Don't ignore SSL errors

Author: sledgehammer999

src/base/net/downloadmanager.cpp

@@ -148,10 +148,20 @@ Net::DownloadManager::DownloadManager(QObject *parent)
         QStringList errorList;
         for (const QSslError &error : errors)
             errorList += error.errorString();
-        LogMsg(tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"").arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
 
-        // Ignore all SSL errors
-        reply->ignoreSslErrors();
+        QString errorMsg;
+        if (Preferences::instance()->isValidateTLSCertificate())
+        {
+            errorMsg = tr("SSL error, URL: \"%1\", errors: \"%2\"");
+        }
+        else
+        {
+            errorMsg = tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"");
+            // Ignore all SSL errors
+            reply->ignoreSslErrors();
+        }
+
+        LogMsg(errorMsg.arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
     });
 
     connect(ProxyConfigurationManager::instance(), &ProxyConfigurationManager::proxyConfigurationChanged

src/base/preferences.cpp

@@ -1330,6 +1330,19 @@ void Preferences::setMarkOfTheWebEnabled(const bool enabled)
     setValue(u"Preferences/Advanced/markOfTheWeb"_s, enabled);
 }
 
+bool Preferences::isValidateTLSCertificate() const
+{
+    return value(u"Preferences/Advanced/ValidateTLSCertificate"_s, true);
+}
+
+void Preferences::setValidateTLSCertificate(bool enabled)
+{
+    if (enabled == isValidateTLSCertificate())
+        return;
+
+    setValue(u"Preferences/Advanced/ValidateTLSCertificate"_s, enabled);
+}
+
 Path Preferences::getPythonExecutablePath() const
 {
     return value(u"Preferences/Search/pythonExecutablePath"_s, Path());

src/base/preferences.h

@@ -293,6 +293,8 @@ class Preferences final : public QObject
     void setTrackerPortForwardingEnabled(bool enabled);
     bool isMarkOfTheWebEnabled() const;
     void setMarkOfTheWebEnabled(bool enabled);
+    bool isValidateTLSCertificate() const;
+    void setValidateTLSCertificate(bool enabled);
     Path getPythonExecutablePath() const;
     void setPythonExecutablePath(const Path &path);
 #if defined(Q_OS_WIN) || defined(Q_OS_MACOS)

src/gui/advancedsettings.cpp

@@ -106,6 +106,7 @@ namespace
 #if defined(Q_OS_MACOS) || defined(Q_OS_WIN)
         ENABLE_MARK_OF_THE_WEB,
 #endif // Q_OS_MACOS || Q_OS_WIN
+        VALIDATE_TLS_CERTIFICATE,
         PYTHON_EXECUTABLE_PATH,
         START_SESSION_PAUSED,
         SESSION_SHUTDOWN_TIMEOUT,
@@ -335,6 +336,8 @@ void AdvancedSettings::saveAdvancedSettings() const
     // Mark-of-the-Web
     pref->setMarkOfTheWebEnabled(m_checkBoxMarkOfTheWeb.isChecked());
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Validate TLS certificate
+    pref->setValidateTLSCertificate(m_checkBoxValidateTLSCertificate.isChecked());
     // Python executable path
     pref->setPythonExecutablePath(Path(m_pythonExecutablePath.text().trimmed()));
     // Start session paused
@@ -863,6 +866,10 @@ void AdvancedSettings::loadAdvancedSettings()
     m_checkBoxMarkOfTheWeb.setChecked(pref->isMarkOfTheWebEnabled());
     addRow(ENABLE_MARK_OF_THE_WEB, motwLabel, &m_checkBoxMarkOfTheWeb);
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Validate TLS certificate
+    m_checkBoxValidateTLSCertificate.setChecked(pref->isValidateTLSCertificate());
+    m_checkBoxValidateTLSCertificate.setToolTip(tr("Validate TLS certificate for HTTPS URLs (e.g. RSS feeds, program updates, torrent files, geoip db, etc)"));
+    addRow(VALIDATE_TLS_CERTIFICATE, tr("Validate TLS certificates"), &m_checkBoxValidateTLSCertificate);
     // Python executable path
     m_pythonExecutablePath.setPlaceholderText(tr("(Auto detect if empty)"));
     m_pythonExecutablePath.setText(pref->getPythonExecutablePath().toString());

src/gui/advancedsettings.h

@@ -77,9 +77,10 @@ private slots:
              m_spinBoxSavePathHistoryLength, m_spinBoxPeerTurnover, m_spinBoxPeerTurnoverCutoff, m_spinBoxPeerTurnoverInterval, m_spinBoxRequestQueueSize;
     QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts,
               m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxReannounceWhenAddressChanged, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus,
-              m_checkBoxTrackerPortForwarding, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers,
-              m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity,
-              m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents, m_checkBoxStartSessionPaused;
+              m_checkBoxTrackerPortForwarding, m_checkBoxValidateTLSCertificate, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers,
+              m_checkBoxAnnounceAllTiers, m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts,
+              m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents,
+              m_checkBoxStartSessionPaused;
     QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxDiskIOReadMode, m_comboBoxDiskIOWriteMode, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm,
               m_comboBoxSeedChokingAlgorithm, m_comboBoxResumeDataStorage, m_comboBoxTorrentContentRemoveOption;
     QLineEdit m_lineEditAppInstanceName, m_pythonExecutablePath, m_lineEditAnnounceIP, m_lineEditDHTBootstrapNodes;