Added: INI option to verify SSL cert

This commit is contained in:
Sepalani 2015-06-09 20:23:56 +02:00
parent d3be9d155d
commit 1fdf750395
3 changed files with 8 additions and 1 deletions

View File

@ -319,6 +319,7 @@ void SConfig::SaveNetworkSettings(IniFile& ini)
network->Set("SSLDumpRead", m_SSLDumpRead); network->Set("SSLDumpRead", m_SSLDumpRead);
network->Set("SSLDumpWrite", m_SSLDumpWrite); network->Set("SSLDumpWrite", m_SSLDumpWrite);
network->Set("SSLVerifyCert", m_SSLVerifyCert);
} }
void SConfig::SaveAnalyticsSettings(IniFile& ini) void SConfig::SaveAnalyticsSettings(IniFile& ini)
@ -618,6 +619,7 @@ void SConfig::LoadNetworkSettings(IniFile& ini)
network->Get("SSLDumpRead", &m_SSLDumpRead, false); network->Get("SSLDumpRead", &m_SSLDumpRead, false);
network->Get("SSLDumpWrite", &m_SSLDumpWrite, false); network->Get("SSLDumpWrite", &m_SSLDumpWrite, false);
network->Get("SSLVerifyCert", &m_SSLVerifyCert, false);
} }
void SConfig::LoadAnalyticsSettings(IniFile& ini) void SConfig::LoadAnalyticsSettings(IniFile& ini)

View File

@ -276,6 +276,7 @@ struct SConfig : NonCopyable
// Network settings // Network settings
bool m_SSLDumpRead; bool m_SSLDumpRead;
bool m_SSLDumpWrite; bool m_SSLDumpWrite;
bool m_SSLVerifyCert;
SysConf* m_SYSCONF; SysConf* m_SYSCONF;

View File

@ -6,6 +6,7 @@
#include "Common/FileUtil.h" #include "Common/FileUtil.h"
#include "Common/NandPaths.h" #include "Common/NandPaths.h"
#include "Core/ConfigManager.h"
#include "Core/Core.h" #include "Core/Core.h"
#include "Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h" #include "Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h"
#include "Core/IPC_HLE/WII_Socket.h" #include "Core/IPC_HLE/WII_Socket.h"
@ -174,7 +175,10 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
mbedtls_ssl_set_session(&ssl->ctx, &ssl->session); mbedtls_ssl_set_session(&ssl->ctx, &ssl->session);
mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_REQUIRED); if (SConfig::GetInstance().m_SSLVerifyCert && verifyOption)
mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_REQUIRED);
else
mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED); mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
ssl->hostname = hostname; ssl->hostname = hostname;