mirror of
				https://github.com/iv-org/invidious.git
				synced 2025-10-25 10:18:29 -05:00 
			
		
		
		
	Add openssl_ca_certs_file and openssl_ca_certs_dir config options
This commit is contained in:
		
							parent
							
								
									438467f69a
								
							
						
					
					
						commit
						a7ed302c35
					
				| @ -140,6 +140,28 @@ https_only: false | ||||
| ## | ||||
| #pool_size: 100 | ||||
| 
 | ||||
| ## | ||||
| ## File containing the Certificate Authorities, in the PEM format | ||||
| ## as expected by OpenSSL. For example, /etc/ssl1.1/certs.pem on Alpine. | ||||
| ## By default, Invidious by using Crystal standard library will use | ||||
| ## the default setting from the crystal binary it was compiled with. | ||||
| ## This option is incompatible with openssl_ca_certs_dir. | ||||
| ## | ||||
| ## Default: <none> | ||||
| ## | ||||
| #openssl_ca_certs_file: | ||||
| 
 | ||||
| ## | ||||
| ## Folder containing the Certificate Authorities, in the PEM format | ||||
| ## as expected by OpenSSL. For example, /etc/ssl/certs/ on Debian. | ||||
| ## By default, Invidious by using Crystal standard library will use | ||||
| ## the default setting from the crystal binary it was compiled with. | ||||
| ## This option is incompatible with openssl_ca_certs_file. | ||||
| ## | ||||
| ## Default: <none> | ||||
| ## | ||||
| #openssl_ca_certs_dir: | ||||
| 
 | ||||
| 
 | ||||
| ## | ||||
| ## Additional cookies to be sent when requesting the youtube API. | ||||
|  | ||||
| @ -126,6 +126,10 @@ class Config | ||||
|   property host_binding : String = "0.0.0.0" | ||||
|   # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) | ||||
|   property pool_size : Int32 = 100 | ||||
|   # CA certificates file for OpenSSL | ||||
|   property openssl_ca_certs_file : String? = nil | ||||
|   # CA certificates folder for OpenSSL | ||||
|   property openssl_ca_certs_dir : String? = nil | ||||
| 
 | ||||
|   # Use Innertube's transcripts API instead of timedtext for closed captions | ||||
|   property use_innertube_for_captions : Bool = false | ||||
| @ -232,6 +236,12 @@ class Config | ||||
|       end | ||||
|     end | ||||
| 
 | ||||
|     # We can only have openssl_ca_certs_file or openssl_ca_certs_dir, not both | ||||
|     if !(config.openssl_ca_certs_file.nil? || config.openssl_ca_certs_dir.nil?) | ||||
|       puts "Config: You can't have both openssl_ca_certs_file and openssl_ca_certs_folder." | ||||
|       exit(1) | ||||
|     end | ||||
| 
 | ||||
|     return config | ||||
|   end | ||||
| end | ||||
|  | ||||
| @ -35,7 +35,14 @@ struct YoutubeConnectionPool | ||||
|         response = yield conn | ||||
|       rescue ex | ||||
|         conn.close | ||||
|         conn = HTTP::Client.new(url) | ||||
| 
 | ||||
|         tls_context = OpenSSL::SSL::Context::Client.new | ||||
|         if CONFIG.openssl_ca_certs_dir != nil | ||||
|           tls_context.ca_certificates_path = CONFIG.openssl_ca_certs_dir.not_nil! | ||||
|         elsif CONFIG.openssl_ca_certs_file != nil | ||||
|           tls_context.ca_certificates = CONFIG.openssl_ca_certs_file.not_nil! | ||||
|         end | ||||
|         conn = HTTP::Client.new(url, tls: tls_context) | ||||
| 
 | ||||
|         conn.family = CONFIG.force_resolve | ||||
|         conn.family = Socket::Family::INET if conn.family == Socket::Family::UNSPEC | ||||
| @ -51,7 +58,13 @@ struct YoutubeConnectionPool | ||||
| 
 | ||||
|   private def build_pool | ||||
|     DB::Pool(HTTP::Client).new(initial_pool_size: 0, max_pool_size: capacity, max_idle_pool_size: capacity, checkout_timeout: timeout) do | ||||
|       conn = HTTP::Client.new(url) | ||||
|       tls_context = OpenSSL::SSL::Context::Client.new | ||||
|       if CONFIG.openssl_ca_certs_dir != nil | ||||
|         tls_context.ca_certificates_path = CONFIG.openssl_ca_certs_dir.not_nil! | ||||
|       elsif CONFIG.openssl_ca_certs_file != nil | ||||
|         tls_context.ca_certificates = CONFIG.openssl_ca_certs_file.not_nil! | ||||
|       end | ||||
|       conn = HTTP::Client.new(url, tls: tls_context) | ||||
|       conn.family = CONFIG.force_resolve | ||||
|       conn.family = Socket::Family::INET if conn.family == Socket::Family::UNSPEC | ||||
|       conn.before_request { |r| add_yt_headers(r) } if url.host == "www.youtube.com" | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user