LibWebSocket: Support specifying root certificate path

Author: https://github.com/devgianlu
Commit: 24d3da64e5
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3571
Reviewed-by: https://github.com/ADKaster
Reviewed-by: https://github.com/alimpfard ✅

Libraries/LibWebSocket/ConnectionInfo.h

@@ -30,6 +30,9 @@ public:
     HTTP::HeaderMap const& headers() const { return m_headers; }
     void set_headers(HTTP::HeaderMap headers) { m_headers = move(headers); }
 
+    Optional<ByteString> const& root_certificates_path() const { return m_root_certificates_path; }
+    void set_root_certificates_path(Optional<ByteString> root_certificates_path) { m_root_certificates_path = move(root_certificates_path); }
+
     // secure flag - defined in RFC 6455 Section 3
     bool is_secure() const;
 
@@ -42,6 +45,7 @@ private:
     Vector<ByteString> m_protocols {};
     Vector<ByteString> m_extensions {};
     HTTP::HeaderMap m_headers;
+    Optional<ByteString> m_root_certificates_path;
 };
 
 }

Libraries/LibWebSocket/Impl/WebSocketImplSerenity.cpp

@@ -45,8 +45,11 @@ void WebSocketImplSerenity::connect(ConnectionInfo const& connection_info)
     auto socket_result = [&]() -> ErrorOr<NonnullOwnPtr<Core::BufferedSocketBase>> {
         auto host = connection_info.url().serialized_host().to_byte_string();
         if (connection_info.is_secure()) {
+            TLS::Options options;
+            options.set_root_certificates_path(connection_info.root_certificates_path());
+
             return TRY(Core::BufferedSocket<TLS::TLSv12>::create(
-                TRY(TLS::TLSv12::connect(host, connection_info.url().port_or_default()))));
+                TRY(TLS::TLSv12::connect(host, connection_info.url().port_or_default(), move(options)))));
         }
 
         return TRY(Core::BufferedTCPSocket::create(

Services/RequestServer/ConnectionFromClient.cpp

@@ -656,6 +656,9 @@ void ConnectionFromClient::websocket_connect(i64 websocket_id, URL::URL const& u
     connection_info.set_extensions(extensions);
     connection_info.set_headers(additional_request_headers);
 
+    if (!g_default_certificate_path.is_empty())
+        connection_info.set_root_certificates_path(g_default_certificate_path);
+
     auto connection = WebSocket::WebSocket::create(move(connection_info));
     connection->on_open = [this, websocket_id]() {
         async_websocket_connected(websocket_id);

Utilities/dns.cpp

@@ -81,15 +81,23 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
             } else {
                 return MUST(resolver.lookup(server_address)->await())->cached_addresses().first().visit([&](auto& address) -> DNS::Resolver::SocketResult {
                     if (use_tls) {
-                        auto tls = MUST(TLS::TLSv12::connect({ address, 853 }, server_address));
+                        TLS::Options options;
+                        options.set_root_certificates_path(cert_path);
+
+                        auto tls = MUST(TLS::TLSv12::connect({ address, 853 }, server_address, move(options)));
                         return { move(tls), DNS::Resolver::ConnectionMode::TCP };
                     }
                     return { MUST(Core::BufferedSocket<Core::UDPSocket>::create(MUST(Core::UDPSocket::connect({ address, 53 })))), DNS::Resolver::ConnectionMode::UDP };
                 });
             }
 
-            if (use_tls)
+            if (use_tls) {
-                return DNS::Resolver::SocketResult { MUST(TLS::TLSv12::connect(addr, server_address)), DNS::Resolver::ConnectionMode::TCP };
+                TLS::Options options;
+                options.set_root_certificates_path(cert_path);
+
+                return DNS::Resolver::SocketResult { MUST(TLS::TLSv12::connect(addr, server_address, move(options))), DNS::Resolver::ConnectionMode::TCP };
+            }
+
             return DNS::Resolver::SocketResult { MUST(Core::BufferedSocket<Core::UDPSocket>::create(MUST(Core::UDPSocket::connect(addr)))), DNS::Resolver::ConnectionMode::UDP };
         }
     };