[Qt] add option to allow self signed root certs (for testing)

- it is helpful to be able to test and verify payment request processing
  by allowing self signed root certificates (e.g. generated by Gavins
  "certificate authority in a box")
- This option is just shown in the UI options, if -help-debug is enabled.
This commit is contained in:
Philip Kaufmann 2015-01-10 14:48:55 +01:00
parent 4f73a8f64d
commit 851296a72f
2 changed files with 16 additions and 1 deletions

View file

@ -9,6 +9,8 @@
#include "paymentrequestplus.h" #include "paymentrequestplus.h"
#include "util.h"
#include <stdexcept> #include <stdexcept>
#include <openssl/x509.h> #include <openssl/x509.h>
@ -150,7 +152,13 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
int result = X509_verify_cert(store_ctx); int result = X509_verify_cert(store_ctx);
if (result != 1) { if (result != 1) {
int error = X509_STORE_CTX_get_error(store_ctx); int error = X509_STORE_CTX_get_error(store_ctx);
// For testing payment requests, we allow self signed root certs!
// This option is just shown in the UI options, if -help-debug is enabled.
if (!(error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && GetBoolArg("-allowselfsignedrootcertificates", false))) {
throw SSLVerifyError(X509_verify_cert_error_string(error)); throw SSLVerifyError(X509_verify_cert_error_string(error));
} else {
qDebug() << "PaymentRequestPlus::getMerchant: Allowing self signed root certificate, because -allowselfsignedrootcertificates is true.";
}
} }
X509_NAME *certname = X509_get_subject_name(signing_cert); X509_NAME *certname = X509_get_subject_name(signing_cert);

View file

@ -12,6 +12,7 @@
#include "clientversion.h" #include "clientversion.h"
#include "init.h" #include "init.h"
#include "util.h"
#include <stdio.h> #include <stdio.h>
@ -108,6 +109,12 @@ HelpMessageDialog::HelpMessageDialog(QWidget *parent, bool about) :
cursor.movePosition(QTextCursor::NextRow); cursor.movePosition(QTextCursor::NextRow);
cursor.insertText(tr("UI options") + ":", bold); cursor.insertText(tr("UI options") + ":", bold);
cursor.movePosition(QTextCursor::NextRow); cursor.movePosition(QTextCursor::NextRow);
if (GetBoolArg("-help-debug", false)) {
cursor.insertText("-allowselfsignedrootcertificates");
cursor.movePosition(QTextCursor::NextCell);
cursor.insertText(tr("Allow self signed root certificates (default: 0)"));
cursor.movePosition(QTextCursor::NextCell);
}
cursor.insertText("-choosedatadir"); cursor.insertText("-choosedatadir");
cursor.movePosition(QTextCursor::NextCell); cursor.movePosition(QTextCursor::NextCell);
cursor.insertText(tr("Choose data directory on startup (default: 0)")); cursor.insertText(tr("Choose data directory on startup (default: 0)"));