); ));
} }
else if ( authMethod == NSURLAuthenticationMethodServerTrust )
{
if (request->IsPeerVerifyDisabled())
completionHandler(NSURLSessionAuthChallengeUseCredential,
[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
}
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil); completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
} }

21
tests/net/webrequest.cpp
View File

@@ -262,6 +262,27 @@ TEST_CASE_METHOD(RequestFixture,
Run(wxWebRequest::State_Failed, 0); Run(wxWebRequest::State_Failed, 0);
} }
TEST_CASE_METHOD(RequestFixture,
"WebRequest::SSL::Error", "[net][webrequest][error]")
{
if (!InitBaseURL())
return;
CreateAbs("https://self-signed.badssl.com/");
Run(wxWebRequest::State_Failed, 0);
}
TEST_CASE_METHOD(RequestFixture,
"WebRequest::SSL::Ignore", "[net][webrequest]")
{
if (!InitBaseURL())
return;
CreateAbs("https://self-signed.badssl.com/");
request.DisablePeerVerify();
Run(wxWebRequest::State_Completed, 200);
}
TEST_CASE_METHOD(RequestFixture, TEST_CASE_METHOD(RequestFixture,
"WebRequest::Post", "[net][webrequest]") "WebRequest::Post", "[net][webrequest]")
{ {