Added websocket_client_config option for ssl verify mode

hyotak.yun · hyotak.yun · commit d6b882a6d8c9 · 2016-03-23T19:56:47.000+09:00
diff --git a/Release/include/cpprest/ws_client.h b/Release/include/cpprest/ws_client.h
@@ -84,7 +84,11 @@ class websocket_client_config
     /// <summary>
     /// Creates a websocket client configuration with default settings.
     /// </summary>
-    websocket_client_config() : m_sni_enabled(true) {}
+    websocket_client_config() :
+        m_sni_enabled(true),
+        m_validate_certificates(true)
+	{
+	}
 
     /// <summary>
     /// Get the web proxy object
@@ -187,13 +191,33 @@ class websocket_client_config
     /// <remarks>If you want all the subprotocols in a comma separated string
     /// they can be directly looked up in the headers using 'Sec-WebSocket-Protocol'.</remarks>
     _ASYNCRTIMP std::vector<::utility::string_t> subprotocols() const;
+	
+    /// <summary>
+    /// Gets the server certificate validation property.
+    /// </summary>
+    /// <returns>True if certificates are to be verified, false otherwise.</returns>
+    bool validate_certificates() const
+    {
+        return m_validate_certificates;
+    }
+	
+    /// <summary>
+    /// Sets the server certificate validation property.
+    /// </summary>
+    /// <param name="validate_certs">False to turn ignore all server certificate validation errors, true otherwise.</param>
+    /// <remarks>Note ignoring certificate errors can be dangerous and should be done with caution.</remarks>
+    void set_validate_certificates(bool validate_certs)
+    {
+        m_validate_certificates = validate_certs;
+    }
 
 private:
     web::web_proxy m_proxy;
     web::credentials m_credentials;
     web::http::http_headers m_headers;
     bool m_sni_enabled;
     utf8string m_sni_hostname;
+	bool m_validate_certificates;
 };
 
 /// <summary>
diff --git a/Release/src/websockets/client/ws_client_wspp.cpp b/Release/src/websockets/client/ws_client_wspp.cpp
@@ -159,7 +159,14 @@ class wspp_callback_client : public websocket_client_callback_impl, public std::
                 auto sslContext = websocketpp::lib::shared_ptr<boost::asio::ssl::context>(new boost::asio::ssl::context(boost::asio::ssl::context::sslv23));
                 sslContext->set_default_verify_paths();
                 sslContext->set_options(boost::asio::ssl::context::default_workarounds);
-                sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                if (m_config.validate_certificates())
+                {
+                    sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                }
+                else
+                {
+                    sslContext->set_verify_mode(boost::asio::ssl::context::verify_none);
+                }
 
 #if defined(__APPLE__) || (defined(ANDROID) || defined(__ANDROID__)) || defined(_WIN32)
                 m_openssl_failed = false;
