commit 5b4ae3e0ee00e85ddcf08bce32cb88cd0c6024fb
parent 7ce0918e8e9867f7c8746c5d8147cda154312f32
Author: Florian Dold <florian@dold.me>
Date: Mon, 17 Mar 2025 12:58:06 +0100
skip TLS validation only if configured
All platforms we use anyway support a native HTTP client
Diffstat:
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/quickjs/quickjs-http.c b/quickjs/quickjs-http.c
@@ -241,10 +241,15 @@ create_impl(void *cls, struct JSHttpRequestInfo *req_info)
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, crs->errbuf);
- // FIXME: This is only a temporary hack until we have proper TLS CA support
- // on all platforms
+#ifdef QTART_INSECURE_SKIP_TLS_VERIFICATION
+ // This is only a temporary hack to use the libcurl HTTP client implementation
+ // on platforms (like iOS) where we can't easily access the root store.
+ // Outside of testing, such platforms should supply a native HTTP client
+ // implementation and not use the libcurl implementation compiled
+ // into qtart.
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+#endif
if (req_info->timeout_ms < 0) {
curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 0L);
