proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-08-09 11:55:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow disabling SSL strict mode for broken corporate proxies

Browse Source
This commit is contained in:
Richard Hughes 2019-09-05 12:13:35 +01:00
parent c4ee883ea4
commit 0e46b22728
5 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data/bash-completion/fwupdmgr.in
View File

@ -45,6 +45,7 @@ _fwupdmgr_opts=(
'--sign' '--sign'
'--filter' '--filter'
'--log' '--log'
'--disable-ssl-strict'
) )
_show_filters() _show_filters()

1
data/bash-completion/fwupdtool.in
View File

@ -34,6 +34,7 @@ _fwupdtool_opts=(
'--prepare' '--prepare'
'--cleanup' '--cleanup'
'--filter' '--filter'
'--disable-ssl-strict'
) )
_show_filters() _show_filters()

13
src/fu-tool.c
View File

@ -54,6 +54,7 @@ struct FuUtilPrivate {
gboolean enable_json_state; gboolean enable_json_state;
FwupdInstallFlags flags; FwupdInstallFlags flags;
gboolean show_all_devices; gboolean show_all_devices;
gboolean disable_ssl_strict;
/* only valid in update and downgrade */ /* only valid in update and downgrade */
FuUtilOperation current_operation; FuUtilOperation current_operation;
FwupdDevice *current_device; FwupdDevice *current_device;
@ -1418,6 +1419,9 @@ main (int argc, char *argv[])
{ "enable-json-state", '\0', 0, G_OPTION_ARG_NONE, &priv->enable_json_state, { "enable-json-state", '\0', 0, G_OPTION_ARG_NONE, &priv->enable_json_state,
/* TRANSLATORS: command line option */ /* TRANSLATORS: command line option */
_("Save device state into a JSON file between executions"), NULL }, _("Save device state into a JSON file between executions"), NULL },
{ "disable-ssl-strict", '\0', 0, G_OPTION_ARG_NONE, &priv->disable_ssl_strict,
/* TRANSLATORS: command line option */
_("Ignore SSL strict checks when downloading files"), NULL },
{ "filter", '\0', 0, G_OPTION_ARG_STRING, &filter, { "filter", '\0', 0, G_OPTION_ARG_STRING, &filter,
/* TRANSLATORS: command line option */ /* TRANSLATORS: command line option */
_("Filter with a set of device flags using a ~ prefix to " _("Filter with a set of device flags using a ~ prefix to "
@ -1594,6 +1598,15 @@ main (int argc, char *argv[])
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* allow disabling SSL strict mode for broken corporate proxies */
if (priv->disable_ssl_strict) {
/* TRANSLATORS: try to help */
g_printerr ("%s\n", _("WARNING: Ignoring SSL strict checks, "
"to do this automatically in the future "
"export DISABLE_SSL_STRICT in your environment"));
g_setenv ("DISABLE_SSL_STRICT", "1", TRUE);
}
/* parse filter flags */ /* parse filter flags */
if (filter != NULL) { if (filter != NULL) {
if (!fu_util_parse_filter_flags (filter, if (!fu_util_parse_filter_flags (filter,

4
src/fu-util-common.c
View File

@ -542,6 +542,10 @@ fu_util_setup_networking (GError **error)
return NULL; return NULL;
} }
/* relax the SSL checks for broken corporate proxies */
if (g_getenv ("DISABLE_SSL_STRICT") != NULL)
g_object_set (session, SOUP_SESSION_SSL_STRICT, FALSE, NULL);
/* set the proxy */ /* set the proxy */
http_proxy = g_getenv ("https_proxy"); http_proxy = g_getenv ("https_proxy");
if (http_proxy == NULL) if (http_proxy == NULL)

13
src/fu-util.c
View File

@ -57,6 +57,7 @@ struct FuUtilPrivate {
gboolean assume_yes; gboolean assume_yes;
gboolean sign; gboolean sign;
gboolean show_all_devices; gboolean show_all_devices;
gboolean disable_ssl_strict;
/* only valid in update and downgrade */ /* only valid in update and downgrade */
FuUtilOperation current_operation; FuUtilOperation current_operation;
FwupdDevice *current_device; FwupdDevice *current_device;
@ -2061,6 +2062,9 @@ main (int argc, char *argv[])
{ "show-all-devices", '\0', 0, G_OPTION_ARG_NONE, &priv->show_all_devices, { "show-all-devices", '\0', 0, G_OPTION_ARG_NONE, &priv->show_all_devices,
/* TRANSLATORS: command line option */ /* TRANSLATORS: command line option */
_("Show devices that are not updatable"), NULL }, _("Show devices that are not updatable"), NULL },
{ "disable-ssl-strict", '\0', 0, G_OPTION_ARG_NONE, &priv->disable_ssl_strict,
/* TRANSLATORS: command line option */
_("Ignore SSL strict checks when downloading files"), NULL },
{ "filter", '\0', 0, G_OPTION_ARG_STRING, &filter, { "filter", '\0', 0, G_OPTION_ARG_STRING, &filter,
/* TRANSLATORS: command line option */ /* TRANSLATORS: command line option */
_("Filter with a set of device flags using a ~ prefix to " _("Filter with a set of device flags using a ~ prefix to "
@ -2262,6 +2266,15 @@ main (int argc, char *argv[])
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* allow disabling SSL strict mode for broken corporate proxies */
if (priv->disable_ssl_strict) {
/* TRANSLATORS: try to help */
g_printerr ("%s\n", _("WARNING: Ignoring SSL strict checks, "
"to do this automatically in the future "
"export DISABLE_SSL_STRICT in your environment"));
g_setenv ("DISABLE_SSL_STRICT", "1", TRUE);
}
/* non-TTY consoles cannot answer questions */ /* non-TTY consoles cannot answer questions */
if (log != NULL || if (log != NULL ||
isatty (fileno (stdout)) == 0) { isatty (fileno (stdout)) == 0) {