From 7ba142a9f221bb0756a1896f19a7ec476ce74584 Mon Sep 17 00:00:00 2001
From: deepend-tildeclub <deepend@tilde.club>
Date: Sat, 20 Jun 2026 19:07:19 -0600
Subject: [PATCH] Restore accept-invalid-cert TLS bypass behavior

---
 src/common/server.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/common/server.c b/src/common/server.c
index b25e39b0..06732922 100644
--- a/src/common/server.c
+++ b/src/common/server.c
@@ -540,6 +540,9 @@ ssl_cb_verify (int ok, X509_STORE_CTX * ctx)
 		g_snprintf (buf, sizeof (buf), "* Verify E: %s (%d)",
 					 X509_verify_cert_error_string (err), err);
 		EMIT_SIGNAL (XP_TE_SSLMESSAGE, g_sess, buf, NULL, NULL, NULL, 0);
+
+		if (g_sess && g_sess->server->accept_invalid_cert)
+			return 1;
 	}
 
 	return ok;
@@ -663,11 +666,15 @@ ssl_do_connect (server * serv)
 					g_snprintf (buf, sizeof (buf), "* Verify E: Failed to validate hostname (%d)",
 							 hostname_err);
 					EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0);
-					goto conn_fail;
+					if (!serv->accept_invalid_cert)
+						goto conn_fail;
 				}
 				break;
 			}
 		default:
+			if (serv->accept_invalid_cert)
+				break;
+
 			g_snprintf (buf, sizeof (buf), "%s.? (%d)",
 						 X509_verify_cert_error_string (verify_error),
 						 verify_error);