tls: support certificate verify.

2020-04-30 22:51:42 +08:00
parent 304e94bc6f
commit 54801e1ed6
12 changed files with 114 additions and 8 deletions
--- a/package/luci-compat/files/luci/model/cbi/smartdns/upstream.lua
+++ b/package/luci-compat/files/luci/model/cbi/smartdns/upstream.lua
@@ -78,6 +78,16 @@ o.rempty      = true
 o:depends("type", "tls")
 o:depends("type", "https")

+---- certificate verify
+o = s:option(Flag, "no_check_certificate", translate("No check certificate"), translate("Do not check certificate."))
+o.rmempty     = false
+o.default     = o.disabled
+o.cfgvalue    = function(...)
+    return Flag.cfgvalue(...) or "0"
+end
+o.depends("type", "tls")
+o.depends("type", "https")
+
 ---- SNI host name
 o = s:option(Value, "host_name", translate("TLS SNI name"), translate("Sets the server name indication for query."))
 o.default     = ""
--- a/package/luci/files/luci/htdocs/luci-static/resources/view/smartdns/smartdns.js
+++ b/package/luci/files/luci/htdocs/luci-static/resources/view/smartdns/smartdns.js
@@ -390,6 +390,15 @@ return L.view.extend({
 		o.depends("type", "tls")
 		o.depends("type", "https")

+		// certificate verify
+		o = s.taboption("advanced", form.Flag, "no_check_certificate", _("No check certificate"),
+			_("Do not check certificate."))
+		o.rmempty = false
+		o.default = o.disabled
+		o.modalonly = true;
+		o.depends("type", "tls")
+		o.depends("type", "https")
+
 		// SNI host name
 		o = s.taboption("advanced", form.Value, "host_name", _("TLS SNI name"),
 			_("Sets the server name indication for query."))
--- a/package/openwrt/files/etc/init.d/smartdns
+++ b/package/openwrt/files/etc/init.d/smartdns
@@ -156,6 +156,7 @@ load_server()
 	config_get type "$section" "type" "udp"
 	config_get ip "$section" "ip" ""
 	config_get tls_host_verify "$section" "tls_host_verify" ""
+	config_get no_check_certificate "$section" "no_check_certificate" ""
 	config_get host_name "$section" "host_name" ""
 	config_get http_host "$section" "http_host" ""
 	config_get server_group "$section" "server_group" ""
@@ -186,6 +187,7 @@ load_server()
 	fi

 	[ -z "$tls_host_verify" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify"
+	[ -z "$no_check_certificate" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -no-check-certificate"
 	[ -z "$host_name" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name"
 	[ -z "$http_host" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -http-host $http_host"
 	[ -z "$server_group" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group"