From d5d995904261fc8c2684bae700a552dc82219336 Mon Sep 17 00:00:00 2001
From: Raffaele Ragni <raffaele.ragni@virtualminds.com>
Date: Thu, 28 Sep 2023 14:36:56 +0200
Subject: [PATCH 1/3] allow to skip cert validation for internal test
 situations

---
 src/config.rs | 37 +++++++++++++++++++++++++++++++++----
 src/goose.rs  |  1 +
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 1fe194a1..67044276 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -195,6 +195,9 @@ pub struct GooseConfiguration {
     /// Follows base_url redirect with subsequent requests
     #[options(no_short)]
     pub sticky_follow: bool,
+    /// Allows to test internally when https validation is not required
+    #[options(no_short)]
+    pub accept_invalid_certs: bool,
 }
 
 /// Optionally defines a subset of active Scenarios to run during a load test.
@@ -332,6 +335,8 @@ pub(crate) struct GooseDefaults {
     pub websocket_host: Option<String>,
     /// An optional default for port WebSocket Controller listens on.
     pub websocket_port: Option<u16>,
+    /// Allow for internal testing when no certificates are available but still using https
+    pub accept_invalid_certs: Option<bool>,
 }
 
 /// Defines all [`GooseConfiguration`] options that can be programmatically configured with
@@ -432,6 +437,7 @@ pub enum GooseDefault {
     WebSocketHost,
     /// An optional default for port WebSocket Controller listens on.
     WebSocketPort,
+    AcceptInvalidCerts,
 }
 
 /// Most run-time options can be programmatically configured with custom defaults.
@@ -610,7 +616,8 @@ impl GooseDefaultType<&str> for GooseAttack {
             | GooseDefault::NoGzip
             | GooseDefault::NoStatusCodes
             | GooseDefault::StickyFollow
-            | GooseDefault::NoGranularData => {
+            | GooseDefault::NoGranularData
+            | GooseDefault::AcceptInvalidCerts => {
                 return Err(GooseError::InvalidOption {
                     option: format!("GooseDefault::{:?}", key),
                     value: value.to_string(),
@@ -701,7 +708,8 @@ impl GooseDefaultType<usize> for GooseAttack {
             | GooseDefault::NoGzip
             | GooseDefault::NoStatusCodes
             | GooseDefault::StickyFollow
-            | GooseDefault::NoGranularData => {
+            | GooseDefault::NoGranularData
+            | GooseDefault::AcceptInvalidCerts => {
                 return Err(GooseError::InvalidOption {
                     option: format!("GooseDefault::{:?}", key),
                     value: format!("{}", value),
@@ -757,6 +765,7 @@ impl GooseDefaultType<bool> for GooseAttack {
             GooseDefault::NoWebSocket => self.defaults.no_websocket = Some(value),
             GooseDefault::NoAutoStart => self.defaults.no_autostart = Some(value),
             GooseDefault::NoGzip => self.defaults.no_gzip = Some(value),
+            GooseDefault::AcceptInvalidCerts => self.defaults.accept_invalid_certs = Some(value),
             GooseDefault::NoStatusCodes => self.defaults.no_status_codes = Some(value),
             GooseDefault::StickyFollow => self.defaults.sticky_follow = Some(value),
             GooseDefault::NoGranularData => self.defaults.no_granular_report = Some(value),
@@ -856,7 +865,8 @@ impl GooseDefaultType<GooseCoordinatedOmissionMitigation> for GooseAttack {
             | GooseDefault::NoGzip
             | GooseDefault::NoStatusCodes
             | GooseDefault::StickyFollow
-            | GooseDefault::NoGranularData => {
+            | GooseDefault::NoGranularData
+            | GooseDefault::AcceptInvalidCerts  => {
                 return Err(GooseError::InvalidOption {
                     option: format!("GooseDefault::{:?}", key),
                     value: format!("{:?}", value),
@@ -956,7 +966,8 @@ impl GooseDefaultType<GooseLogFormat> for GooseAttack {
             | GooseDefault::NoGzip
             | GooseDefault::NoStatusCodes
             | GooseDefault::StickyFollow
-            | GooseDefault::NoGranularData => {
+            | GooseDefault::NoGranularData
+            | GooseDefault::AcceptInvalidCerts => {
                 return Err(GooseError::InvalidOption {
                     option: format!("GooseDefault::{:?}", key),
                     value: format!("{:?}", value),
@@ -1731,6 +1742,24 @@ impl GooseConfiguration {
             ])
             .unwrap_or(false);
 
+        // Configure `accept_invalid_certs`
+        self.accept_invalid_certs = self
+            .get_value(vec![
+                // Use --accept-invalid-certs if set.
+                GooseValue {
+                    value: Some(self.accept_invalid_certs),
+                    filter: !self.accept_invalid_certs,
+                    message: "accept_invalid_certs",
+                },
+                // Use GooseDefault if not already set and not Worker.
+                GooseValue {
+                    value: defaults.accept_invalid_certs,
+                    filter: defaults.accept_invalid_certs.is_none(),
+                    message: "accept_invalid_certs",
+                },
+            ])
+            .unwrap_or(false);
+
         self.co_mitigation = self.get_value(vec![
             // Use --co-mitigation if set.
             GooseValue {
diff --git a/src/goose.rs b/src/goose.rs
index 4030b68b..f5f18a86 100644
--- a/src/goose.rs
+++ b/src/goose.rs
@@ -2318,6 +2318,7 @@ pub(crate) fn create_reqwest_client(
         .timeout(Duration::from_millis(timeout))
         // Enable gzip unless `--no-gzip` flag is enabled.
         .gzip(!configuration.no_gzip)
+        .danger_accept_invalid_certs(configuration.accept_invalid_certs)
         .build()
 }
 

From 53798ca2511c9e6d384a58d2d81f6820ee82b0e7 Mon Sep 17 00:00:00 2001
From: Raffaele Ragni <raffaele.ragni@virtualminds.com>
Date: Thu, 28 Sep 2023 15:32:53 +0200
Subject: [PATCH 2/3] comments

---
 src/config.rs | 5 +++--
 src/goose.rs  | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 67044276..5a17186f 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -195,7 +195,7 @@ pub struct GooseConfiguration {
     /// Follows base_url redirect with subsequent requests
     #[options(no_short)]
     pub sticky_follow: bool,
-    /// Allows to test internally when https validation is not required
+    /// Disables validation of https certificates
     #[options(no_short)]
     pub accept_invalid_certs: bool,
 }
@@ -335,7 +335,7 @@ pub(crate) struct GooseDefaults {
     pub websocket_host: Option<String>,
     /// An optional default for port WebSocket Controller listens on.
     pub websocket_port: Option<u16>,
-    /// Allow for internal testing when no certificates are available but still using https
+    /// An optional default for not validating https certificates.
     pub accept_invalid_certs: Option<bool>,
 }
 
@@ -437,6 +437,7 @@ pub enum GooseDefault {
     WebSocketHost,
     /// An optional default for port WebSocket Controller listens on.
     WebSocketPort,
+    /// An optional default for not validating https certificates.
     AcceptInvalidCerts,
 }
 
diff --git a/src/goose.rs b/src/goose.rs
index f5f18a86..1b61037e 100644
--- a/src/goose.rs
+++ b/src/goose.rs
@@ -2318,6 +2318,7 @@ pub(crate) fn create_reqwest_client(
         .timeout(Duration::from_millis(timeout))
         // Enable gzip unless `--no-gzip` flag is enabled.
         .gzip(!configuration.no_gzip)
+        // Validate https certificates unless `--accept_invalid_certs` is enabled.
         .danger_accept_invalid_certs(configuration.accept_invalid_certs)
         .build()
 }

From 7a238d69a41e90eab751d48a40bad723eccf98b9 Mon Sep 17 00:00:00 2001
From: Raffaele Ragni <raffaele.ragni@virtualminds.com>
Date: Thu, 28 Sep 2023 15:37:44 +0200
Subject: [PATCH 3/3] match 1:1 the cli option

---
 src/goose.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goose.rs b/src/goose.rs
index 1b61037e..47bdd5a9 100644
--- a/src/goose.rs
+++ b/src/goose.rs
@@ -2318,7 +2318,7 @@ pub(crate) fn create_reqwest_client(
         .timeout(Duration::from_millis(timeout))
         // Enable gzip unless `--no-gzip` flag is enabled.
         .gzip(!configuration.no_gzip)
-        // Validate https certificates unless `--accept_invalid_certs` is enabled.
+        // Validate https certificates unless `--accept-invalid-certs` is enabled.
         .danger_accept_invalid_certs(configuration.accept_invalid_certs)
         .build()
 }