Merge branch 'webrequest_additions' of git://github.com/TcT2k/wxWidgets

wxWebRequest improvements: add DisablePeerVerify(), improve documentation. See https://github.com/wxWidgets/wxWidgets/pull/2175
2021-01-21 00:44:37 +01:00
parent e7ff76d762 4727693584
commit 7911fdc253
10 changed files with 99 additions and 3 deletions
--- a/src/common/webrequest.cpp
+++ b/src/common/webrequest.cpp
@@ -62,6 +62,7 @@ wxWebRequestImpl::wxWebRequestImpl(wxWebSession& session,
    : m_storage(wxWebRequest::Storage_Memory),
      m_headers(sessionImpl.GetHeaders()),
      m_dataSize(0),
+      m_peerVerifyDisabled(false),
      m_session(session),
      m_handler(handler),
      m_id(id),
@@ -516,6 +517,18 @@ wxWebRequestHandle wxWebRequest::GetNativeHandle() const
    return m_impl ? m_impl->GetNativeHandle() : NULL;
 }

+void wxWebRequest::DisablePeerVerify(bool disable)
+{
+    m_impl->DisablePeerVerify(disable);
+}
+
+bool wxWebRequest::IsPeerVerifyDisabled() const
+{
+    return m_impl->IsPeerVerifyDisabled();
+}
+
+
+

 //
 // wxWebAuthChallenge
--- a/src/common/webrequest_curl.cpp
+++ b/src/common/webrequest_curl.cpp
@@ -247,6 +247,9 @@ void wxWebRequestCURL::Start()
    }
    curl_easy_setopt(m_handle, CURLOPT_HTTPHEADER, m_headerList);

+    if ( IsPeerVerifyDisabled() )
+        curl_easy_setopt(m_handle, CURLOPT_SSL_VERIFYPEER, 0);
+
    StartRequest();
 }

@@ -468,7 +471,7 @@ wxThread::ExitCode wxWebSessionCURL::Entry()
    {
        // Handle cancelled requests
        {
-            wxCriticalSectionLocker lock(m_cancelled.cs);
+            wxCriticalSectionLocker cancelledLock(m_cancelled.cs);
            while ( !m_cancelled.requests.empty() )
            {
                wxObjectDataPtr<wxWebRequestCURL> request(m_cancelled.requests.back());
--- a/src/msw/webrequest_winhttp.cpp
+++ b/src/msw/webrequest_winhttp.cpp
@@ -364,6 +364,16 @@ void wxWebRequestWinHTTP::Start()
        return;
    }

+    if ( IsPeerVerifyDisabled() )
+    {
+        wxWinHTTPSetOption(m_request, WINHTTP_OPTION_SECURITY_FLAGS,
+            SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
+            SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+            SECURITY_FLAG_IGNORE_UNKNOWN_CA |
+            SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE
+        );
+    }
+
    SendRequest();
 }

--- a/src/osx/webrequest_urlsession.mm
+++ b/src/osx/webrequest_urlsession.mm
@@ -150,6 +150,12 @@
            *request
        ));
    }
+    else if ( authMethod == NSURLAuthenticationMethodServerTrust )
+    {
+        if (request->IsPeerVerifyDisabled())
+            completionHandler(NSURLSessionAuthChallengeUseCredential,
+                              [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+    }

    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
 }