From ca5f3833dd8c889d9d2c3f22f5efaf839c44ec41 Mon Sep 17 00:00:00 2001
From: JoelKatz <DavidJoelSchwartz@GMail.com>
Date: Thu, 28 Feb 2013 11:44:30 -0800
Subject: [PATCH] Switch to turn of SSL peer verification.

---
 src/cpp/ripple/Config.cpp      |  5 +++++
 src/cpp/ripple/Config.h        |  1 +
 src/cpp/ripple/HttpsClient.cpp | 12 ++++++++----
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/cpp/ripple/Config.cpp b/src/cpp/ripple/Config.cpp
index 169cb4236e..f26e9274bc 100644
--- a/src/cpp/ripple/Config.cpp
+++ b/src/cpp/ripple/Config.cpp
@@ -46,6 +46,7 @@
 #define SECTION_RPC_PASSWORD			"rpc_password"
 #define SECTION_RPC_STARTUP				"rpc_startup"
 #define SECTION_SNTP					"sntp_servers"
+#define SECTION_SSL_VERIFY				"ssl_verify"
 #define SECTION_SSL_VERIFY_FILE			"ssl_verify_file"
 #define SECTION_SSL_VERIFY_DIR			"ssl_verify_dir"
 #define SECTION_VALIDATORS_FILE			"validators_file"
@@ -239,6 +240,8 @@ Config::Config()
 
 	VALIDATORS_SITE			= DEFAULT_VALIDATORS_SITE;
 
+	SSL_VERIFY				= true;
+
 	RUN_STANDALONE			= false;
 	START_UP				= NORMAL;
 }
@@ -397,6 +400,8 @@ void Config::load()
 
 			sectionSingleB(secConfig, SECTION_SSL_VERIFY_FILE, SSL_VERIFY_FILE);
 			sectionSingleB(secConfig, SECTION_SSL_VERIFY_DIR, SSL_VERIFY_DIR);
+			if (sectionSingleB(secConfig, SECTION_SSL_VERIFY, strTemp))
+				SSL_VERIFY			= boost::lexical_cast<bool>(strTemp);
 
 			if (sectionSingleB(secConfig, SECTION_VALIDATION_SEED, strTemp))
 			{
diff --git a/src/cpp/ripple/Config.h b/src/cpp/ripple/Config.h
index 96e9eebe92..7d1a420c8b 100644
--- a/src/cpp/ripple/Config.h
+++ b/src/cpp/ripple/Config.h
@@ -178,6 +178,7 @@ public:
 	uint32						SIGN_PROPOSAL;
 
 	boost::asio::ssl::context	SSL_CONTEXT;			// Generic SSL context.
+	bool						SSL_VERIFY;
 	std::string					SSL_VERIFY_FILE;
 	std::string					SSL_VERIFY_DIR;
 
diff --git a/src/cpp/ripple/HttpsClient.cpp b/src/cpp/ripple/HttpsClient.cpp
index fb05bf381a..4cbb32ea15 100644
--- a/src/cpp/ripple/HttpsClient.cpp
+++ b/src/cpp/ripple/HttpsClient.cpp
@@ -34,6 +34,8 @@ HttpsClient::HttpsClient(
 		mResponseMax(responseMax),
 		mDeadline(io_service)
 {
+	if (!theConfig.SSL_VERIFY)
+		mSocket.SSLSocket().set_verify_mode(boost::asio::ssl::verify_none);
 }
 
 void HttpsClient::makeGet(const std::string& strPath, boost::asio::streambuf& sb, const std::string& strHost)
@@ -206,11 +208,13 @@ void HttpsClient::handleConnect(const boost::system::error_code& ecResult)
 	{
 		cLog(lsTRACE) << "Connected.";
 
-		mShutdown	= mSocket.verify(mDeqSites[0]);
-
-	    if (mShutdown)
+		if (theConfig.SSL_VERIFY)
 		{
-			cLog(lsTRACE) << "set_verify_callback: " << mDeqSites[0] << ": " << mShutdown.message();
+			mShutdown	= mSocket.verify(mDeqSites[0]);
+		    if (mShutdown)
+			{
+				cLog(lsTRACE) << "set_verify_callback: " << mDeqSites[0] << ": " << mShutdown.message();
+			}
 		}
 	}