Merge pull request #5636

851296a [Qt] add option to allow self signed root certs (for testing) (Philip Kaufmann)
This commit is contained in:
Wladimir J. van der Laan 2015-01-16 11:18:45 +01:00
commit a353ad4cdb
No known key found for this signature in database
GPG key ID: 74810B012346C9A6
2 changed files with 16 additions and 1 deletions

View file

@ -9,6 +9,8 @@
#include "paymentrequestplus.h"
#include "util.h"
#include <stdexcept>
#include <openssl/x509.h>
@ -150,7 +152,13 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
int result = X509_verify_cert(store_ctx);
if (result != 1) {
int error = X509_STORE_CTX_get_error(store_ctx);
throw SSLVerifyError(X509_verify_cert_error_string(error));
// For testing payment requests, we allow self signed root certs!
// This option is just shown in the UI options, if -help-debug is enabled.
if (!(error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && GetBoolArg("-allowselfsignedrootcertificates", false))) {
throw SSLVerifyError(X509_verify_cert_error_string(error));
} else {
qDebug() << "PaymentRequestPlus::getMerchant: Allowing self signed root certificate, because -allowselfsignedrootcertificates is true.";
}
}
X509_NAME *certname = X509_get_subject_name(signing_cert);

View file

@ -12,6 +12,7 @@
#include "clientversion.h"
#include "init.h"
#include "util.h"
#include <stdio.h>
@ -108,6 +109,12 @@ HelpMessageDialog::HelpMessageDialog(QWidget *parent, bool about) :
cursor.movePosition(QTextCursor::NextRow);
cursor.insertText(tr("UI options") + ":", bold);
cursor.movePosition(QTextCursor::NextRow);
if (GetBoolArg("-help-debug", false)) {
cursor.insertText("-allowselfsignedrootcertificates");
cursor.movePosition(QTextCursor::NextCell);
cursor.insertText(tr("Allow self signed root certificates (default: 0)"));
cursor.movePosition(QTextCursor::NextCell);
}
cursor.insertText("-choosedatadir");
cursor.movePosition(QTextCursor::NextCell);
cursor.insertText(tr("Choose data directory on startup (default: 0)"));