luci-app-mosdns: Allows disabling TLS server certificate validation

luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua

@@ -104,6 +104,11 @@ o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")
 
+o = s:taboption("advanced", Flag, "insecure_skip_verify", translate("Disable TLS Certificate"), translate("Disable TLS Servers certificate validation, Can be useful if system CA certificate expires or the system time is out of order"))
+o.rmempty = false
+o.default = false
+o:depends("configfile", "/etc/mosdns/config.yaml")
+
 o = s:taboption("advanced", Value, "cache_size", translate("DNS Cache Size"))
 o.datatype = "and(uinteger,min(0))"
 o.default = "20000"

luci-app-mosdns/po/zh-cn/mosdns.po

@@ -160,6 +160,12 @@ msgstr "TCP/DoT 连接复用"
 msgid "Enable TCP/DoT RFC 7766 new Query Pipelining connection multiplexing mode"
 msgstr "启用 TCP/DoT RFC 7766 新型 Query Pipelining 连接复用模式"
 
+msgid "Disable TLS Certificate"
+msgstr "禁用 TLS 证书"
+
+msgid "Disable TLS Servers certificate validation, Can be useful if system CA certificate expires or the system time is out of order"
+msgstr "禁用 TLS 服务器证书验证，当系统 CA 证书过期或系统时间错乱时，本选项可能会有用"
+
 msgid "DNS Cache Size"
 msgstr "DNS 缓存大小（条）"
 

luci-app-mosdns/root/etc/init.d/mosdns

@@ -57,16 +57,18 @@ get_config() {
     config_get listen_port_api $1 listen_port_api 9091
     config_get concurrent $1 concurrent 1
     config_get max_conns $1 max_conns 2
+    config_get insecure_skip_verify $1 insecure_skip_verify 0
 }
 
 init_yaml() {
     TMPDIR=$(mktemp -d) || exit 1
     adlist=$($MOSDNS_SCRIPT ad)
     [ $enable_pipeline -eq 1 ] && enable_pipeline=true || enable_pipeline=false
+    [ $insecure_skip_verify -eq 1 ] && insecure_skip_verify=true || insecure_skip_verify=false
     [ "$custom_local_dns" -eq 1 ] && \
-    local_dns=$($MOSDNS_SCRIPT dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: %s\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n",s,$i,s,s,s}' s='        ') || \
+    local_dns=$($MOSDNS_SCRIPT dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: %s\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n%s  insecure_skip_verify: '${insecure_skip_verify}'\n",s,$i,s,s,s,s}' s='        ') || \
     local_dns=$($MOSDNS_SCRIPT dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: %s\n",s,$i,s}' s='        ')
-    remote_dns=$(echo $remote_dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: %s\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n",s,$i,s,s,s}' s='        ')
+    remote_dns=$(echo $remote_dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: %s\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n%s  insecure_skip_verify: '${insecure_skip_verify}'\n",s,$i,s,s,s,s}' s='        ')
     sed "s,log_level,$log_level,g;s,log_file,$log_file,g; \
     s,listen_port,$listen_port,g;s,cache_size,$cache_size,g; \
     s,cache_survival_time,$cache_survival_time,g; \