Add HTTPS tracker certificate validation option

This commit adds a new libtorrent setting to validate HTTPS tracker
certificates. When enabled, libtorrent will validate the certificate
of HTTPS trackers against the system's certificate store. This option
is only enabled on libtorrent versions >= 1.2.6 and on non-Windows
systems, as OpenSSL does not use the system's certificate store on
Windows.
This commit is contained in:
NotTsunami 2020-04-22 15:50:13 -04:00
parent 8e553adc92
commit cc1ebbf379
6 changed files with 55 additions and 1 deletions

View File

@ -417,6 +417,7 @@ Session::Session(QObject *parent)
, m_utpMixedMode(BITTORRENT_SESSION_KEY("uTPMixedMode"), MixedModeAlgorithm::TCP
, clampValue(MixedModeAlgorithm::TCP, MixedModeAlgorithm::Proportional))
, m_multiConnectionsPerIpEnabled(BITTORRENT_SESSION_KEY("MultiConnectionsPerIp"), false)
, m_validateHTTPSTrackerCertificate(BITTORRENT_SESSION_KEY("ValidateHTTPSTrackerCertificate"), false)
, m_isAddTrackersEnabled(BITTORRENT_SESSION_KEY("AddTrackersEnabled"), false)
, m_additionalTrackers(BITTORRENT_SESSION_KEY("AdditionalTrackers"))
, m_globalMaxRatio(BITTORRENT_SESSION_KEY("GlobalMaxRatio"), -1, [](qreal r) { return r < 0 ? -1. : r;})
@ -1416,6 +1417,10 @@ void Session::loadLTSettings(lt::settings_pack &settingsPack)
settingsPack.set_bool(lt::settings_pack::allow_multiple_connections_per_ip, multiConnectionsPerIpEnabled());
#ifdef HAS_HTTPS_TRACKER_VALIDATION
settingsPack.set_bool(lt::settings_pack::validate_https_trackers, validateHTTPSTrackerCertificate());
#endif
settingsPack.set_bool(lt::settings_pack::apply_ip_filter_to_trackers, isTrackerFilteringEnabled());
settingsPack.set_bool(lt::settings_pack::enable_dht, isDHTEnabled());
@ -3703,6 +3708,19 @@ void Session::setMultiConnectionsPerIpEnabled(const bool enabled)
configureDeferred();
}
bool Session::validateHTTPSTrackerCertificate() const
{
return m_validateHTTPSTrackerCertificate;
}
void Session::setValidateHTTPSTrackerCertificate(const bool enabled)
{
if (enabled == m_validateHTTPSTrackerCertificate) return;
m_validateHTTPSTrackerCertificate = enabled;
configureDeferred();
}
bool Session::isTrackerFilteringEnabled() const
{
return m_isTrackerFilteringEnabled;

View File

@ -46,6 +46,10 @@
#include "sessionstatus.h"
#include "torrentinfo.h"
#if ((LIBTORRENT_VERSION_NUM >= 10206) && !defined(Q_OS_WIN))
#define HAS_HTTPS_TRACKER_VALIDATION
#endif
class QFile;
class QNetworkConfiguration;
class QNetworkConfigurationManager;
@ -399,6 +403,8 @@ namespace BitTorrent
void setUtpMixedMode(MixedModeAlgorithm mode);
bool multiConnectionsPerIpEnabled() const;
void setMultiConnectionsPerIpEnabled(bool enabled);
bool validateHTTPSTrackerCertificate() const;
void setValidateHTTPSTrackerCertificate(bool enabled);
bool isTrackerFilteringEnabled() const;
void setTrackerFilteringEnabled(bool enabled);
QStringList bannedIPs() const;
@ -660,6 +666,7 @@ namespace BitTorrent
CachedSettingValue<bool> m_isUTPRateLimited;
CachedSettingValue<MixedModeAlgorithm> m_utpMixedMode;
CachedSettingValue<bool> m_multiConnectionsPerIpEnabled;
CachedSettingValue<bool> m_validateHTTPSTrackerCertificate;
CachedSettingValue<bool> m_isAddTrackersEnabled;
CachedSettingValue<QString> m_additionalTrackers;
CachedSettingValue<qreal> m_globalMaxRatio;

View File

@ -105,6 +105,9 @@ enum AdvSettingsRows
OUTGOING_PORT_MAX,
UTP_MIX_MODE,
MULTI_CONNECTIONS_PER_IP,
#ifdef HAS_HTTPS_TRACKER_VALIDATION
VALIDATE_HTTPS_TRACKER_CERTIFICATE,
#endif
// embedded tracker
TRACKER_STATUS,
TRACKER_PORT,
@ -209,6 +212,10 @@ void AdvancedSettings::saveAdvancedSettings()
session->setUtpMixedMode(static_cast<BitTorrent::MixedModeAlgorithm>(m_comboBoxUtpMixedMode.currentIndex()));
// multiple connections per IP
session->setMultiConnectionsPerIpEnabled(m_checkBoxMultiConnectionsPerIp.isChecked());
#ifdef HAS_HTTPS_TRACKER_VALIDATION
// Validate HTTPS tracker certificate
session->setValidateHTTPSTrackerCertificate(m_checkBoxValidateHTTPSTrackerCertificate.isChecked());
#endif
// Recheck torrents on completion
pref->recheckTorrentsOnCompletion(m_checkBoxRecheckCompleted.isChecked());
// Transfer list refresh interval
@ -485,6 +492,13 @@ void AdvancedSettings::loadAdvancedSettings()
// multiple connections per IP
m_checkBoxMultiConnectionsPerIp.setChecked(session->multiConnectionsPerIpEnabled());
addRow(MULTI_CONNECTIONS_PER_IP, tr("Allow multiple connections from the same IP address"), &m_checkBoxMultiConnectionsPerIp);
#ifdef HAS_HTTPS_TRACKER_VALIDATION
// Validate HTTPS tracker certificate
m_checkBoxValidateHTTPSTrackerCertificate.setChecked(session->validateHTTPSTrackerCertificate());
addRow(VALIDATE_HTTPS_TRACKER_CERTIFICATE, (tr("Validate HTTPS tracker certificates")
+ ' ' + makeLink("https://www.libtorrent.org/reference-Settings.html#validate_https_trackers", "(?)"))
, &m_checkBoxValidateHTTPSTrackerCertificate);
#endif
// Recheck completed torrents
m_checkBoxRecheckCompleted.setChecked(pref->recheckTorrentsOnCompletion());
addRow(RECHECK_COMPLETED, tr("Recheck torrents on completion"), &m_checkBoxRecheckCompleted);

View File

@ -64,7 +64,7 @@ private:
QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts, m_checkBoxSuperSeeding,
m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus,
m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers,
m_checkBoxMultiConnectionsPerIp, m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxCoalesceRW, m_checkBoxSpeedWidgetEnabled;
m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxPieceExtentAffinity, m_checkBoxSuggestMode, m_checkBoxCoalesceRW, m_checkBoxSpeedWidgetEnabled;
QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm, m_comboBoxSeedChokingAlgorithm;
QLineEdit m_lineEditAnnounceIP;

View File

@ -300,6 +300,8 @@ void AppController::preferencesAction()
data["utp_tcp_mixed_mode"] = static_cast<int>(session->utpMixedMode());
// Multiple connections per IP
data["enable_multi_connections_from_same_ip"] = session->multiConnectionsPerIpEnabled();
// Validate HTTPS tracker certificate
data["validate_https_tracker_certificate"] = session->validateHTTPSTrackerCertificate();
// Embedded tracker
data["enable_embedded_tracker"] = session->isTrackerEnabled();
data["embedded_tracker_port"] = pref->getTrackerPort();
@ -723,6 +725,9 @@ void AppController::setPreferencesAction()
// Multiple connections per IP
if (hasKey("enable_multi_connections_from_same_ip"))
session->setMultiConnectionsPerIpEnabled(it.value().toBool());
// Validate HTTPS tracker certificate
if (hasKey("validate_https_tracker_certificate"))
session->setValidateHTTPSTrackerCertificate(it.value().toBool());
// Embedded tracker
if (hasKey("embedded_tracker_port"))
pref->setTrackerPort(it.value().toInt());

View File

@ -1018,6 +1018,14 @@
<input type="checkbox" id="allowMultipleConnectionsFromTheSameIPAddress" />
</td>
</tr>
<tr>
<td>
<label for="validateHTTPSTrackerCertificate">QBT_TR(Validate HTTPS tracker certificate:)QBT_TR[CONTEXT=OptionsDialog]&nbsp;<a href="https://www.libtorrent.org/reference-Settings.html#validate_https_trackers" target="_blank">(?)</a></label>
</td>
<td>
<input type="checkbox" id="validateHTTPSTrackerCertificate" />
</td>
</tr>
<tr>
<td>
<label for="enableEmbeddedTracker">QBT_TR(Enable embedded tracker:)QBT_TR[CONTEXT=OptionsDialog]</label>
@ -1777,6 +1785,7 @@
$('outgoingPortsMax').setProperty('value', pref.outgoing_ports_max);
$('utpTCPMixedModeAlgorithm').setProperty('value', pref.utp_tcp_mixed_mode);
$('allowMultipleConnectionsFromTheSameIPAddress').setProperty('checked', pref.enable_multi_connections_from_same_ip);
$('validateHTTPSTrackerCertificate').setProperty('checked', pref.validate_https_tracker_certificate);
$('enableEmbeddedTracker').setProperty('checked', pref.enable_embedded_tracker);
$('embeddedTrackerPort').setProperty('value', pref.embedded_tracker_port);
$('uploadSlotsBehavior').setProperty('value', pref.upload_slots_behavior);
@ -2145,6 +2154,7 @@
settings.set('outgoing_ports_max', $('outgoingPortsMax').getProperty('value'));
settings.set('utp_tcp_mixed_mode', $('utpTCPMixedModeAlgorithm').getProperty('value'));
settings.set('enable_multi_connections_from_same_ip', $('allowMultipleConnectionsFromTheSameIPAddress').getProperty('checked'));
settings.set('validate_https_tracker_certificate', $('validateHTTPSTrackerCertificate').getProperty('checked'));
settings.set('enable_embedded_tracker', $('enableEmbeddedTracker').getProperty('checked'));
settings.set('embedded_tracker_port', $('embeddedTrackerPort').getProperty('value'));
settings.set('upload_slots_behavior', $('uploadSlotsBehavior').getProperty('value'));