From 78941394dd35f00b52b5ee0c8f54f0630611afc2 Mon Sep 17 00:00:00 2001
From: KongQun Yang <kqyang@google.com>
Date: Wed, 22 Aug 2018 16:50:02 -0700
Subject: [PATCH] Add flag FLAGS_disable_peer_verification

To allow disable peer verification.

Issue #623.

Change-Id: I0781d10dea3ef6c92f0139aa1fa4949449c5da36
---
 packager/media/base/http_key_fetcher.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packager/media/base/http_key_fetcher.cc b/packager/media/base/http_key_fetcher.cc
index e2747873b5..4acb11d69e 100644
--- a/packager/media/base/http_key_fetcher.cc
+++ b/packager/media/base/http_key_fetcher.cc
@@ -7,12 +7,18 @@
 #include "packager/media/base/http_key_fetcher.h"
 
 #include <curl/curl.h>
+#include <gflags/gflags.h>
 
 #include "packager/base/logging.h"
 #include "packager/base/strings/string_number_conversions.h"
 #include "packager/base/strings/stringprintf.h"
 #include "packager/base/synchronization/lock.h"
 
+DEFINE_bool(disable_peer_verification,
+            false,
+            "Disable peer verification. This is needed to talk to servers "
+            "without valid certificates.");
+
 namespace shaka {
 
 namespace {
@@ -174,6 +180,9 @@ Status HttpKeyFetcher::FetchInternal(HttpMethod method,
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString);
   curl_easy_setopt(curl, CURLOPT_WRITEDATA, response);
 
+  if (FLAGS_disable_peer_verification)
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+
   if (!client_cert_private_key_file_.empty() && !client_cert_file_.empty()) {
     // Some PlayReady packaging servers only allow connects via HTTPS with
     // client certificates.