Feature: Option to allow untrusted HTTPS certificates for screenshots…

… & link checking (#204)
axllent · Nov 11, 2023 · 4c5b024 · 4c5b024
1 parent 7423625
commit 4c5b024
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 2 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -109,6 +109,8 @@ func init() {
 	rootCmd.Flags().StringVar(&config.WebhookURL, "webhook-url", config.WebhookURL, "Send a webhook request for new messages")
 	rootCmd.Flags().IntVar(&webhook.RateLimit, "webhook-limit", webhook.RateLimit, "Limit webhook requests per second")
 
+	rootCmd.Flags().BoolVar(&config.AllowUntrustedTLS, "allow-untrusted-tls", config.AllowUntrustedTLS, "Do not verify HTTPS certificates (link checker & screenshots)")
+
 	rootCmd.Flags().StringVarP(&config.SMTPCLITags, "tag", "t", config.SMTPCLITags, "Tag new messages matching filters")
 	rootCmd.Flags().BoolVarP(&logger.QuietLogging, "quiet", "q", logger.QuietLogging, "Quiet logging (errors only)")
 	rootCmd.Flags().BoolVarP(&logger.VerboseLogging, "verbose", "v", logger.VerboseLogging, "Verbose logging")
@@ -199,6 +201,9 @@ func initConfigFromEnv() {
 	if getEnabledFromEnv("MP_BLOCK_REMOTE_CSS_AND_FONTS") {
 		config.BlockRemoteCSSAndFonts = true
 	}
+	if getEnabledFromEnv("MP_ALLOW_UNTRUSTED_TLS") {
+		config.AllowUntrustedTLS = true
+	}
 	if getEnabledFromEnv("MP_QUIET") {
 		logger.QuietLogging = true
 	}

diff --git a/config/config.go b/config/config.go
@@ -101,6 +101,9 @@ var (
 	// ContentSecurityPolicy for HTTP server - set via VerifyConfig()
 	ContentSecurityPolicy string
 
+	// AllowUntrustedTLS allows untrusted HTTPS connections link checking & screenshot generation
+	AllowUntrustedTLS bool
+
 	// Version is the default application version, updated on release
 	Version = "dev"
 

diff --git a/internal/linkcheck/status.go b/internal/linkcheck/status.go
@@ -1,6 +1,7 @@
 package linkcheck
 
 import (
+	"crypto/tls"
 	"net/http"
 	"regexp"
 	"sync"
@@ -59,8 +60,15 @@ func doHead(link string, followRedirects bool) (int, error) {
 
 	timeout := time.Duration(10 * time.Second)
 
+	tr := &http.Transport{}
+
+	if config.AllowUntrustedTLS {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	client := http.Client{
-		Timeout: timeout,
+		Timeout:   timeout,
+		Transport: tr,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			if followRedirects {
 				return nil

diff --git a/server/handlers/proxy.go b/server/handlers/proxy.go
@@ -2,6 +2,7 @@
 package handlers
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net/http"
@@ -31,8 +32,15 @@ func ProxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	tr := &http.Transport{}
+
+	if config.AllowUntrustedTLS {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	client := &http.Client{
-		Timeout: 10 * time.Second,
+		Transport: tr,
+		Timeout:   10 * time.Second,
 	}
 
 	req, err := http.NewRequest("GET", uri, nil)