Switch to turn of SSL peer verification.

2025-11-26 22:15:52 +00:00 · 2013-02-28 11:44:30 -08:00
parent a337061084
commit ca5f3833dd
3 changed files with 14 additions and 4 deletions
--- a/src/cpp/ripple/Config.cpp
+++ b/src/cpp/ripple/Config.cpp
@@ -46,6 +46,7 @@
 #define SECTION_RPC_PASSWORD			"rpc_password"
 #define SECTION_RPC_STARTUP				"rpc_startup"
 #define SECTION_SNTP					"sntp_servers"
+#define SECTION_SSL_VERIFY				"ssl_verify"
 #define SECTION_SSL_VERIFY_FILE			"ssl_verify_file"
 #define SECTION_SSL_VERIFY_DIR			"ssl_verify_dir"
 #define SECTION_VALIDATORS_FILE			"validators_file"
@@ -239,6 +240,8 @@ Config::Config()

 	VALIDATORS_SITE			= DEFAULT_VALIDATORS_SITE;

+	SSL_VERIFY				= true;
+
 	RUN_STANDALONE			= false;
 	START_UP				= NORMAL;
 }
@@ -397,6 +400,8 @@ void Config::load()

 			sectionSingleB(secConfig, SECTION_SSL_VERIFY_FILE, SSL_VERIFY_FILE);
 			sectionSingleB(secConfig, SECTION_SSL_VERIFY_DIR, SSL_VERIFY_DIR);
+			if (sectionSingleB(secConfig, SECTION_SSL_VERIFY, strTemp))
+				SSL_VERIFY			= boost::lexical_cast<bool>(strTemp);

 			if (sectionSingleB(secConfig, SECTION_VALIDATION_SEED, strTemp))
 			{
--- a/src/cpp/ripple/Config.h
+++ b/src/cpp/ripple/Config.h
@@ -178,6 +178,7 @@ public:
 	uint32						SIGN_PROPOSAL;

 	boost::asio::ssl::context	SSL_CONTEXT;			// Generic SSL context.
+	bool						SSL_VERIFY;
 	std::string					SSL_VERIFY_FILE;
 	std::string					SSL_VERIFY_DIR;

--- a/src/cpp/ripple/HttpsClient.cpp
+++ b/src/cpp/ripple/HttpsClient.cpp
@@ -34,6 +34,8 @@ HttpsClient::HttpsClient(
 		mResponseMax(responseMax),
 		mDeadline(io_service)
 {
+	if (!theConfig.SSL_VERIFY)
+		mSocket.SSLSocket().set_verify_mode(boost::asio::ssl::verify_none);
 }

 void HttpsClient::makeGet(const std::string& strPath, boost::asio::streambuf& sb, const std::string& strHost)
@@ -206,11 +208,13 @@ void HttpsClient::handleConnect(const boost::system::error_code& ecResult)
 	{
 		cLog(lsTRACE) << "Connected.";

-		mShutdown	= mSocket.verify(mDeqSites[0]);
-
-	    if (mShutdown)
+		if (theConfig.SSL_VERIFY)
 		{
-			cLog(lsTRACE) << "set_verify_callback: " << mDeqSites[0] << ": " << mShutdown.message();
+			mShutdown	= mSocket.verify(mDeqSites[0]);
+		    if (mShutdown)
+			{
+				cLog(lsTRACE) << "set_verify_callback: " << mDeqSites[0] << ": " << mShutdown.message();
+			}
 		}
 	}