Merge branch 'hyotak-yun-master' into development

jasonsandlin · Jul 27, 2016 · 47689b3 · 47689b3
2 parents 9e9bcbe + 525db49
commit 47689b3
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 2 deletions.
diff --git a/Release/include/cpprest/ws_client.h b/Release/include/cpprest/ws_client.h
@@ -84,7 +84,11 @@ class websocket_client_config
     /// <summary>
     /// Creates a websocket client configuration with default settings.
     /// </summary>
-    websocket_client_config() : m_sni_enabled(true) {}
+    websocket_client_config() :
+        m_sni_enabled(true),
+        m_validate_certificates(true)
+	{
+	}
 
     /// <summary>
     /// Get the web proxy object
@@ -187,13 +191,33 @@ class websocket_client_config
     /// <remarks>If you want all the subprotocols in a comma separated string
     /// they can be directly looked up in the headers using 'Sec-WebSocket-Protocol'.</remarks>
     _ASYNCRTIMP std::vector<::utility::string_t> subprotocols() const;
+
+    /// <summary>
+    /// Gets the server certificate validation property.
+    /// </summary>
+    /// <returns>True if certificates are to be verified, false otherwise.</returns>
+    bool validate_certificates() const
+    {
+        return m_validate_certificates;
+    }
+
+    /// <summary>
+    /// Sets the server certificate validation property.
+    /// </summary>
+    /// <param name="validate_certs">False to turn ignore all server certificate validation errors, true otherwise.</param>
+    /// <remarks>Note ignoring certificate errors can be dangerous and should be done with caution.</remarks>
+    void set_validate_certificates(bool validate_certs)
+    {
+        m_validate_certificates = validate_certs;
+    }
 
 private:
     web::web_proxy m_proxy;
     web::credentials m_credentials;
     web::http::http_headers m_headers;
     bool m_sni_enabled;
     utf8string m_sni_hostname;
+    bool m_validate_certificates;
 };
 
 /// <summary>

diff --git a/Release/src/websockets/client/ws_client_wspp.cpp b/Release/src/websockets/client/ws_client_wspp.cpp
@@ -180,7 +180,14 @@ class wspp_callback_client : public websocket_client_callback_impl, public std::
                 auto sslContext = websocketpp::lib::shared_ptr<boost::asio::ssl::context>(new boost::asio::ssl::context(boost::asio::ssl::context::sslv23));
                 sslContext->set_default_verify_paths();
                 sslContext->set_options(boost::asio::ssl::context::default_workarounds);
-                sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                if (m_config.validate_certificates())
+                {
+                    sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                }
+                else
+                {
+                    sslContext->set_verify_mode(boost::asio::ssl::context::verify_none);
+                }
 
 #if defined(__APPLE__) || (defined(ANDROID) || defined(__ANDROID__)) || defined(_WIN32)
                 m_openssl_failed = false;