Merge pull request qbittorrent#21364 from sledgehammer999/dont_ignore_ssl_errors

Don't ignore SSL errors

Author: sledgehammer999

src/base/net/downloadmanager.cpp

@@ -148,10 +148,20 @@ Net::DownloadManager::DownloadManager(QObject *parent)
         QStringList errorList;
         for (const QSslError &error : errors)
             errorList += error.errorString();
-        LogMsg(tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"").arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
 
-        // Ignore all SSL errors
-        reply->ignoreSslErrors();
+        QString errorMsg;
+        if (!Preferences::instance()->isIgnoreSSLErrors())
+        {
+            errorMsg = tr("SSL error, URL: \"%1\", errors: \"%2\"");
+        }
+        else
+        {
+            errorMsg = tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"");
+            // Ignore all SSL errors
+            reply->ignoreSslErrors();
+        }
+
+        LogMsg(errorMsg.arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
     });
 
     connect(ProxyConfigurationManager::instance(), &ProxyConfigurationManager::proxyConfigurationChanged

src/base/preferences.cpp

@@ -1343,6 +1343,19 @@ void Preferences::setMarkOfTheWebEnabled(const bool enabled)
     setValue(u"Preferences/Advanced/markOfTheWeb"_s, enabled);
 }
 
+bool Preferences::isIgnoreSSLErrors() const
+{
+    return value(u"Preferences/Advanced/IgnoreSSLErrors"_s, false);
+}
+
+void Preferences::setIgnoreSSLErrors(const bool enabled)
+{
+    if (enabled == isIgnoreSSLErrors())
+        return;
+
+    setValue(u"Preferences/Advanced/IgnoreSSLErrors"_s, enabled);
+}
+
 Path Preferences::getPythonExecutablePath() const
 {
     return value(u"Preferences/Search/pythonExecutablePath"_s, Path());

src/base/preferences.h

@@ -295,6 +295,8 @@ class Preferences final : public QObject
     void setTrackerPortForwardingEnabled(bool enabled);
     bool isMarkOfTheWebEnabled() const;
     void setMarkOfTheWebEnabled(bool enabled);
+    bool isIgnoreSSLErrors() const;
+    void setIgnoreSSLErrors(bool enabled);
     Path getPythonExecutablePath() const;
     void setPythonExecutablePath(const Path &path);
 #if defined(Q_OS_WIN) || defined(Q_OS_MACOS)

src/gui/advancedsettings.cpp

@@ -107,6 +107,7 @@ namespace
 #if defined(Q_OS_MACOS) || defined(Q_OS_WIN)
         ENABLE_MARK_OF_THE_WEB,
 #endif // Q_OS_MACOS || Q_OS_WIN
+        IGNORE_SSL_ERRORS,
         PYTHON_EXECUTABLE_PATH,
         START_SESSION_PAUSED,
         SESSION_SHUTDOWN_TIMEOUT,
@@ -336,6 +337,8 @@ void AdvancedSettings::saveAdvancedSettings() const
     // Mark-of-the-Web
     pref->setMarkOfTheWebEnabled(m_checkBoxMarkOfTheWeb.isChecked());
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Ignore SSL errors
+    pref->setIgnoreSSLErrors(m_checkBoxIgnoreSSLErrors.isChecked());
     // Python executable path
     pref->setPythonExecutablePath(Path(m_pythonExecutablePath.text().trimmed()));
     // Start session paused
@@ -865,6 +868,10 @@ void AdvancedSettings::loadAdvancedSettings()
     m_checkBoxMarkOfTheWeb.setChecked(pref->isMarkOfTheWebEnabled());
     addRow(ENABLE_MARK_OF_THE_WEB, motwLabel, &m_checkBoxMarkOfTheWeb);
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Ignore SSL errors
+    m_checkBoxIgnoreSSLErrors.setChecked(pref->isIgnoreSSLErrors());
+    m_checkBoxIgnoreSSLErrors.setToolTip(tr("Affects certificate validation and non-torrent protocol activities (e.g. RSS feeds, program updates, torrent files, geoip db, etc)"));
+    addRow(IGNORE_SSL_ERRORS, tr("Ignore SSL errors"), &m_checkBoxIgnoreSSLErrors);
     // Python executable path
     m_pythonExecutablePath.setPlaceholderText(tr("(Auto detect if empty)"));
     m_pythonExecutablePath.setText(pref->getPythonExecutablePath().toString());

src/gui/advancedsettings.h

@@ -77,9 +77,10 @@ private slots:
              m_spinBoxSavePathHistoryLength, m_spinBoxPeerTurnover, m_spinBoxPeerTurnoverCutoff, m_spinBoxPeerTurnoverInterval, m_spinBoxRequestQueueSize;
     QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts,
               m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxReannounceWhenAddressChanged, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus,
-              m_checkBoxTrackerPortForwarding, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers,
-              m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity,
-              m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents, m_checkBoxStartSessionPaused;
+              m_checkBoxTrackerPortForwarding, m_checkBoxIgnoreSSLErrors, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers,
+              m_checkBoxAnnounceAllTiers, m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts,
+              m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents,
+              m_checkBoxStartSessionPaused;
     QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxDiskIOReadMode, m_comboBoxDiskIOWriteMode, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm,
               m_comboBoxSeedChokingAlgorithm, m_comboBoxResumeDataStorage, m_comboBoxTorrentContentRemoveOption;
     QLineEdit m_lineEditAppInstanceName, m_pythonExecutablePath, m_lineEditAnnounceIP, m_lineEditDHTBootstrapNodes;

src/webui/api/appcontroller.cpp

@@ -389,6 +389,16 @@ void AppController::preferencesAction()
     data[u"resolve_peer_countries"_s] = pref->resolvePeerCountries();
     // Reannounce to all trackers when ip/port changed
     data[u"reannounce_when_address_changed"_s] = session->isReannounceWhenAddressChangedEnabled();
+    // Embedded tracker
+    data[u"enable_embedded_tracker"_s] = session->isTrackerEnabled();
+    data[u"embedded_tracker_port"_s] = pref->getTrackerPort();
+    data[u"embedded_tracker_port_forwarding"_s] = pref->isTrackerPortForwardingEnabled();
+    // Mark-of-the-Web
+    data[u"mark_of_the_web"_s] = pref->isMarkOfTheWebEnabled();
+    // Ignore SSL errors
+    data[u"ignore_ssl_errors"_s] = pref->isIgnoreSSLErrors();
+    // Python executable path
+    data[u"python_executable_path"_s] = pref->getPythonExecutablePath().toString();
 
     // libtorrent preferences
     // Bdecode depth limit
@@ -451,14 +461,6 @@ void AppController::preferencesAction()
     data[u"ssrf_mitigation"_s] = session->isSSRFMitigationEnabled();
     // Disallow connection to peers on privileged ports
     data[u"block_peers_on_privileged_ports"_s] = session->blockPeersOnPrivilegedPorts();
-    // Embedded tracker
-    data[u"enable_embedded_tracker"_s] = session->isTrackerEnabled();
-    data[u"embedded_tracker_port"_s] = pref->getTrackerPort();
-    data[u"embedded_tracker_port_forwarding"_s] = pref->isTrackerPortForwardingEnabled();
-    // Mark-of-the-Web
-    data[u"mark_of_the_web"_s] = pref->isMarkOfTheWebEnabled();
-    // Python executable path
-    data[u"python_executable_path"_s] = pref->getPythonExecutablePath().toString();
     // Choking algorithm
     data[u"upload_slots_behavior"_s] = static_cast<int>(session->chokingAlgorithm());
     // Seed choking algorithm
@@ -1006,6 +1008,22 @@ void AppController::setPreferencesAction()
     // Reannounce to all trackers when ip/port changed
     if (hasKey(u"reannounce_when_address_changed"_s))
         session->setReannounceWhenAddressChangedEnabled(it.value().toBool());
+    // Embedded tracker
+    if (hasKey(u"embedded_tracker_port"_s))
+        pref->setTrackerPort(it.value().toInt());
+    if (hasKey(u"embedded_tracker_port_forwarding"_s))
+        pref->setTrackerPortForwardingEnabled(it.value().toBool());
+    if (hasKey(u"enable_embedded_tracker"_s))
+        session->setTrackerEnabled(it.value().toBool());
+    // Mark-of-the-Web
+    if (hasKey(u"mark_of_the_web"_s))
+        pref->setMarkOfTheWebEnabled(it.value().toBool());
+    // Ignore SLL errors
+    if (hasKey(u"ignore_ssl_errors"_s))
+        pref->setIgnoreSSLErrors(it.value().toBool());
+    // Python executable path
+    if (hasKey(u"python_executable_path"_s))
+        pref->setPythonExecutablePath(Path(it.value().toString()));
 
     // libtorrent preferences
     // Bdecode depth limit
@@ -1100,19 +1118,6 @@ void AppController::setPreferencesAction()
     // Disallow connection to peers on privileged ports
     if (hasKey(u"block_peers_on_privileged_ports"_s))
         session->setBlockPeersOnPrivilegedPorts(it.value().toBool());
-    // Embedded tracker
-    if (hasKey(u"embedded_tracker_port"_s))
-        pref->setTrackerPort(it.value().toInt());
-    if (hasKey(u"embedded_tracker_port_forwarding"_s))
-        pref->setTrackerPortForwardingEnabled(it.value().toBool());
-    if (hasKey(u"enable_embedded_tracker"_s))
-        session->setTrackerEnabled(it.value().toBool());
-    // Mark-of-the-Web
-    if (hasKey(u"mark_of_the_web"_s))
-        pref->setMarkOfTheWebEnabled(it.value().toBool());
-    // Python executable path
-    if (hasKey(u"python_executable_path"_s))
-        pref->setPythonExecutablePath(Path(it.value().toString()));
     // Choking algorithm
     if (hasKey(u"upload_slots_behavior"_s))
         session->setChokingAlgorithm(static_cast<BitTorrent::ChokingAlgorithm>(it.value().toInt()));

src/webui/www/private/views/preferences.html

@@ -1248,6 +1248,14 @@
                         <input type="checkbox" id="markOfTheWeb">
                     </td>
                 </tr>
+                <tr>
+                    <td>
+                        <label for="ignoreSSLErrors">QBT_TR(Ignore SSL errors:)QBT_TR[CONTEXT=OptionsDialog]</label>
+                    </td>
+                    <td>
+                        <input type="checkbox" id="ignoreSSLErrors">
+                    </td>
+                </tr>
                 <tr>
                     <td>
                         <label for="pythonExecutablePath">QBT_TR(Python executable path (may require restart):)QBT_TR[CONTEXT=OptionsDialog]</label>
@@ -2479,6 +2487,12 @@
                     $("refreshInterval").value = pref.refresh_interval;
                     $("resolvePeerCountries").checked = pref.resolve_peer_countries;
                     $("reannounceWhenAddressChanged").checked = pref.reannounce_when_address_changed;
+                    $("enableEmbeddedTracker").checked = pref.enable_embedded_tracker;
+                    $("embeddedTrackerPort").value = pref.embedded_tracker_port;
+                    $("embeddedTrackerPortForwarding").checked = pref.embedded_tracker_port_forwarding;
+                    $("markOfTheWeb").checked = pref.mark_of_the_web;
+                    $("ignoreSSLErrors").checked = pref.ignore_ssl_errors;
+                    $("pythonExecutablePath").value = pref.python_executable_path;
                     // libtorrent section
                     $("bdecodeDepthLimit").value = pref.bdecode_depth_limit;
                     $("bdecodeTokenLimit").value = pref.bdecode_token_limit;
@@ -2512,11 +2526,6 @@
                     $("validateHTTPSTrackerCertificate").checked = pref.validate_https_tracker_certificate;
                     $("mitigateSSRF").checked = pref.ssrf_mitigation;
                     $("blockPeersOnPrivilegedPorts").checked = pref.block_peers_on_privileged_ports;
-                    $("enableEmbeddedTracker").checked = pref.enable_embedded_tracker;
-                    $("embeddedTrackerPort").value = pref.embedded_tracker_port;
-                    $("embeddedTrackerPortForwarding").checked = pref.embedded_tracker_port_forwarding;
-                    $("markOfTheWeb").checked = pref.mark_of_the_web;
-                    $("pythonExecutablePath").value = pref.python_executable_path;
                     $("uploadSlotsBehavior").value = pref.upload_slots_behavior;
                     $("uploadChokingAlgorithm").value = pref.upload_choking_algorithm;
                     $("announceAllTrackers").checked = pref.announce_to_all_trackers;
@@ -2936,6 +2945,12 @@
             settings["refresh_interval"] = Number($("refreshInterval").value);
             settings["resolve_peer_countries"] = $("resolvePeerCountries").checked;
             settings["reannounce_when_address_changed"] = $("reannounceWhenAddressChanged").checked;
+            settings["enable_embedded_tracker"] = $("enableEmbeddedTracker").checked;
+            settings["embedded_tracker_port"] = Number($("embeddedTrackerPort").value);
+            settings["embedded_tracker_port_forwarding"] = $("embeddedTrackerPortForwarding").checked;
+            settings["mark_of_the_web"] = $("markOfTheWeb").checked;
+            settings["ignore_ssl_errors"] = $("ignoreSSLErrors").checked;
+            settings["python_executable_path"] = $("pythonExecutablePath").value;
 
             // libtorrent section
             settings["bdecode_depth_limit"] = Number($("bdecodeDepthLimit").value);
@@ -2970,11 +2985,6 @@
             settings["validate_https_tracker_certificate"] = $("validateHTTPSTrackerCertificate").checked;
             settings["ssrf_mitigation"] = $("mitigateSSRF").checked;
             settings["block_peers_on_privileged_ports"] = $("blockPeersOnPrivilegedPorts").checked;
-            settings["enable_embedded_tracker"] = $("enableEmbeddedTracker").checked;
-            settings["embedded_tracker_port"] = Number($("embeddedTrackerPort").value);
-            settings["embedded_tracker_port_forwarding"] = $("embeddedTrackerPortForwarding").checked;
-            settings["mark_of_the_web"] = $("markOfTheWeb").checked;
-            settings["python_executable_path"] = $("pythonExecutablePath").value;
             settings["upload_slots_behavior"] = Number($("uploadSlotsBehavior").value);
             settings["upload_choking_algorithm"] = Number($("uploadChokingAlgorithm").value);
             settings["announce_to_all_trackers"] = $("announceAllTrackers").checked;