Skip to content

Commit e98bb16

Browse files
karlseguinkarlseguin
authored
Merge pull request #1259 from lightpanda-io/cdp-security-ignore-cert-err-backport
cdp: implement Security.setIgnoreCertificateErrors
2 parents 47b4b68 + 6a09866 commit e98bb16

File tree

2 files changed

+83
-0
lines changed

2 files changed

+83
-0
lines changed

src/cdp/domains/security.zig

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,48 @@ const std = @import("std");
2121
pub fn processMessage(cmd: anytype) !void {
2222
const action = std.meta.stringToEnum(enum {
2323
enable,
24+
setIgnoreCertificateErrors,
2425
}, cmd.input.action) orelse return error.UnknownMethod;
2526

2627
switch (action) {
2728
.enable => return cmd.sendResult(null, .{}),
29+
.setIgnoreCertificateErrors => return setIgnoreCertificateErrors(cmd),
2830
}
2931
}
32+
33+
fn setIgnoreCertificateErrors(cmd: anytype) !void {
34+
const params = (try cmd.params(struct {
35+
ignore: bool,
36+
})) orelse return error.InvalidParams;
37+
38+
if (params.ignore) {
39+
try cmd.cdp.browser.http_client.disableTlsVerify();
40+
} else {
41+
try cmd.cdp.browser.http_client.enableTlsVerify();
42+
}
43+
44+
return cmd.sendResult(null, .{});
45+
}
46+
47+
const testing = @import("../testing.zig");
48+
49+
test "cdp.Security: setIgnoreCertificateErrors" {
50+
var ctx = testing.context();
51+
defer ctx.deinit();
52+
53+
_ = try ctx.loadBrowserContext(.{ .id = "BID-9" });
54+
55+
try ctx.processMessage(.{
56+
.id = 8,
57+
.method = "Security.setIgnoreCertificateErrors",
58+
.params = .{ .ignore = true },
59+
});
60+
try ctx.expectSentResult(null, .{ .id = 8 });
61+
62+
try ctx.processMessage(.{
63+
.id = 9,
64+
.method = "Security.setIgnoreCertificateErrors",
65+
.params = .{ .ignore = false },
66+
});
67+
try ctx.expectSentResult(null, .{ .id = 9 });
68+
}

src/http/Client.zig

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,11 @@ notification: ?*Notification = null,
9292
// restoring, this originally-configured value is what it goes to.
9393
http_proxy: ?[:0]const u8 = null,
9494

95+
// track if the client use a proxy for connections.
96+
// We can't use http_proxy because we want also to track proxy configured via
97+
// CDP.
98+
use_proxy: bool,
99+
95100
// The complete user-agent header line
96101
user_agent: [:0]const u8,
97102

@@ -125,6 +130,7 @@ pub fn init(allocator: Allocator, ca_blob: ?c.curl_blob, opts: Http.Opts) !*Clie
125130
.handles = handles,
126131
.allocator = allocator,
127132
.http_proxy = opts.http_proxy,
133+
.use_proxy = opts.http_proxy != null,
128134
.user_agent = opts.user_agent,
129135
.transfer_pool = transfer_pool,
130136
};
@@ -308,6 +314,7 @@ pub fn changeProxy(self: *Client, proxy: [:0]const u8) !void {
308314
for (self.handles.handles) |*h| {
309315
try errorCheck(c.curl_easy_setopt(h.conn.easy, c.CURLOPT_PROXY, proxy.ptr));
310316
}
317+
self.use_proxy = true;
311318
}
312319

313320
// Same restriction as changeProxy. Should be ok since this is only called on
@@ -319,6 +326,43 @@ pub fn restoreOriginalProxy(self: *Client) !void {
319326
for (self.handles.handles) |*h| {
320327
try errorCheck(c.curl_easy_setopt(h.conn.easy, c.CURLOPT_PROXY, proxy));
321328
}
329+
self.use_proxy = proxy != null;
330+
}
331+
332+
// Enable TLS verification on all connections.
333+
pub fn enableTlsVerify(self: *const Client) !void {
334+
// Remove inflight connections check on enable TLS b/c chromiumoxide calls
335+
// the command during navigate and Curl seems to accept it...
336+
337+
for (self.handles.handles) |*h| {
338+
const easy = h.conn.easy;
339+
340+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYHOST, @as(c_long, 2)));
341+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYPEER, @as(c_long, 1)));
342+
343+
if (self.use_proxy) {
344+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYHOST, @as(c_long, 2)));
345+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYPEER, @as(c_long, 1)));
346+
}
347+
}
348+
}
349+
350+
// Disable TLS verification on all connections.
351+
pub fn disableTlsVerify(self: *const Client) !void {
352+
// Remove inflight connections check on disable TLS b/c chromiumoxide calls
353+
// the command during navigate and Curl seems to accept it...
354+
355+
for (self.handles.handles) |*h| {
356+
const easy = h.conn.easy;
357+
358+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYHOST, @as(c_long, 0)));
359+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYPEER, @as(c_long, 0)));
360+
361+
if (self.use_proxy) {
362+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYHOST, @as(c_long, 0)));
363+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYPEER, @as(c_long, 0)));
364+
}
365+
}
322366
}
323367

324368
fn makeRequest(self: *Client, handle: *Handle, transfer: *Transfer) !void {

0 commit comments

Comments
 (0)