Skip to content

Commit fb6fbff

Browse files
krichprollschkrichprollsch
authored
Merge pull request #1169 from lightpanda-io/cdp-security-ignore-cert-err
cdp: implement Security.setIgnoreCertificateErrors
2 parents 46ffb80 + 510c61c commit fb6fbff

File tree

2 files changed

+81
-0
lines changed

2 files changed

+81
-0
lines changed

src/cdp/domains/security.zig

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,48 @@ const std = @import("std");
2121
pub fn processMessage(cmd: anytype) !void {
2222
const action = std.meta.stringToEnum(enum {
2323
enable,
24+
setIgnoreCertificateErrors,
2425
}, cmd.input.action) orelse return error.UnknownMethod;
2526

2627
switch (action) {
2728
.enable => return cmd.sendResult(null, .{}),
29+
.setIgnoreCertificateErrors => return setIgnoreCertificateErrors(cmd),
2830
}
2931
}
32+
33+
fn setIgnoreCertificateErrors(cmd: anytype) !void {
34+
const params = (try cmd.params(struct {
35+
ignore: bool,
36+
})) orelse return error.InvalidParams;
37+
38+
if (params.ignore) {
39+
try cmd.cdp.browser.http_client.disableTlsVerify();
40+
} else {
41+
try cmd.cdp.browser.http_client.enableTlsVerify();
42+
}
43+
44+
return cmd.sendResult(null, .{});
45+
}
46+
47+
const testing = @import("../testing.zig");
48+
49+
test "cdp.Security: setIgnoreCertificateErrors" {
50+
var ctx = testing.context();
51+
defer ctx.deinit();
52+
53+
_ = try ctx.loadBrowserContext(.{ .id = "BID-9" });
54+
55+
try ctx.processMessage(.{
56+
.id = 8,
57+
.method = "Security.setIgnoreCertificateErrors",
58+
.params = .{ .ignore = true },
59+
});
60+
try ctx.expectSentResult(null, .{ .id = 8 });
61+
62+
try ctx.processMessage(.{
63+
.id = 9,
64+
.method = "Security.setIgnoreCertificateErrors",
65+
.params = .{ .ignore = false },
66+
});
67+
try ctx.expectSentResult(null, .{ .id = 9 });
68+
}

src/http/Client.zig

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,11 @@ notification: ?*Notification = null,
9393
// restoring, this originally-configured value is what it goes to.
9494
http_proxy: ?[:0]const u8 = null,
9595

96+
// track if the client use a proxy for connections.
97+
// We can't use http_proxy because we want also to track proxy configured via
98+
// CDP.
99+
use_proxy: bool,
100+
96101
// The complete user-agent header line
97102
user_agent: [:0]const u8,
98103

@@ -126,6 +131,7 @@ pub fn init(allocator: Allocator, ca_blob: ?c.curl_blob, opts: Http.Opts) !*Clie
126131
.handles = handles,
127132
.allocator = allocator,
128133
.http_proxy = opts.http_proxy,
134+
.use_proxy = opts.http_proxy != null,
129135
.user_agent = opts.user_agent,
130136
.transfer_pool = transfer_pool,
131137
};
@@ -315,6 +321,7 @@ pub fn changeProxy(self: *Client, proxy: [:0]const u8) !void {
315321
for (self.handles.handles) |*h| {
316322
try errorCheck(c.curl_easy_setopt(h.conn.easy, c.CURLOPT_PROXY, proxy.ptr));
317323
}
324+
self.use_proxy = true;
318325
}
319326

320327
// Same restriction as changeProxy. Should be ok since this is only called on
@@ -326,6 +333,41 @@ pub fn restoreOriginalProxy(self: *Client) !void {
326333
for (self.handles.handles) |*h| {
327334
try errorCheck(c.curl_easy_setopt(h.conn.easy, c.CURLOPT_PROXY, proxy));
328335
}
336+
self.use_proxy = proxy != null;
337+
}
338+
339+
// Enable TLS verification on all connections.
340+
pub fn enableTlsVerify(self: *const Client) !void {
341+
try self.ensureNoActiveConnection();
342+
343+
for (self.handles.handles) |*h| {
344+
const easy = h.conn.easy;
345+
346+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYHOST, @as(c_long, 2)));
347+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYPEER, @as(c_long, 1)));
348+
349+
if (self.use_proxy) {
350+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYHOST, @as(c_long, 2)));
351+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYPEER, @as(c_long, 1)));
352+
}
353+
}
354+
}
355+
356+
// Disable TLS verification on all connections.
357+
pub fn disableTlsVerify(self: *const Client) !void {
358+
try self.ensureNoActiveConnection();
359+
360+
for (self.handles.handles) |*h| {
361+
const easy = h.conn.easy;
362+
363+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYHOST, @as(c_long, 0)));
364+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_SSL_VERIFYPEER, @as(c_long, 0)));
365+
366+
if (self.use_proxy) {
367+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYHOST, @as(c_long, 0)));
368+
try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_PROXY_SSL_VERIFYPEER, @as(c_long, 0)));
369+
}
370+
}
329371
}
330372

331373
fn makeRequest(self: *Client, handle: *Handle, transfer: *Transfer) !void {

0 commit comments

Comments
 (0)