Add switch for insecure TLS

2026-05-28 04:34:57 -04:00 · 2017-12-18 12:17:32 +01:00 · 2017-12-18 12:17:32 +01:00 · 84fba6f5a1
commit 84fba6f5a1
parent 9241c592d0
3 changed files with 46 additions and 1 deletions
--- a/application/forms/Config/BackendForm.php
+++ b/application/forms/Config/BackendForm.php
@ -45,6 +45,14 @@ class BackendForm extends ConfigForm
                    'label'             => $this->translate('Graphite Web password'),
                    'description'       => $this->translate('The above user\'s password')
                ]
+            ],
+            [
+                'checkbox',
+                'graphite_insecure',
+                [
+                    'label'         => $this->translate('Connect insecurely'),
+                    'description'   => $this->translate('Check this to not verify the remote\'s TLS certificate')
+                ]
            ]
        ]);
    }
--- a/library/Graphite/Graphing/GraphingTrait.php
+++ b/library/Graphite/Graphing/GraphingTrait.php
@ -69,6 +69,7 @@ trait GraphingTrait
                (new GraphiteWebClient(Url::fromPath($graphite->url)))
                    ->setUser($graphite->user)
                    ->setPassword($graphite->password)
+                    ->setInsecure($graphite->insecure)
            );
        }

--- a/library/Graphite/Graphing/GraphiteWebClient.php
+++ b/library/Graphite/Graphing/GraphiteWebClient.php
@ -33,6 +33,13 @@ class GraphiteWebClient
     */
    protected $password;

+    /**
+     * Don't verify the remote's TLS certificate
+     *
+     * @var bool
+     */
+    protected $insecure = false;
+
    /**
     * HTTP client
     *
@ -74,7 +81,12 @@ class GraphiteWebClient
            ->getAbsoluteUrl();

        // TODO(ak): keep connections alive (TCP handshakes are a bit expensive and TLS handshakes are very expensive)
-        return (string) $this->httpClient->send(new Request($method, $url, $headers, $body))->getBody();
+        return (string) $this->httpClient->send(
+            new Request($method, $url, $headers, $body),
+            ['curl' => [
+                CURLOPT_SSL_VERIFYPEER => ! $this->insecure
+            ]]
+        )->getBody();
    }

    /**
@ -148,4 +160,28 @@ class GraphiteWebClient

        return $this;
    }
+
+    /**
+     * Get whether not to verify the remote's TLS certificate
+     *
+     * @return bool
+     */
+    public function getInsecure()
+    {
+        return $this->insecure;
+    }
+
+    /**
+     * Set whether not to verify the remote's TLS certificate
+     *
+     * @param bool $insecure
+     *
+     * @return $this
+     */
+    public function setInsecure($insecure = true)
+    {
+        $this->insecure = $insecure;
+
+        return $this;
+    }
 }