add setting to enable certificates of HTTPS trackers

2020-03-13 12:30:03 +01:00 · 2020-03-13 12:30:03 +01:00 · 10559ed524
parent 4fd6136b2a
commit 10559ed524
4 changed files with 23 additions and 0 deletions
--- a/include/libtorrent/aux_/session_impl.hpp
+++ b/include/libtorrent/aux_/session_impl.hpp
@ -833,6 +833,7 @@ namespace aux {
 			void update_upload_rate();
 			void update_connections_limit();
 			void update_alert_mask();
+			void update_validate_https();

 			void trigger_auto_manage() override;

--- a/include/libtorrent/settings_pack.hpp
+++ b/include/libtorrent/settings_pack.hpp
@ -804,6 +804,12 @@ namespace aux {
 			// small piece sizes
 			piece_extent_affinity,

+			// when set to true, the certificate of HTTPS trackers will be
+			// validated against the system's certificate store (as defined by
+			// OpenSSL). If the system does not have one, enabling this may cause
+			// HTTPS trackers to fail.
+			validate_https_trackers,
+
 			max_bool_setting_internal
 		};

--- a/src/session_impl.cpp
+++ b/src/session_impl.cpp
@ -538,6 +538,7 @@ namespace aux {
 #ifdef TORRENT_USE_OPENSSL
 		error_code ec;
 		m_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
+		m_ssl_ctx.set_default_verify_paths(ec);
 		m_peer_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
 #if OPENSSL_VERSION_NUMBER >= 0x90812f
 		aux::openssl_set_tlsext_servername_callback(m_peer_ssl_ctx.native_handle()
@ -6606,6 +6607,20 @@ namespace {
 			static_cast<std::uint32_t>(m_settings.get_int(settings_pack::alert_mask))));
 	}

+	void session_impl::update_validate_https()
+	{
+#ifdef TORRENT_USE_OPENSSL
+		using boost::asio::ssl::context;
+		auto const flags = m_settings.get_bool(settings_pack::validate_https_trackers)
+			? context::verify_peer
+				| context::verify_fail_if_no_peer_cert
+				| context::verify_client_once
+			: context::verify_none;
+		error_code ec;
+		m_ssl_ctx.set_verify_mode(flags, ec);
+#endif
+	}
+
 	void session_impl::pop_alerts(std::vector<alert*>* alerts)
 	{
 		m_alerts.get_all(*alerts);
--- a/src/settings_pack.cpp
+++ b/src/settings_pack.cpp
@ -210,6 +210,7 @@ constexpr int CLOSE_FILE_INTERVAL = 0;
 		SET(enable_ip_notifier, true, &session_impl::update_ip_notifier),
 		SET(dht_prefer_verified_node_ids, true, &session_impl::update_dht_settings),
 		SET(piece_extent_affinity, false, nullptr),
+		SET(validate_https_trackers, false, &session_impl::update_validate_https),
 	}});

 	aux::array<int_setting_entry_t, settings_pack::num_int_settings> const int_settings