[Qt] add option to allow self signed root certs (for testing)
- it is helpful to be able to test and verify payment request processing by allowing self signed root certificates (e.g. generated by Gavins "certificate authority in a box") - This option is just shown in the UI options, if -help-debug is enabled.
This commit is contained in:
parent
4f73a8f64d
commit
851296a72f
2 changed files with 16 additions and 1 deletions
|
@ -9,6 +9,8 @@
|
||||||
|
|
||||||
#include "paymentrequestplus.h"
|
#include "paymentrequestplus.h"
|
||||||
|
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
#include <stdexcept>
|
#include <stdexcept>
|
||||||
|
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
|
@ -150,7 +152,13 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
|
||||||
int result = X509_verify_cert(store_ctx);
|
int result = X509_verify_cert(store_ctx);
|
||||||
if (result != 1) {
|
if (result != 1) {
|
||||||
int error = X509_STORE_CTX_get_error(store_ctx);
|
int error = X509_STORE_CTX_get_error(store_ctx);
|
||||||
|
// For testing payment requests, we allow self signed root certs!
|
||||||
|
// This option is just shown in the UI options, if -help-debug is enabled.
|
||||||
|
if (!(error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && GetBoolArg("-allowselfsignedrootcertificates", false))) {
|
||||||
throw SSLVerifyError(X509_verify_cert_error_string(error));
|
throw SSLVerifyError(X509_verify_cert_error_string(error));
|
||||||
|
} else {
|
||||||
|
qDebug() << "PaymentRequestPlus::getMerchant: Allowing self signed root certificate, because -allowselfsignedrootcertificates is true.";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
X509_NAME *certname = X509_get_subject_name(signing_cert);
|
X509_NAME *certname = X509_get_subject_name(signing_cert);
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
|
|
||||||
#include "clientversion.h"
|
#include "clientversion.h"
|
||||||
#include "init.h"
|
#include "init.h"
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
@ -108,6 +109,12 @@ HelpMessageDialog::HelpMessageDialog(QWidget *parent, bool about) :
|
||||||
cursor.movePosition(QTextCursor::NextRow);
|
cursor.movePosition(QTextCursor::NextRow);
|
||||||
cursor.insertText(tr("UI options") + ":", bold);
|
cursor.insertText(tr("UI options") + ":", bold);
|
||||||
cursor.movePosition(QTextCursor::NextRow);
|
cursor.movePosition(QTextCursor::NextRow);
|
||||||
|
if (GetBoolArg("-help-debug", false)) {
|
||||||
|
cursor.insertText("-allowselfsignedrootcertificates");
|
||||||
|
cursor.movePosition(QTextCursor::NextCell);
|
||||||
|
cursor.insertText(tr("Allow self signed root certificates (default: 0)"));
|
||||||
|
cursor.movePosition(QTextCursor::NextCell);
|
||||||
|
}
|
||||||
cursor.insertText("-choosedatadir");
|
cursor.insertText("-choosedatadir");
|
||||||
cursor.movePosition(QTextCursor::NextCell);
|
cursor.movePosition(QTextCursor::NextCell);
|
||||||
cursor.insertText(tr("Choose data directory on startup (default: 0)"));
|
cursor.insertText(tr("Choose data directory on startup (default: 0)"));
|
||||||
|
|
Loading…
Reference in a new issue