From 859cf1b4845c75938dd8f3be839a22db3f972c44 Mon Sep 17 00:00:00 2001
From: Andrew Belt <andrewpbelt@gmail.com>
Date: Sun, 19 Nov 2023 15:54:10 -0500
Subject: [PATCH] Add verifyHttpsCerts setting to disable verifying HTTPS
 certificates.

---
 include/settings.hpp | 1 +
 src/network.cpp      | 5 +++++
 src/settings.cpp     | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/include/settings.hpp b/include/settings.hpp
index 7c46dd26..75375335 100644
--- a/include/settings.hpp
+++ b/include/settings.hpp
@@ -78,6 +78,7 @@ extern bool skipLoadOnLaunch;
 extern std::list<std::string> recentPatchPaths;
 extern std::vector<NVGcolor> cableColors;
 extern bool autoCheckUpdates;
+extern bool verifyHttpsCerts;
 extern bool showTipsOnLaunch;
 extern int tipIndex;
 enum BrowserSort {
diff --git a/src/network.cpp b/src/network.cpp
index 9da83245..e01e0dda 100644
--- a/src/network.cpp
+++ b/src/network.cpp
@@ -7,6 +7,7 @@
 #include <network.hpp>
 #include <system.hpp>
 #include <asset.hpp>
+#include <settings.hpp>
 
 
 namespace rack {
@@ -35,9 +36,13 @@ static CURL* createCurl() {
 	// So tell curl not to signal.
 	curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
 
+	// Load root certificates
 	std::string caPath = asset::system("cacert.pem");
 	curl_easy_setopt(curl, CURLOPT_CAINFO, caPath.c_str());
 
+	// Don't verify HTTPS certificates if verifyHttpsCerts is false
+	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, settings::verifyHttpsCerts);
+
 	return curl;
 }
 
diff --git a/src/settings.cpp b/src/settings.cpp
index b88be2c0..384071e9 100644
--- a/src/settings.cpp
+++ b/src/settings.cpp
@@ -61,6 +61,7 @@ std::vector<NVGcolor> cableColors = {
 	color::fromHexString("#8b4ade"), // purple
 };
 bool autoCheckUpdates = true;
+bool verifyHttpsCerts = true;
 bool showTipsOnLaunch = true;
 int tipIndex = -1;
 BrowserSort browserSort = BROWSER_SORT_UPDATED;
@@ -187,6 +188,8 @@ json_t* toJson() {
 
 	json_object_set_new(rootJ, "autoCheckUpdates", json_boolean(autoCheckUpdates));
 
+	json_object_set_new(rootJ, "verifyHttpsCerts", json_boolean(verifyHttpsCerts));
+
 	json_object_set_new(rootJ, "showTipsOnLaunch", json_boolean(showTipsOnLaunch));
 
 	json_object_set_new(rootJ, "tipIndex", json_integer(tipIndex));
@@ -411,6 +414,10 @@ void fromJson(json_t* rootJ) {
 	if (autoCheckUpdatesJ)
 		autoCheckUpdates = json_boolean_value(autoCheckUpdatesJ);
 
+	json_t* verifyHttpsCertsJ = json_object_get(rootJ, "verifyHttpsCerts");
+	if (verifyHttpsCertsJ)
+		verifyHttpsCerts = json_boolean_value(verifyHttpsCertsJ);
+
 	json_t* showTipsOnLaunchJ = json_object_get(rootJ, "showTipsOnLaunch");
 	if (showTipsOnLaunchJ)
 		showTipsOnLaunch = json_boolean_value(showTipsOnLaunchJ);