From 49b4e97f5d62f6597fbcba7cfcd4db66031c232a Mon Sep 17 00:00:00 2001 From: SiemensSchuckert <35631785+SiemensSchuckert@users.noreply.github.com> Date: Sun, 22 Dec 2024 21:12:48 +0300 Subject: [PATCH] disable certificate validation for HTTPS (#1174) disable certificate check for HTTPS disable SSL certificate check - to allow download from servers with self-signed cert, or when some certs are missing from system certificate store that CURL uses add new cvar `cl_http_verifypeer` --- doc/040_cvarlist.md | 3 +++ src/client/cl_main.c | 3 ++- src/client/curl/download.c | 3 +++ src/client/curl/header/download.h | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/040_cvarlist.md b/doc/040_cvarlist.md index fe4a0f36..b02a3544 100644 --- a/doc/040_cvarlist.md +++ b/doc/040_cvarlist.md @@ -106,6 +106,9 @@ it's `+set busywait 0` (setting the `busywait` cvar) and `-portable` * **cl_http_max_connections**: Maximum number of parallel downloads. Set to `4` by default. A higher number may help with slow servers. +* **cl_http_verifypeer**: SSL certificate validation. Set to `1` + by default, set to `0` to disable. + * **cl_http_proxy**: Proxy to use, empty by default. * **cl_http_show_dw_progress**: Show a HTTP download progress bar. diff --git a/src/client/cl_main.c b/src/client/cl_main.c index de050abf..4d783d93 100644 --- a/src/client/cl_main.c +++ b/src/client/cl_main.c @@ -568,7 +568,8 @@ CL_InitLocal(void) cl_vwep = Cvar_Get("cl_vwep", "1", CVAR_ARCHIVE); #ifdef USE_CURL - cl_http_proxy = Cvar_Get("cl_http_proxy", "", 0); + cl_http_verifypeer = Cvar_Get("cl_http_verifypeer", "1", CVAR_ARCHIVE); + cl_http_proxy = Cvar_Get("cl_http_proxy", "", CVAR_ARCHIVE); cl_http_filelists = Cvar_Get("cl_http_filelists", "1", 0); cl_http_downloads = Cvar_Get("cl_http_downloads", "1", CVAR_ARCHIVE); cl_http_max_connections = Cvar_Get("cl_http_max_connections", "4", 0); diff --git a/src/client/curl/download.c b/src/client/curl/download.c index 30786365..6bd0b628 100644 --- a/src/client/curl/download.c +++ b/src/client/curl/download.c @@ -33,6 +33,7 @@ cvar_t *cl_http_downloads; cvar_t *cl_http_filelists; +cvar_t *cl_http_verifypeer; cvar_t *cl_http_proxy; cvar_t *cl_http_max_connections; cvar_t *cl_http_show_dw_progress; @@ -293,6 +294,8 @@ static void CL_StartHTTPDownload (dlqueue_t *entry, dlhandle_t *dl) qcurl_easy_setopt(dl->curl, CURLOPT_WRITEFUNCTION, CL_HTTP_Recv); } + qcurl_easy_setopt(dl->curl, CURLOPT_SSL_VERIFYPEER, (long)cl_http_verifypeer->value); + qcurl_easy_setopt(dl->curl, CURLOPT_PROXY_SSL_VERIFYPEER, (long)cl_http_verifypeer->value); qcurl_easy_setopt(dl->curl, CURLOPT_PROXY, cl_http_proxy->string); qcurl_easy_setopt(dl->curl, CURLOPT_LOW_SPEED_TIME, (long)cl_http_bw_limit_tmout->value); qcurl_easy_setopt(dl->curl, CURLOPT_LOW_SPEED_LIMIT, (long)cl_http_bw_limit_rate->value); diff --git a/src/client/curl/header/download.h b/src/client/curl/header/download.h index c2a4e97c..a91b1455 100644 --- a/src/client/curl/header/download.h +++ b/src/client/curl/header/download.h @@ -72,6 +72,7 @@ extern dlquirks_t dlquirks; extern cvar_t *cl_http_downloads; extern cvar_t *cl_http_filelists; +extern cvar_t *cl_http_verifypeer; extern cvar_t *cl_http_proxy; extern cvar_t *cl_http_max_connections; extern cvar_t *cl_http_show_dw_progress;