diff --git a/runelite-client/src/main/java/net/runelite/client/RuneLite.java b/runelite-client/src/main/java/net/runelite/client/RuneLite.java index e9d79d1b5f..29d7fc32c0 100644 --- a/runelite-client/src/main/java/net/runelite/client/RuneLite.java +++ b/runelite-client/src/main/java/net/runelite/client/RuneLite.java @@ -34,10 +34,17 @@ import java.io.File; import java.lang.management.ManagementFactory; import java.lang.management.RuntimeMXBean; import java.nio.file.Paths; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; import java.util.Locale; import javax.annotation.Nullable; import javax.inject.Provider; import javax.inject.Singleton; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import javax.swing.SwingUtilities; import joptsimple.ArgumentAcceptingOptionSpec; import joptsimple.OptionParser; @@ -233,9 +240,16 @@ public class RuneLite } }); - final OkHttpClient okHttpClient = RuneLiteAPI.CLIENT.newBuilder() - .cache(new Cache(new File(CACHE_DIR, "okhttp"), MAX_OKHTTP_CACHE_SIZE)) - .build(); + OkHttpClient.Builder okHttpClientBuilder = RuneLiteAPI.CLIENT.newBuilder() + .cache(new Cache(new File(CACHE_DIR, "okhttp"), MAX_OKHTTP_CACHE_SIZE)); + + final boolean insecureSkipTlsVerification = options.has("insecure-skip-tls-verification"); + if (insecureSkipTlsVerification || RuneLiteProperties.isInsecureSkipTlsVerification()) + { + setupInsecureTrustManager(okHttpClientBuilder); + } + + final OkHttpClient okHttpClient = okHttpClientBuilder.build(); SplashScreen.init(); SplashScreen.stage(0, "Retrieving client", ""); @@ -433,4 +447,37 @@ public class RuneLite return null; } } + + private static void setupInsecureTrustManager(OkHttpClient.Builder okHttpClientBuilder) + { + try + { + X509TrustManager trustManager = new X509TrustManager() + { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + { + } + + @Override + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[0]; + } + }; + + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, new TrustManager[]{trustManager}, new SecureRandom()); + okHttpClientBuilder.sslSocketFactory(sc.getSocketFactory(), trustManager); + } + catch (NoSuchAlgorithmException | KeyManagementException ex) + { + log.warn("unable to setup insecure trust manager", ex); + } + } } diff --git a/runelite-client/src/main/java/net/runelite/client/RuneLiteProperties.java b/runelite-client/src/main/java/net/runelite/client/RuneLiteProperties.java index 83e30cbfc7..ab0911c1f4 100644 --- a/runelite-client/src/main/java/net/runelite/client/RuneLiteProperties.java +++ b/runelite-client/src/main/java/net/runelite/client/RuneLiteProperties.java @@ -41,6 +41,7 @@ public class RuneLiteProperties private static final String WIKI_LINK = "runelite.wiki.link"; private static final String PATREON_LINK = "runelite.patreon.link"; private static final String LAUNCHER_VERSION_PROPERTY = "runelite.launcher.version"; + private static final String INSECURE_SKIP_TLS_VERIFICATION_PROPERTY = "runelite.insecure-skip-tls-verification"; private static final String TROUBLESHOOTING_LINK = "runelite.wiki.troubleshooting.link"; private static final String BUILDING_LINK = "runelite.wiki.building.link"; private static final String DNS_CHANGE_LINK = "runelite.dnschange.link"; @@ -110,6 +111,11 @@ public class RuneLiteProperties return System.getProperty(LAUNCHER_VERSION_PROPERTY); } + public static boolean isInsecureSkipTlsVerification() + { + return Boolean.getBoolean(INSECURE_SKIP_TLS_VERIFICATION_PROPERTY); + } + public static String getTroubleshootingLink() { return properties.getProperty(TROUBLESHOOTING_LINK);