Add option to allow self-signed or invalid certificates

2025-08-01 17:38:37 +00:00 · 2021-02-21 13:42:49 -08:00 · 2021-02-21 13:42:49 -08:00 · ec3c604a83
commit ec3c604a83
parent c3f871b49b
35 changed files with 388 additions and 227 deletions
--- a/http/client/client.go
+++ b/http/client/client.go
@ -6,6 +6,7 @@ package client // import "miniflux.app/http/client"

 import (
 	"bytes"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
@ -50,9 +51,10 @@ type Client struct {
 	useProxy             bool
 	doNotFollowRedirects bool

-	ClientTimeout     int
-	ClientMaxBodySize int64
-	ClientProxyURL    string
+	ClientTimeout               int
+	ClientMaxBodySize           int64
+	ClientProxyURL              string
+	AllowSelfSignedCertificates bool
 }

 // New initializes a new HTTP client.
@ -87,13 +89,14 @@ func (c *Client) String() string {
 	}

 	return fmt.Sprintf(
-		`InputURL=%q RequestURL=%q ETag=%s LastModified=%s Auth=%v UserAgent=%q`,
+		`InputURL=%q RequestURL=%q ETag=%s LastMod=%s Auth=%v UserAgent=%q Verify=%v`,
 		c.inputURL,
 		c.requestURL,
 		etagHeader,
 		lastModifiedHeader,
 		c.requestAuthorizationHeader != "" || (c.requestUsername != "" && c.requestPassword != ""),
 		c.requestUserAgent,
+		!c.AllowSelfSignedCertificates,
 	)
 }

@ -288,6 +291,10 @@ func (c *Client) buildClient() http.Client {
 		IdleConnTimeout: 10 * time.Second,
 	}

+	if c.AllowSelfSignedCertificates {
+		transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	if c.doNotFollowRedirects {
 		client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse