feat: add ability to skip TLS peer verification (#399)

This PR adds in a new configuration option allowing users to disable
peer verification in TLS handshake.

Additionally, it implements two new contract test capabilities to verify
this behavior (`tls:verify-peer` and `tls:skip-verify-peer`.)

Because the functionality was added to the sse library and the shared
asio requester, both the server and client gain this functionality.
This PR comes with bindings for both along with the contract test
implementations.

---------

Co-authored-by: Matthew M. Keeler <[email protected]>

Author: cwaldren-ld

.github/workflows/client.yml

@@ -29,7 +29,7 @@ jobs:
           run_tests: false
       - name: 'Launch test service as background task'
         run: $TEST_SERVICE_BINARY $TEST_SERVICE_PORT 2>&1 &
-      - uses: launchdarkly/gh-actions/actions/[email protected].0
+      - uses: launchdarkly/gh-actions/actions/[email protected].2
         with:
           # Inform the test harness of test service's port.
           test_service_port: ${{ env.TEST_SERVICE_PORT }}

.github/workflows/server.yml

@@ -28,7 +28,7 @@ jobs:
           run_tests: false
       - name: 'Launch test service as background task'
         run: $TEST_SERVICE_BINARY $TEST_SERVICE_PORT 2>&1 &
-      - uses: launchdarkly/gh-actions/actions/[email protected].0
+      - uses: launchdarkly/gh-actions/actions/[email protected].2
         with:
           # Inform the test harness of test service's port.
           test_service_port: ${{ env.TEST_SERVICE_PORT }}

contract-tests/client-contract-tests/src/entity_manager.cpp

@@ -129,6 +129,14 @@ std::optional<std::string> EntityManager::create(ConfigParams const& in) {
         }
     }
 
+    if (in.tls) {
+        auto builder = TlsBuilder();
+        if (in.tls->skipVerifyPeer) {
+            builder.SkipVerifyPeer(*in.tls->skipVerifyPeer);
+        }
+        config_builder.HttpProperties().Tls(std::move(builder));
+    }
+
     auto config = config_builder.Build();
     if (!config) {
         LD_LOG(logger_, LogLevel::kWarn)

contract-tests/client-contract-tests/src/main.cpp

@@ -21,7 +21,7 @@ int main(int argc, char* argv[]) {
     launchdarkly::Logger logger{
         std::make_unique<ConsoleBackend>("client-contract-tests")};
 
-    const std::string default_port = "8123";
+    std::string const default_port = "8123";
     std::string port = default_port;
     if (argc == 2) {
         port =
@@ -43,6 +43,8 @@ int main(int argc, char* argv[]) {
         srv.add_capability("client-independence");
         srv.add_capability("inline-context");
         srv.add_capability("anonymous-redaction");
+        srv.add_capability("tls:verify-peer");
+        srv.add_capability("tls:skip-verify-peer");
 
         net::signal_set signals{ioc, SIGINT, SIGTERM};
 

contract-tests/data-model/include/data_model/data_model.hpp

@@ -29,6 +29,12 @@ struct adl_serializer<std::optional<T>> {
 };
 }  // namespace nlohmann
 
+struct ConfigTLSParams {
+    std::optional<bool> skipVerifyPeer;
+};
+NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE_WITH_DEFAULT(ConfigTLSParams,
+                                                skipVerifyPeer);
+
 struct ConfigStreamingParams {
     std::optional<std::string> baseUri;
     std::optional<uint32_t> initialRetryDelayMs;
@@ -98,6 +104,7 @@ struct ConfigParams {
     std::optional<ConfigServiceEndpointsParams> serviceEndpoints;
     std::optional<ConfigClientSideParams> clientSide;
     std::optional<ConfigTags> tags;
+    std::optional<ConfigTLSParams> tls;
 };
 NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE_WITH_DEFAULT(ConfigParams,
                                                 credential,
@@ -108,7 +115,8 @@ NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE_WITH_DEFAULT(ConfigParams,
                                                 events,
                                                 serviceEndpoints,
                                                 clientSide,
-                                                tags);
+                                                tags,
+                                                tls);
 
 struct ContextSingleParams {
     std::optional<std::string> kind;

contract-tests/server-contract-tests/src/entity_manager.cpp

@@ -120,6 +120,14 @@ std::optional<std::string> EntityManager::create(ConfigParams const& in) {
         }
     }
 
+    if (in.tls) {
+        auto builder = config::builders::TlsBuilder();
+        if (in.tls->skipVerifyPeer) {
+            builder.SkipVerifyPeer(*in.tls->skipVerifyPeer);
+        }
+        config_builder.HttpProperties().Tls(std::move(builder));
+    }
+
     auto config = config_builder.Build();
     if (!config) {
         LD_LOG(logger_, LogLevel::kWarn)

contract-tests/server-contract-tests/src/main.cpp

@@ -21,7 +21,7 @@ int main(int argc, char* argv[]) {
     launchdarkly::Logger logger{
         std::make_unique<ConsoleBackend>("server-contract-tests")};
 
-    const std::string default_port = "8123";
+    std::string const default_port = "8123";
     std::string port = default_port;
     if (argc == 2) {
         port =
@@ -42,6 +42,8 @@ int main(int argc, char* argv[]) {
         srv.add_capability("server-side-polling");
         srv.add_capability("inline-context");
         srv.add_capability("anonymous-redaction");
+        srv.add_capability("tls:verify-peer");
+        srv.add_capability("tls:skip-verify-peer");
 
         net::signal_set signals{ioc, SIGINT, SIGTERM};
 

libs/client-sdk/include/launchdarkly/client_side/bindings/c/config/builder.h

@@ -21,6 +21,8 @@ typedef struct _LDClientConfigBuilder* LDClientConfigBuilder;
 typedef struct _LDDataSourceStreamBuilder* LDDataSourceStreamBuilder;
 typedef struct _LDDataSourcePollBuilder* LDDataSourcePollBuilder;
 typedef struct _LDPersistenceCustomBuilder* LDPersistenceCustomBuilder;
+typedef struct _LDClientHttpPropertiesTlsBuilder*
+    LDClientHttpPropertiesTlsBuilder;
 
 typedef void (*SetFn)(char const* storage_namespace,
                       char const* key,
@@ -333,7 +335,6 @@ LD_EXPORT(void) LDDataSourceStreamBuilder_Free(LDDataSourceStreamBuilder b);
  *
  * @return New builder for Polling method.
  */
-
 LD_EXPORT(LDDataSourcePollBuilder)
 LDDataSourcePollBuilder_New();
 
@@ -390,6 +391,51 @@ LDClientConfigBuilder_HttpProperties_Header(LDClientConfigBuilder b,
                                             char const* key,
                                             char const* value);
 
+/**
+ * Sets the TLS options builder. The builder is consumed; do not free it.
+ * @param b Client config builder. Must not be NULL.
+ * @param tls_builder The TLS options builder. Must not be NULL.
+ */
+LD_EXPORT(void)
+LDClientConfigBuilder_HttpProperties_Tls(
+    LDClientConfigBuilder b,
+    LDClientHttpPropertiesTlsBuilder tls_builder);
+
+/**
+ * Creates a new TLS options builder for the HttpProperties builder.
+ *
+ * If not passed into the HttpProperties
+ * builder, must be manually freed with LDClientHttpPropertiesTlsBuilder_Free.
+ *
+ * @return New builder for TLS options.
+ */
+LD_EXPORT(LDClientHttpPropertiesTlsBuilder)
+LDClientHttpPropertiesTlsBuilder_New(void);
+
+/**
+ * Frees a TLS options builder. Do not call if the builder was consumed by
+ * the HttpProperties builder.
+ *
+ * @param b Builder to free.
+ */
+LD_EXPORT(void)
+LDClientHttpPropertiesTlsBuilder_Free(LDClientHttpPropertiesTlsBuilder b);
+
+/**
+ * Configures TLS peer certificate verification. Peer verification
+ * is enabled by default.
+ *
+ * Disabling peer verification is not recommended unless a specific
+ * use-case calls for it.
+ *
+ * @param b Client config builder. Must not be NULL.
+ * @param skip_verify_peer True to skip verification.
+ */
+LD_EXPORT(void)
+LDClientHttpPropertiesTlsBuilder_SkipVerifyPeer(
+    LDClientHttpPropertiesTlsBuilder b,
+    bool skip_verify_peer);
+
 /**
  * Disables the default SDK logging.
  * @param b Client config builder. Must not be NULL.

libs/client-sdk/src/bindings/c/builder.cpp

@@ -41,6 +41,11 @@ using namespace launchdarkly::client_side;
 #define FROM_CUSTOM_PERSISTENCE_BUILDER(ptr) \
     (reinterpret_cast<LDPersistenceCustomBuilder>(ptr))
 
+#define TO_TLS_BUILDER(ptr) (reinterpret_cast<TlsBuilder*>(ptr))
+
+#define FROM_TLS_BUILDER(ptr) \
+    (reinterpret_cast<LDClientHttpPropertiesTlsBuilder>(ptr))
+
 class PersistenceImplementationWrapper : public IPersistence {
    public:
     explicit PersistenceImplementationWrapper(LDPersistence impl)
@@ -306,6 +311,37 @@ LDClientConfigBuilder_HttpProperties_Header(LDClientConfigBuilder b,
     TO_BUILDER(b)->HttpProperties().Header(key, value);
 }
 
+LD_EXPORT(void)
+LDClientConfigBuilder_HttpProperties_Tls(
+    LDClientConfigBuilder b,
+    LDClientHttpPropertiesTlsBuilder tls_builder) {
+    LD_ASSERT_NOT_NULL(b);
+    LD_ASSERT_NOT_NULL(tls_builder);
+
+    TO_BUILDER(b)->HttpProperties().Tls(*TO_TLS_BUILDER(tls_builder));
+
+    LDClientHttpPropertiesTlsBuilder_Free(tls_builder);
+}
+
+LD_EXPORT(void)
+LDClientHttpPropertiesTlsBuilder_SkipVerifyPeer(
+    LDClientHttpPropertiesTlsBuilder b,
+    bool skip_verify_peer) {
+    LD_ASSERT_NOT_NULL(b);
+
+    TO_TLS_BUILDER(b)->SkipVerifyPeer(skip_verify_peer);
+}
+
+LD_EXPORT(LDClientHttpPropertiesTlsBuilder)
+LDClientHttpPropertiesTlsBuilder_New(void) {
+    return FROM_TLS_BUILDER(new TlsBuilder());
+}
+
+LD_EXPORT(void)
+LDClientHttpPropertiesTlsBuilder_Free(LDClientHttpPropertiesTlsBuilder b) {
+    delete TO_TLS_BUILDER(b);
+}
+
 LD_EXPORT(void)
 LDClientConfigBuilder_Logging_Disable(LDClientConfigBuilder b) {
     LD_ASSERT_NOT_NULL(b);

libs/client-sdk/src/data_sources/polling_data_source.cpp

@@ -74,7 +74,7 @@ PollingDataSource::PollingDataSource(
       status_manager_(status_manager),
       data_source_handler_(
           DataSourceEventHandler(context, handler, logger, status_manager_)),
-      requester_(ioc),
+      requester_(ioc, http_properties.Tls().PeerVerifyMode()),
       timer_(ioc),
       polling_interval_(
           std::get<
@@ -88,6 +88,10 @@ PollingDataSource::PollingDataSource(
     auto const& polling_config = std::get<
         config::shared::built::PollingConfig<config::shared::ClientSDK>>(
         data_source_config.method);
+    if (http_properties.Tls().PeerVerifyMode() ==
+        config::shared::built::TlsOptions::VerifyMode::kVerifyNone) {
+        LD_LOG(logger_, LogLevel::kDebug) << "TLS peer verification disabled";
+    }
     if (polling_interval_ < polling_config.min_polling_interval) {
         LD_LOG(logger_, LogLevel::kWarn)
             << "Polling interval too frequent, defaulting to "

libs/client-sdk/src/data_sources/streaming_data_source.cpp

@@ -127,6 +127,11 @@ void StreamingDataSource::Start() {
         client_builder.header(header.first, header.second);
     }
 
+    if (http_config_.Tls().PeerVerifyMode() ==
+        config::shared::built::TlsOptions::VerifyMode::kVerifyNone) {
+        client_builder.skip_verify_peer(true);
+    }
+
     auto weak_self = weak_from_this();
 
     client_builder.receiver([weak_self](launchdarkly::sse::Event const& event) {

libs/client-sdk/tests/client_config_test.cpp

@@ -65,14 +65,29 @@ TEST(ClientConfigBindings, AllConfigs) {
     LDDataSourceStreamBuilder_InitialReconnectDelayMs(stream_builder, 500);
     LDClientConfigBuilder_DataSource_MethodStream(builder, stream_builder);
 
+    LDDataSourceStreamBuilder stream_builder2 = LDDataSourceStreamBuilder_New();
+    LDDataSourceStreamBuilder_Free(stream_builder2);
+
     LDDataSourcePollBuilder poll_builder = LDDataSourcePollBuilder_New();
     LDDataSourcePollBuilder_IntervalS(poll_builder, 10);
     LDClientConfigBuilder_DataSource_MethodPoll(builder, poll_builder);
 
+    LDDataSourcePollBuilder poll_builder2 = LDDataSourcePollBuilder_New();
+    LDDataSourcePollBuilder_Free(poll_builder2);
+
     LDClientConfigBuilder_HttpProperties_Header(builder, "foo", "bar");
     LDClientConfigBuilder_HttpProperties_WrapperName(builder, "wrapper");
     LDClientConfigBuilder_HttpProperties_WrapperVersion(builder, "v1.2.3");
 
+    LDClientHttpPropertiesTlsBuilder tls_builder =
+        LDClientHttpPropertiesTlsBuilder_New();
+    LDClientHttpPropertiesTlsBuilder_SkipVerifyPeer(tls_builder, false);
+    LDClientConfigBuilder_HttpProperties_Tls(builder, tls_builder);
+
+    LDClientHttpPropertiesTlsBuilder tls_builder2 =
+        LDClientHttpPropertiesTlsBuilder_New();
+    LDClientHttpPropertiesTlsBuilder_Free(tls_builder2);
+
     LDClientConfigBuilder_Logging_Disable(builder);
 
     LDLoggingBasicBuilder log_builder = LDLoggingBasicBuilder_New();

libs/common/include/launchdarkly/config/client.hpp

@@ -22,6 +22,7 @@ using HttpPropertiesBuilder =
 using DataSourceBuilder = config::shared::builders::DataSourceBuilder<SDK>;
 using LoggingBuilder = config::shared::builders::LoggingBuilder;
 using PersistenceBuilder = config::shared::builders::PersistenceBuilder<SDK>;
+using TlsBuilder = config::shared::builders::TlsBuilder<SDK>;
 
 using Config = config::Config<SDK>;
 

libs/common/include/launchdarkly/config/shared/builders/http_properties_builder.hpp

@@ -10,6 +10,45 @@
 
 namespace launchdarkly::config::shared::builders {
 
+/**
+ * Class used for building TLS options used within HttpProperties.
+ * @tparam SDK The SDK type to build options for. This affects the default
+ * values of the built options.
+ */
+template <typename SDK>
+class TlsBuilder {
+   public:
+    /**
+     * Construct a new TlsBuilder. The builder will use the default
+     * properties based on the SDK type. Setting a property will override
+     * the default value.
+     */
+    TlsBuilder();
+
+    /**
+     * Create a TLS builder from an initial set of options.
+     * This can be useful when extending a set of options for a request.
+     *
+     * @param tls The TLS options to start with.
+     */
+    TlsBuilder(built::TlsOptions const& tls);
+
+    /**
+     * Whether to skip verifying the remote peer's certificates.
+     * @param skip_verify_peer True to skip verification, false to verify.
+     * @return A reference to this builder.
+     */
+    TlsBuilder& SkipVerifyPeer(bool skip_verify_peer);
+
+    /**
+     * Builds the TLS options.
+     * @return The built options.
+     */
+    [[nodiscard]] built::TlsOptions Build() const;
+
+   private:
+    enum built::TlsOptions::VerifyMode verify_mode_;
+};
 /**
  * Class used for building a set of HttpProperties.
  * @tparam SDK The SDK type to build properties for. This affects the default
@@ -116,6 +155,13 @@ class HttpPropertiesBuilder {
     HttpPropertiesBuilder& Header(std::string key,
                                   std::optional<std::string> value);
 
+    /**
+     * Sets the builder for TLS properties.
+     * @param builder The TLS property builder.
+     * @return A reference to this builder.
+     */
+    HttpPropertiesBuilder& Tls(TlsBuilder<SDK> builder);
+
     /**
      * Build a set of HttpProperties.
      * @return The built properties.
@@ -130,6 +176,7 @@ class HttpPropertiesBuilder {
     std::string wrapper_name_;
     std::string wrapper_version_;
     std::map<std::string, std::string> base_headers_;
+    TlsBuilder<SDK> tls_;
 };
 
 }  // namespace launchdarkly::config::shared::builders