Add option to disable SSL validation. (Not encouraged!!!) #48

.vscode/settings.json

@@ -11,6 +11,10 @@
         "string": "cpp",
         "unordered_map": "cpp",
         "vector": "cpp",
-        "qnetworkaccessmanager": "cpp"
+        "qnetworkaccessmanager": "cpp",
+        "array": "cpp",
+        "tuple": "cpp",
+        "utility": "cpp",
+        "variant": "cpp"
     }
 }

resources/settings/settings_description.json

@@ -123,6 +123,11 @@
       {
         "value": "enableInputRepeat",
         "default": true
+      },
+      {
+        "value": "ignoreSSLErrors",
+        "default": false,
+        "hidden": true
       }
     ]
   },

src/player/PlayerComponent.cpp

@@ -128,35 +128,40 @@ bool PlayerComponent::componentInitialize()
   // See: https://github.com/plexinc/plex-media-player/issues/736
   mpv::qt::set_property(m_mpv, "cache-seek-min", 5000);
 
+  if (!SettingsComponent::Get().ignoreSSLErrors()) {
+    mpv::qt::set_property(m_mpv, "tls-ca-file", "");
+    mpv::qt::set_property(m_mpv, "tls-verify", "no");
+  } else {
 #if !defined(Q_OS_WIN) && !defined(Q_OS_MAC)
-  QList<QByteArray> list;
-  list << "/etc/ssl/certs/ca-certificates.crt"
-       << "/etc/pki/tls/certs/ca-bundle.crt"
-       << "/usr/share/ssl/certs/ca-bundle.crt"
-       << "/usr/local/share/certs/ca-root-nss.crt"
-       << "/etc/ssl/cert.pem"
-       << "/usr/share/curl/curl-ca-bundle.crt"
-       << "/usr/local/share/curl/curl-ca-bundle.crt"
-       << "/var/lib/ca-certificates/ca-bundle.pem";
-
-  bool success = false;
-
-  for (auto path : list)
-  {
-    if (access(path.data(), R_OK) == 0) {
-      mpv::qt::set_property(m_mpv, "tls-ca-file", path.data());
-      mpv::qt::set_property(m_mpv, "tls-verify", "yes");
-      success = true;
-      break;
+    QList<QByteArray> list;
+    list << "/etc/ssl/certs/ca-certificates.crt"
+        << "/etc/pki/tls/certs/ca-bundle.crt"
+        << "/usr/share/ssl/certs/ca-bundle.crt"
+        << "/usr/local/share/certs/ca-root-nss.crt"
+        << "/etc/ssl/cert.pem"
+        << "/usr/share/curl/curl-ca-bundle.crt"
+        << "/usr/local/share/curl/curl-ca-bundle.crt"
+        << "/var/lib/ca-certificates/ca-bundle.pem";
+
+    bool success = false;
+
+    for (auto path : list)
+    {
+      if (access(path.data(), R_OK) == 0) {
+        mpv::qt::set_property(m_mpv, "tls-ca-file", path.data());
+        mpv::qt::set_property(m_mpv, "tls-verify", "yes");
+        success = true;
+        break;
+      }
     }
-  }
 
-  if (!success)
-    throw FatalException(tr("Failed to locate CA bundle."));
+    if (!success)
+      throw FatalException(tr("Failed to locate CA bundle."));
 #else
-  // We need to not use Shinchiro's personal CA file...
-  mpv::qt::set_property(m_mpv, "tls-ca-file", "");
+    // We need to not use Shinchiro's personal CA file...
+    mpv::qt::set_property(m_mpv, "tls-ca-file", "");
 #endif
+  }
 
   // Apply some low-memory settings on RPI, which is relatively memory-constrained.
 #ifdef TARGET_RPI

src/settings/SettingsComponent.cpp

@@ -753,6 +753,12 @@ QString SettingsComponent::getClientName()
   return name;
 }
 
+/////////////////////////////////////////////////////////////////////////////////////////
+bool SettingsComponent::ignoreSSLErrors()
+{
+  return SettingsComponent::Get().value(SETTINGS_SECTION_MAIN, "ignoreSSLErrors").toBool();
+}
+
 /////////////////////////////////////////////////////////////////////////////////////////
 void SettingsComponent::setCommandLineValues(const QStringList& values)
 {

src/settings/SettingsComponent.h

@@ -60,6 +60,7 @@ public:
   Q_INVOKABLE QString getWebClientUrl(bool desktop);
   Q_INVOKABLE QString getExtensionPath();
   Q_INVOKABLE QString getClientName();
+  Q_INVOKABLE bool ignoreSSLErrors();
 
   // host commands
   Q_SLOT Q_INVOKABLE void cycleSettingCommand(const QString& args);

src/ui/webview.qml

@@ -216,6 +216,9 @@ KonvergoWindow
     onCertificateError:
     {
       console.log(error.url + " :" + error.description + error.error)
+      if (components.settings.ignoreSSLErrors()) {
+        error.ignoreCertificateError()
+      }
     }
   }