feat: Add setting to bypass SSL certificate validation

Useful in cases where Sonarr or Radarr use HTTPS with a self-signed certificate. Normally communication with such an instance would fail since Trash Updater, by default, validates with certificate authorities. This new setting allows you to disable certificate validation when communicating with Sonarr or Radarr, avoiding the need to add a self-signed certificate to your certification store. Use at your own risk. Fixes #20.
2 years ago · 94b95c1fb4
parent d540cf37c9
commit 94b95c1fb4
6 changed files with 35 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,8 +14,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  documentation][setref] for more information.
 - Trash git repository URL can be overridden in settings.
 - Schema added for `settings.yml`.
+- Add setting to bypass HTTPS certificate validation (useful for self-signed certificates used with
+  Sonarr and Radarr instances) ([#20]).

 [setref]: https://github.com/rcdailey/trash-updater/wiki/Settings-Reference
+[#20]: https://github.com/rcdailey/trash-updater/issues/20

 ### Fixed

--- a/src/Common/Common.csproj
+++ b/src/Common/Common.csproj
@ -2,6 +2,7 @@
  <ItemGroup>
    <PackageReference Include="Autofac" />
    <PackageReference Include="FluentValidation" />
+    <PackageReference Include="Flurl.Http" />
    <PackageReference Include="Newtonsoft.Json" />
    <PackageReference Include="Serilog" />
    <PackageReference Include="System.Reactive" />
--- a/src/Common/Networking/UntrustedCertClientFactory.cs
+++ b/src/Common/Networking/UntrustedCertClientFactory.cs
@ -0,0 +1,15 @@
+using System.Net.Http;
+using Flurl.Http.Configuration;
+
+namespace Common.Networking;
+
+public class UntrustedCertClientFactory : DefaultHttpClientFactory
+{
+    public override HttpMessageHandler CreateMessageHandler()
+    {
+        return new HttpClientHandler
+        {
+            ServerCertificateCustomValidationCallback = (_, _, _, _) => true
+        };
+    }
+}
--- a/src/Trash/Command/ServiceCommand.cs
+++ b/src/Trash/Command/ServiceCommand.cs
@ -5,6 +5,7 @@ using CliFx;
 using CliFx.Attributes;
 using CliFx.Exceptions;
 using CliFx.Infrastructure;
+using Common.Networking;
 using Flurl.Http;
 using Flurl.Http.Configuration;
 using JetBrains.Annotations;
@ -120,6 +121,8 @@ public abstract class ServiceCommand : ICommand, IServiceCommand

            settings.JsonSerializer = new NewtonsoftJsonSerializer(jsonSettings);
            FlurlLogging.SetupLogging(settings, _log);
+
+            settings.HttpClientFactory = new UntrustedCertClientFactory();
        });
    }

--- a/src/TrashLib/Config/Settings/SettingsValues.cs
+++ b/src/TrashLib/Config/Settings/SettingsValues.cs
@ -8,4 +8,5 @@ public record TrashRepository
 public record SettingsValues
 {
    public TrashRepository Repository { get; init; } = new();
+    public bool EnableSslCertificateValidation { get; init; } = true;
 }
--- a/wiki/Settings-Reference.md
+++ b/wiki/Settings-Reference.md
@ -38,6 +38,18 @@ Table of Contents

 - [Repository Settings](#repository-settings)

+## Global Settings
+
+```yml
+enable_ssl_certificate_validation: true
+```
+
+- `enable_ssl_certificate_validation`<br>
+  If set to `false`, SSL certificates are not validated. This is useful if you are connecting to a
+  Sonarr or Radarr instance using `https` and it is set up with self-signed certificates. Note that
+  disabling this setting is a **security risk** and should be avoided unless you are absolutely sure
+  what you are doing.
+
 ## Repository Settings

 ```yml