Fossil SCM
Add the (undocumented) --accept-any-cert option to networking commands.
Commit
11bebbece21c6960de35b2f9f349d111df83d4e53830bb45fb6b873e134d1a92
Parent
9f8dc18f702a349…
1 file changed
+15
-3
+15
-3
| --- src/url.c | ||
| +++ src/url.c | ||
| @@ -360,18 +360,30 @@ | ||
| 360 | 360 | /* |
| 361 | 361 | ** Extract any proxy options from the command-line. |
| 362 | 362 | ** |
| 363 | 363 | ** --proxy URL|off |
| 364 | 364 | ** |
| 365 | -** This also happens to be a convenient function to use to look for | |
| 366 | -** the --nosync option that will temporarily disable the "autosync" | |
| 367 | -** feature. | |
| 365 | +** The original purpose of this routine is the above. But this | |
| 366 | +** also happens to be a convenient place to look for other | |
| 367 | +** network-related options: | |
| 368 | +** | |
| 369 | +** --nosync Temporarily disable "autosync" | |
| 370 | +** | |
| 371 | +** --ipv4 Disallow IPv6. Use only IPv4. | |
| 372 | +** | |
| 373 | +** --accept-any-cert Disable server SSL cert validation. Accept | |
| 374 | +** any SSL cert that the server provides. | |
| 375 | +** WARNING: this option opens you up to | |
| 376 | +** forged-DNS and man-in-the-middle attacks! | |
| 368 | 377 | */ |
| 369 | 378 | void url_proxy_options(void){ |
| 370 | 379 | zProxyOpt = find_option("proxy", 0, 1); |
| 371 | 380 | if( find_option("nosync",0,0) ) g.fNoSync = 1; |
| 372 | 381 | if( find_option("ipv4",0,0) ) g.fIPv4 = 1; |
| 382 | + if( find_option("accept-any-cert",0,0) ){ | |
| 383 | + ssl_disable_cert_verification(); | |
| 384 | + } | |
| 373 | 385 | } |
| 374 | 386 | |
| 375 | 387 | /* |
| 376 | 388 | ** If the "proxy" setting is defined, then change the URL settings |
| 377 | 389 | ** (initialized by a prior call to url_parse()) so that the HTTP |
| 378 | 390 |
| --- src/url.c | |
| +++ src/url.c | |
| @@ -360,18 +360,30 @@ | |
| 360 | /* |
| 361 | ** Extract any proxy options from the command-line. |
| 362 | ** |
| 363 | ** --proxy URL|off |
| 364 | ** |
| 365 | ** This also happens to be a convenient function to use to look for |
| 366 | ** the --nosync option that will temporarily disable the "autosync" |
| 367 | ** feature. |
| 368 | */ |
| 369 | void url_proxy_options(void){ |
| 370 | zProxyOpt = find_option("proxy", 0, 1); |
| 371 | if( find_option("nosync",0,0) ) g.fNoSync = 1; |
| 372 | if( find_option("ipv4",0,0) ) g.fIPv4 = 1; |
| 373 | } |
| 374 | |
| 375 | /* |
| 376 | ** If the "proxy" setting is defined, then change the URL settings |
| 377 | ** (initialized by a prior call to url_parse()) so that the HTTP |
| 378 |
| --- src/url.c | |
| +++ src/url.c | |
| @@ -360,18 +360,30 @@ | |
| 360 | /* |
| 361 | ** Extract any proxy options from the command-line. |
| 362 | ** |
| 363 | ** --proxy URL|off |
| 364 | ** |
| 365 | ** The original purpose of this routine is the above. But this |
| 366 | ** also happens to be a convenient place to look for other |
| 367 | ** network-related options: |
| 368 | ** |
| 369 | ** --nosync Temporarily disable "autosync" |
| 370 | ** |
| 371 | ** --ipv4 Disallow IPv6. Use only IPv4. |
| 372 | ** |
| 373 | ** --accept-any-cert Disable server SSL cert validation. Accept |
| 374 | ** any SSL cert that the server provides. |
| 375 | ** WARNING: this option opens you up to |
| 376 | ** forged-DNS and man-in-the-middle attacks! |
| 377 | */ |
| 378 | void url_proxy_options(void){ |
| 379 | zProxyOpt = find_option("proxy", 0, 1); |
| 380 | if( find_option("nosync",0,0) ) g.fNoSync = 1; |
| 381 | if( find_option("ipv4",0,0) ) g.fIPv4 = 1; |
| 382 | if( find_option("accept-any-cert",0,0) ){ |
| 383 | ssl_disable_cert_verification(); |
| 384 | } |
| 385 | } |
| 386 | |
| 387 | /* |
| 388 | ** If the "proxy" setting is defined, then change the URL settings |
| 389 | ** (initialized by a prior call to url_parse()) so that the HTTP |
| 390 |