From 0b0eb52a5b2c82a4bbcc0d04d523883623124c4f Mon Sep 17 00:00:00 2001
From: Alan F <ajf@eth0.org.uk>
Date: Fri, 20 Dec 2013 21:13:54 +0000
Subject: issue 235 - optional validation of SSL certificates

---
 src/trg-client.c             | 14 +++++++++++++-
 src/trg-client.h             |  1 +
 src/trg-preferences-dialog.c |  4 ++++
 src/trg-prefs.h              |  1 +
 4 files changed, 19 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/trg-client.c b/src/trg-client.c
index f20677a..1ffde9b 100644
--- a/src/trg-client.c
+++ b/src/trg-client.c
@@ -71,6 +71,7 @@ struct _TrgClientPrivate {
     gint64 updateSerial;
     JsonObject *session;
     gboolean ssl;
+    gboolean ssl_validate;
     gdouble version;
     char *url;
     char *username;
@@ -255,6 +256,9 @@ int trg_client_populate_with_settings(TrgClient * tc)
 #ifndef CURL_NO_SSL
     priv->ssl = trg_prefs_get_bool(prefs, TRG_PREFS_KEY_SSL,
                                    TRG_PREFS_CONNECTION);
+    priv->ssl_validate = trg_prefs_get_bool(prefs, TRG_PREFS_KEY_SSL_VALIDATE,
+                                   TRG_PREFS_CONNECTION);
+
 #else
     priv->ssl = FALSE;
 #endif
@@ -377,6 +381,11 @@ gboolean trg_client_get_ssl(TrgClient * tc)
 {
     return tc->priv->ssl;
 }
+
+gboolean trg_client_get_ssl_validate(TrgClient * tc)
+{
+    return tc->priv->ssl_validate;
+}
 #endif
 
 gchar *trg_client_get_proxy(TrgClient * tc)
@@ -485,8 +494,11 @@ static void trg_tls_update(TrgClient * tc, trg_tls * tls, gint serial)
     curl_easy_setopt(tls->curl, CURLOPT_URL, trg_client_get_url(tc));
 
 #ifndef CURL_NO_SSL
-    if (trg_client_get_ssl(tc))
+    if (trg_client_get_ssl(tc) && !trg_client_get_ssl_validate(tc)) {
+
+        curl_easy_setopt(tls->curl, CURLOPT_SSL_VERIFYHOST, 0);
         curl_easy_setopt(tls->curl, CURLOPT_SSL_VERIFYPEER, 0);
+    }
 #endif
 
     proxy = trg_client_get_proxy(tc);
diff --git a/src/trg-client.h b/src/trg-client.h
index 3b7d916..a0bee33 100644
--- a/src/trg-client.h
+++ b/src/trg-client.h
@@ -141,6 +141,7 @@ gchar *trg_client_get_session_id(TrgClient * tc);
 void trg_client_set_session_id(TrgClient * tc, gchar * session_id);
 #ifndef CURL_NO_SSL
 gboolean trg_client_get_ssl(TrgClient * tc);
+gboolean trg_client_get_ssl_validate(TrgClient * tc);
 #endif
 gchar *trg_client_get_proxy(TrgClient * tc);
 gint64 trg_client_get_serial(TrgClient * tc);
diff --git a/src/trg-preferences-dialog.c b/src/trg-preferences-dialog.c
index 6e98f25..b9327c6 100644
--- a/src/trg-preferences-dialog.c
+++ b/src/trg-preferences-dialog.c
@@ -831,6 +831,10 @@ static GtkWidget *trg_prefs_serverPage(TrgPreferencesDialog * dlg)
     w = trgp_check_new(dlg, _("SSL"), TRG_PREFS_KEY_SSL, TRG_PREFS_PROFILE,
                        NULL);
     hig_workarea_add_wide_control(t, &row, w);
+    w = trgp_check_new(dlg, _("Validate SSL Certificate"), TRG_PREFS_KEY_SSL_VALIDATE, TRG_PREFS_PROFILE,
+                       w);
+    hig_workarea_add_wide_control(t, &row, w);
+
 #endif
 
     w = trgp_spin_new(dlg, TRG_PREFS_KEY_TIMEOUT, 1, 3600, 1,
diff --git a/src/trg-prefs.h b/src/trg-prefs.h
index e7a7f48..9dda148 100644
--- a/src/trg-prefs.h
+++ b/src/trg-prefs.h
@@ -41,6 +41,7 @@
 #define TRG_PREFS_KEY_PASSWORD      "password"
 #define TRG_PREFS_KEY_AUTO_CONNECT  "auto-connect"
 #define TRG_PREFS_KEY_SSL            "ssl"
+#define TRG_PREFS_KEY_SSL_VALIDATE   "ssl-validate"
 #define TRG_PREFS_KEY_TIMEOUT            "timeout"
 #define TRG_PREFS_KEY_RETRIES            "retries"
 #define TRG_PREFS_KEY_UPDATE_INTERVAL "update-interval"
-- 
cgit v1.2.3