From 492dcb182aeebc559cb0ae18ac5dba197862515b Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 11 Feb 2021 17:21:04 +0900
Subject: New option -insecure to use insecure SSL config options

Alias for `-o ssl_cipher=ALL:@SECLEVEL=0 -o ssl_min_version=all
-o ssl_forbid_method= -o ssl_verify_server=0`.
---
 main.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'main.c')

diff --git a/main.c b/main.c
index bbdf3c3..096ab09 100644
--- a/main.c
+++ b/main.c
@@ -247,6 +247,9 @@ fusage(FILE * f, int err)
     fprintf(f, "    -4               IPv4 only (-o dns_order=4)\n");
     fprintf(f, "    -6               IPv6 only (-o dns_order=6)\n");
 #endif
+#ifdef USE_SSL
+    fprintf(f, "    -insecure        use insecure SSL config options\n");
+#endif
 #ifdef USE_MOUSE
     fprintf(f, "    -no-mouse        don't use mouse\n");
 #endif				/* USE_MOUSE */
@@ -752,6 +755,18 @@ main(int argc, char **argv, char **envp)
 		displayTitleTerm = getenv("TERM");
 	    else if (!strncmp("-title=", argv[i], 7))
 		displayTitleTerm = argv[i] + 7;
+#ifdef USE_SSL
+	    else if (!strcmp("-insecure", argv[i])) {
+		set_param_option("ssl_cipher=ALL:@SECLEVEL=0");
+#ifdef SSL_CTX_set_min_proto_version
+		set_param_option("ssl_min_version=all");
+#endif
+		set_param_option("ssl_forbid_method=");
+#ifdef USE_SSL_VERIFY
+		set_param_option("ssl_verify_server=0");
+#endif
+	    }
+#endif				/* USE_SSL */
 	    else if (!strcmp("-o", argv[i]) ||
 		     !strcmp("-show-option", argv[i])) {
 		if (!strcmp("-show-option", argv[i]) || ++i >= argc ||
-- 
cgit v1.2.3