LibProtocol+LibGemini+LibHTTP: Provide root certificates to LibTLS

Now we (almost) verify all the sites we browse. Certificate verification failures should not be unexpected, as the existing CA certificates are likely not complete.
Author: https://github.com/alimpfard Commit: 812e3ecedd Pull-request: https://github.com/SerenityOS/serenity/pull/3867 Reviewed-by: https://github.com/awesomekling
2025-06-11 18:20:43 +09:00 · 2020-10-30 11:57:32 +03:30 · 2020-10-30 11:57:32 +03:30 · 812e3ecedd · 2024-07-19 01:37:43 +09:00
commit 812e3ecedd
parent 37c089fb7b
5 changed files with 13 additions and 2 deletions
--- a/Libraries/LibHTTP/HttpsJob.cpp
+++ b/Libraries/LibHTTP/HttpsJob.cpp
@ -40,6 +40,7 @@ void HttpsJob::start()
 {
    ASSERT(!m_socket);
    m_socket = TLS::TLSv12::construct(this);
+    m_socket->set_root_certificates(m_override_ca_certificates ? *m_override_ca_certificates : DefaultRootCACertificates::the().certificates());
    m_socket->on_tls_connected = [this] {
 #ifdef HTTPSJOB_DEBUG
        dbg() << "HttpsJob: on_connected callback";
--- a/Libraries/LibHTTP/HttpsJob.h
+++ b/Libraries/LibHTTP/HttpsJob.h
@ -38,8 +38,9 @@ namespace HTTP {
 class HttpsJob final : public Job {
    C_OBJECT(HttpsJob)
 public:
-    explicit HttpsJob(const HttpRequest& request)
+    explicit HttpsJob(const HttpRequest& request, const Vector<Certificate>* override_certs = nullptr)
        : Job(request)
+        , m_override_ca_certificates(override_certs)
    {
    }

@ -68,6 +69,7 @@ protected:

 private:
    RefPtr<TLS::TLSv12> m_socket;
+    const Vector<Certificate>* m_override_ca_certificates { nullptr };
 };

 }