From 69812173690eb11a747b06f8b5b9d4e5230fbd89 Mon Sep 17 00:00:00 2001
From: sledgehammer999 <hammered999@gmail.com>
Date: Thu, 19 Sep 2024 21:10:16 +0300
Subject: [PATCH] Don't ignore SSL errors

---
 src/base/net/downloadmanager.cpp             | 16 +++++++++++++---
 src/base/preferences.cpp                     | 13 +++++++++++++
 src/base/preferences.h                       |  2 ++
 src/gui/advancedsettings.cpp                 |  7 +++++++
 src/gui/advancedsettings.h                   |  7 ++++---
 src/webui/api/appcontroller.cpp              |  5 +++++
 src/webui/www/private/views/preferences.html | 10 ++++++++++
 7 files changed, 54 insertions(+), 6 deletions(-)

diff --git a/src/base/net/downloadmanager.cpp b/src/base/net/downloadmanager.cpp
index 6b6eba17b..b84006f6f 100644
--- a/src/base/net/downloadmanager.cpp
+++ b/src/base/net/downloadmanager.cpp
@@ -148,10 +148,20 @@ Net::DownloadManager::DownloadManager(QObject *parent)
         QStringList errorList;
         for (const QSslError &error : errors)
             errorList += error.errorString();
-        LogMsg(tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"").arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
 
-        // Ignore all SSL errors
-        reply->ignoreSslErrors();
+        QString errorMsg;
+        if (!Preferences::instance()->isIgnoreSSLErrors())
+        {
+            errorMsg = tr("SSL error, URL: \"%1\", errors: \"%2\"");
+        }
+        else
+        {
+            errorMsg = tr("Ignoring SSL error, URL: \"%1\", errors: \"%2\"");
+            // Ignore all SSL errors
+            reply->ignoreSslErrors();
+        }
+
+        LogMsg(errorMsg.arg(reply->url().toString(), errorList.join(u". ")), Log::WARNING);
     });
 
     connect(ProxyConfigurationManager::instance(), &ProxyConfigurationManager::proxyConfigurationChanged
diff --git a/src/base/preferences.cpp b/src/base/preferences.cpp
index ec2fe2493..c2605880c 100644
--- a/src/base/preferences.cpp
+++ b/src/base/preferences.cpp
@@ -1330,6 +1330,19 @@ void Preferences::setMarkOfTheWebEnabled(const bool enabled)
     setValue(u"Preferences/Advanced/markOfTheWeb"_s, enabled);
 }
 
+bool Preferences::isIgnoreSSLErrors() const
+{
+    return value(u"Preferences/Advanced/IgnoreSSLErrors"_s, false);
+}
+
+void Preferences::setIgnoreSSLErrors(const bool enabled)
+{
+    if (enabled == isIgnoreSSLErrors())
+        return;
+
+    setValue(u"Preferences/Advanced/IgnoreSSLErrors"_s, enabled);
+}
+
 Path Preferences::getPythonExecutablePath() const
 {
     return value(u"Preferences/Search/pythonExecutablePath"_s, Path());
diff --git a/src/base/preferences.h b/src/base/preferences.h
index a0ee4d0af..4905f75b6 100644
--- a/src/base/preferences.h
+++ b/src/base/preferences.h
@@ -293,6 +293,8 @@ public:
     void setTrackerPortForwardingEnabled(bool enabled);
     bool isMarkOfTheWebEnabled() const;
     void setMarkOfTheWebEnabled(bool enabled);
+    bool isIgnoreSSLErrors() const;
+    void setIgnoreSSLErrors(bool enabled);
     Path getPythonExecutablePath() const;
     void setPythonExecutablePath(const Path &path);
 #if defined(Q_OS_WIN) || defined(Q_OS_MACOS)
diff --git a/src/gui/advancedsettings.cpp b/src/gui/advancedsettings.cpp
index 976ce9537..4d4fd2480 100644
--- a/src/gui/advancedsettings.cpp
+++ b/src/gui/advancedsettings.cpp
@@ -106,6 +106,7 @@ namespace
 #if defined(Q_OS_MACOS) || defined(Q_OS_WIN)
         ENABLE_MARK_OF_THE_WEB,
 #endif // Q_OS_MACOS || Q_OS_WIN
+        IGNORE_SSL_ERRORS,
         PYTHON_EXECUTABLE_PATH,
         START_SESSION_PAUSED,
         SESSION_SHUTDOWN_TIMEOUT,
@@ -335,6 +336,8 @@ void AdvancedSettings::saveAdvancedSettings() const
     // Mark-of-the-Web
     pref->setMarkOfTheWebEnabled(m_checkBoxMarkOfTheWeb.isChecked());
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Ignore SSL errors
+    pref->setIgnoreSSLErrors(m_checkBoxIgnoreSSLErrors.isChecked());
     // Python executable path
     pref->setPythonExecutablePath(Path(m_pythonExecutablePath.text().trimmed()));
     // Start session paused
@@ -863,6 +866,10 @@ void AdvancedSettings::loadAdvancedSettings()
     m_checkBoxMarkOfTheWeb.setChecked(pref->isMarkOfTheWebEnabled());
     addRow(ENABLE_MARK_OF_THE_WEB, motwLabel, &m_checkBoxMarkOfTheWeb);
 #endif // Q_OS_MACOS || Q_OS_WIN
+    // Ignore SSL errors
+    m_checkBoxIgnoreSSLErrors.setChecked(pref->isIgnoreSSLErrors());
+    m_checkBoxIgnoreSSLErrors.setToolTip(tr("Affects certificate validation and non-torrent protocol activities (e.g. RSS feeds, program updates, torrent files, geoip db, etc)"));
+    addRow(IGNORE_SSL_ERRORS, tr("Ignore SSL errors"), &m_checkBoxIgnoreSSLErrors);
     // Python executable path
     m_pythonExecutablePath.setPlaceholderText(tr("(Auto detect if empty)"));
     m_pythonExecutablePath.setText(pref->getPythonExecutablePath().toString());
diff --git a/src/gui/advancedsettings.h b/src/gui/advancedsettings.h
index 8f99e92e3..5c81745be 100644
--- a/src/gui/advancedsettings.h
+++ b/src/gui/advancedsettings.h
@@ -77,9 +77,10 @@ private:
              m_spinBoxSavePathHistoryLength, m_spinBoxPeerTurnover, m_spinBoxPeerTurnoverCutoff, m_spinBoxPeerTurnoverInterval, m_spinBoxRequestQueueSize;
     QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts,
               m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxReannounceWhenAddressChanged, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus,
-              m_checkBoxTrackerPortForwarding, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers,
-              m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity,
-              m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents, m_checkBoxStartSessionPaused;
+              m_checkBoxTrackerPortForwarding, m_checkBoxIgnoreSSLErrors, m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers,
+              m_checkBoxAnnounceAllTiers, m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts,
+              m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport, m_checkBoxConfirmRemoveTrackerFromAllTorrents,
+              m_checkBoxStartSessionPaused;
     QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxDiskIOReadMode, m_comboBoxDiskIOWriteMode, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm,
               m_comboBoxSeedChokingAlgorithm, m_comboBoxResumeDataStorage, m_comboBoxTorrentContentRemoveOption;
     QLineEdit m_lineEditAppInstanceName, m_pythonExecutablePath, m_lineEditAnnounceIP, m_lineEditDHTBootstrapNodes;
diff --git a/src/webui/api/appcontroller.cpp b/src/webui/api/appcontroller.cpp
index b4ce1bc7d..cec4afe48 100644
--- a/src/webui/api/appcontroller.cpp
+++ b/src/webui/api/appcontroller.cpp
@@ -378,6 +378,8 @@ void AppController::preferencesAction()
     data[u"resolve_peer_countries"_s] = pref->resolvePeerCountries();
     // Reannounce to all trackers when ip/port changed
     data[u"reannounce_when_address_changed"_s] = session->isReannounceWhenAddressChangedEnabled();
+    // Ignore SSL errors
+    data[u"ignore_ssl_errors"_s] = pref->isIgnoreSSLErrors();
 
     // libtorrent preferences
     // Bdecode depth limit
@@ -992,6 +994,9 @@ void AppController::setPreferencesAction()
     // Reannounce to all trackers when ip/port changed
     if (hasKey(u"reannounce_when_address_changed"_s))
         session->setReannounceWhenAddressChangedEnabled(it.value().toBool());
+    // Ignore SLL errors
+    if (hasKey(u"ignore_ssl_errors"_s))
+        pref->setIgnoreSSLErrors(it.value().toBool());
 
     // libtorrent preferences
     // Bdecode depth limit
diff --git a/src/webui/www/private/views/preferences.html b/src/webui/www/private/views/preferences.html
index fefb1e00c..7fcd1cc50 100644
--- a/src/webui/www/private/views/preferences.html
+++ b/src/webui/www/private/views/preferences.html
@@ -1240,6 +1240,14 @@ Use ';' to split multiple entries. Can use wildcard '*'.)QBT_TR[CONTEXT=OptionsD
                         <input type="checkbox" id="markOfTheWeb">
                     </td>
                 </tr>
+                <tr>
+                    <td>
+                        <label for="ignoreSSLErrors">QBT_TR(Ignore SSL errors:)QBT_TR[CONTEXT=OptionsDialog]</label>
+                    </td>
+                    <td>
+                        <input type="checkbox" id="ignoreSSLErrors">
+                    </td>
+                </tr>
                 <tr>
                     <td>
                         <label for="pythonExecutablePath">QBT_TR(Python executable path (may require restart):)QBT_TR[CONTEXT=OptionsDialog]</label>
@@ -2469,6 +2477,7 @@ Use ';' to split multiple entries. Can use wildcard '*'.)QBT_TR[CONTEXT=OptionsD
                     $("refreshInterval").value = pref.refresh_interval;
                     $("resolvePeerCountries").checked = pref.resolve_peer_countries;
                     $("reannounceWhenAddressChanged").checked = pref.reannounce_when_address_changed;
+                    $("ignoreSSLErrors").checked = pref.ignore_ssl_errors;
                     // libtorrent section
                     $("bdecodeDepthLimit").value = pref.bdecode_depth_limit;
                     $("bdecodeTokenLimit").value = pref.bdecode_token_limit;
@@ -2925,6 +2934,7 @@ Use ';' to split multiple entries. Can use wildcard '*'.)QBT_TR[CONTEXT=OptionsD
             settings["refresh_interval"] = Number($("refreshInterval").value);
             settings["resolve_peer_countries"] = $("resolvePeerCountries").checked;
             settings["reannounce_when_address_changed"] = $("reannounceWhenAddressChanged").checked;
+            settings["ignore_ssl_errors"] = $("ignoreSSLErrors").checked;
 
             // libtorrent section
             settings["bdecode_depth_limit"] = Number($("bdecodeDepthLimit").value);