From 8b90ce164c092b65969a70211a7bf78f868b2335 Mon Sep 17 00:00:00 2001
From: Adrian Cochrane <alcinnz@lavabit.com>
Date: Mon, 31 Oct 2022 20:59:14 +1300
Subject: [PATCH] Fix overly-strict certificate validation

---
 src/Network/URI/Fetch.hs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Network/URI/Fetch.hs b/src/Network/URI/Fetch.hs
index 912b9ab..d172200 100644
--- a/src/Network/URI/Fetch.hs
+++ b/src/Network/URI/Fetch.hs
@@ -148,7 +148,7 @@ newSession' appname = do
     (ietfLocale, unixLocale) <- rfc2616Locale
     credentialsMVar <- newMVar Nothing
 #ifdef WITH_HTTP_URI
-    let httpsSettings = (TLS.defaultParamsClient "example.com" "https") {
+    {- let httpsSettings = (TLS.defaultParamsClient "example.com" "https") {
         TLS.clientSupported = def { TLS.supportedCiphers = TLS.ciphersuite_default },
         TLS.clientHooks = def {
             TLS.onCertificateRequest = deliverCredentials credentialsMVar
@@ -160,10 +160,11 @@ newSession' appname = do
                 (\_ _ _ -> return TLS.ValidationCachePass)
                 (\_ _ _ -> return ())
         }
-    }
-    managerHTTP' <- HTTP.newManager $ TLS.mkManagerSettings (Conn.TLSSettings httpsSettings) Nothing
+    } -} -- FIXME: Be nice to support clientside certs... Those are far too strict!
+    managerHTTP' <- HTTP.newManager $ TLS.mkManagerSettings
+        (Conn.TLSSettingsSimple False False False) Nothing
     managerHTTPnovalidate' <- HTTP.newManager $ TLS.mkManagerSettings
-        (Conn.TLSSettings httpsSettingsNoValidate) Nothing 
+        (Conn.TLSSettingsSimple True False False) Nothing
 
     cookiesDir <- getXdgDirectory XdgData "nz.geek.adrian.hurl.cookies2"
     let cookiesPath' = cookiesDir </> appname
-- 
2.30.2