add setting to enable certificates of HTTPS trackers
This commit is contained in:
parent
4fd6136b2a
commit
10559ed524
|
@ -833,6 +833,7 @@ namespace aux {
|
||||||
void update_upload_rate();
|
void update_upload_rate();
|
||||||
void update_connections_limit();
|
void update_connections_limit();
|
||||||
void update_alert_mask();
|
void update_alert_mask();
|
||||||
|
void update_validate_https();
|
||||||
|
|
||||||
void trigger_auto_manage() override;
|
void trigger_auto_manage() override;
|
||||||
|
|
||||||
|
|
|
@ -804,6 +804,12 @@ namespace aux {
|
||||||
// small piece sizes
|
// small piece sizes
|
||||||
piece_extent_affinity,
|
piece_extent_affinity,
|
||||||
|
|
||||||
|
// when set to true, the certificate of HTTPS trackers will be
|
||||||
|
// validated against the system's certificate store (as defined by
|
||||||
|
// OpenSSL). If the system does not have one, enabling this may cause
|
||||||
|
// HTTPS trackers to fail.
|
||||||
|
validate_https_trackers,
|
||||||
|
|
||||||
max_bool_setting_internal
|
max_bool_setting_internal
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -538,6 +538,7 @@ namespace aux {
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
#ifdef TORRENT_USE_OPENSSL
|
||||||
error_code ec;
|
error_code ec;
|
||||||
m_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
|
m_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
|
||||||
|
m_ssl_ctx.set_default_verify_paths(ec);
|
||||||
m_peer_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
|
m_peer_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec);
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x90812f
|
#if OPENSSL_VERSION_NUMBER >= 0x90812f
|
||||||
aux::openssl_set_tlsext_servername_callback(m_peer_ssl_ctx.native_handle()
|
aux::openssl_set_tlsext_servername_callback(m_peer_ssl_ctx.native_handle()
|
||||||
|
@ -6606,6 +6607,20 @@ namespace {
|
||||||
static_cast<std::uint32_t>(m_settings.get_int(settings_pack::alert_mask))));
|
static_cast<std::uint32_t>(m_settings.get_int(settings_pack::alert_mask))));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void session_impl::update_validate_https()
|
||||||
|
{
|
||||||
|
#ifdef TORRENT_USE_OPENSSL
|
||||||
|
using boost::asio::ssl::context;
|
||||||
|
auto const flags = m_settings.get_bool(settings_pack::validate_https_trackers)
|
||||||
|
? context::verify_peer
|
||||||
|
| context::verify_fail_if_no_peer_cert
|
||||||
|
| context::verify_client_once
|
||||||
|
: context::verify_none;
|
||||||
|
error_code ec;
|
||||||
|
m_ssl_ctx.set_verify_mode(flags, ec);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
void session_impl::pop_alerts(std::vector<alert*>* alerts)
|
void session_impl::pop_alerts(std::vector<alert*>* alerts)
|
||||||
{
|
{
|
||||||
m_alerts.get_all(*alerts);
|
m_alerts.get_all(*alerts);
|
||||||
|
|
|
@ -210,6 +210,7 @@ constexpr int CLOSE_FILE_INTERVAL = 0;
|
||||||
SET(enable_ip_notifier, true, &session_impl::update_ip_notifier),
|
SET(enable_ip_notifier, true, &session_impl::update_ip_notifier),
|
||||||
SET(dht_prefer_verified_node_ids, true, &session_impl::update_dht_settings),
|
SET(dht_prefer_verified_node_ids, true, &session_impl::update_dht_settings),
|
||||||
SET(piece_extent_affinity, false, nullptr),
|
SET(piece_extent_affinity, false, nullptr),
|
||||||
|
SET(validate_https_trackers, false, &session_impl::update_validate_https),
|
||||||
}});
|
}});
|
||||||
|
|
||||||
aux::array<int_setting_entry_t, settings_pack::num_int_settings> const int_settings
|
aux::array<int_setting_entry_t, settings_pack::num_int_settings> const int_settings
|
||||||
|
|
Loading…
Reference in New Issue