LibTLS: Add option to allow self-signed certificates

With this option enabled self-signed certificates will be accepted,
eventhough they cannot be verified.

2 files changed, 2 insertions, 1 deletions

diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp
index bfd4749745..820e5078b1 100644
--- a/Userland/Libraries/LibTLS/TLSv12.cpp
+++ b/Userland/Libraries/LibTLS/TLSv12.cpp
@@ -283,7 +283,7 @@ bool Context::verify_chain(StringView host) const
         } else {
             if (subject_string == issuer_string) {
                 dbgln("verify_chain: Non-root self-signed certificate");
-                return false;
+                return options.allow_self_signed_certificates;
             }
             if ((cert_index + 1) >= local_chain->size()) {
                 dbgln("verify_chain: No trusted root certificate found before end of certificate chain");
diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h
index 8f6bef402b..a3055c18d5 100644
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@@ -252,6 +252,7 @@ struct Options {
     OPTION_WITH_DEFAULTS(bool, use_sni, true)
     OPTION_WITH_DEFAULTS(bool, use_compression, false)
     OPTION_WITH_DEFAULTS(bool, validate_certificates, true)
+    OPTION_WITH_DEFAULTS(bool, allow_self_signed_certificates, false)
     OPTION_WITH_DEFAULTS(Optional<Vector<Certificate>>, root_certificates, )
     OPTION_WITH_DEFAULTS(Function<void(AlertDescription)>, alert_handler, [](auto) {})
     OPTION_WITH_DEFAULTS(Function<void()>, finish_callback, [] {})