feat: Add setting to bypass SSL certificate validation

Useful in cases where Sonarr or Radarr use HTTPS with a self-signed
certificate. Normally communication with such an instance would fail
since Trash Updater, by default, validates with certificate authorities.

This new setting allows you to disable certificate validation when
communicating with Sonarr or Radarr, avoiding the need to add a
self-signed certificate to your certification store. Use at your own
risk.

Fixes #20.
pull/47/head
Robert Dailey 3 years ago
parent d540cf37c9
commit 94b95c1fb4

@ -14,8 +14,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
documentation][setref] for more information. documentation][setref] for more information.
- Trash git repository URL can be overridden in settings. - Trash git repository URL can be overridden in settings.
- Schema added for `settings.yml`. - Schema added for `settings.yml`.
- Add setting to bypass HTTPS certificate validation (useful for self-signed certificates used with
Sonarr and Radarr instances) ([#20]).
[setref]: https://github.com/rcdailey/trash-updater/wiki/Settings-Reference [setref]: https://github.com/rcdailey/trash-updater/wiki/Settings-Reference
[#20]: https://github.com/rcdailey/trash-updater/issues/20
### Fixed ### Fixed

@ -2,6 +2,7 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="Autofac" /> <PackageReference Include="Autofac" />
<PackageReference Include="FluentValidation" /> <PackageReference Include="FluentValidation" />
<PackageReference Include="Flurl.Http" />
<PackageReference Include="Newtonsoft.Json" /> <PackageReference Include="Newtonsoft.Json" />
<PackageReference Include="Serilog" /> <PackageReference Include="Serilog" />
<PackageReference Include="System.Reactive" /> <PackageReference Include="System.Reactive" />

@ -0,0 +1,15 @@
using System.Net.Http;
using Flurl.Http.Configuration;
namespace Common.Networking;
public class UntrustedCertClientFactory : DefaultHttpClientFactory
{
public override HttpMessageHandler CreateMessageHandler()
{
return new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (_, _, _, _) => true
};
}
}

@ -5,6 +5,7 @@ using CliFx;
using CliFx.Attributes; using CliFx.Attributes;
using CliFx.Exceptions; using CliFx.Exceptions;
using CliFx.Infrastructure; using CliFx.Infrastructure;
using Common.Networking;
using Flurl.Http; using Flurl.Http;
using Flurl.Http.Configuration; using Flurl.Http.Configuration;
using JetBrains.Annotations; using JetBrains.Annotations;
@ -120,6 +121,8 @@ public abstract class ServiceCommand : ICommand, IServiceCommand
settings.JsonSerializer = new NewtonsoftJsonSerializer(jsonSettings); settings.JsonSerializer = new NewtonsoftJsonSerializer(jsonSettings);
FlurlLogging.SetupLogging(settings, _log); FlurlLogging.SetupLogging(settings, _log);
settings.HttpClientFactory = new UntrustedCertClientFactory();
}); });
} }

@ -8,4 +8,5 @@ public record TrashRepository
public record SettingsValues public record SettingsValues
{ {
public TrashRepository Repository { get; init; } = new(); public TrashRepository Repository { get; init; } = new();
public bool EnableSslCertificateValidation { get; init; } = true;
} }

@ -38,6 +38,18 @@ Table of Contents
- [Repository Settings](#repository-settings) - [Repository Settings](#repository-settings)
## Global Settings
```yml
enable_ssl_certificate_validation: true
```
- `enable_ssl_certificate_validation`<br>
If set to `false`, SSL certificates are not validated. This is useful if you are connecting to a
Sonarr or Radarr instance using `https` and it is set up with self-signed certificates. Note that
disabling this setting is a **security risk** and should be avoided unless you are absolutely sure
what you are doing.
## Repository Settings ## Repository Settings
```yml ```yml

Loading…
Cancel
Save