67 lines
1.9 KiB
Rust
67 lines
1.9 KiB
Rust
use std::sync::Arc;
|
|
use tokio_rustls::rustls::{
|
|
self,
|
|
client::danger::HandshakeSignatureValid,
|
|
crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider},
|
|
pki_types::{CertificateDer, ServerName, UnixTime},
|
|
DigitallySignedStruct,
|
|
};
|
|
|
|
/// mostly borrowed from rustls/examples/src/bin/tlsclient-mio.rs,
|
|
/// rustls seems quite insistent on making the process of disabling
|
|
/// certificate verification as obnoxious as possible...
|
|
|
|
#[derive(Debug)]
|
|
pub(crate) struct PhonyVerify(CryptoProvider);
|
|
|
|
impl PhonyVerify {
|
|
pub fn new(provider: CryptoProvider) -> Arc<Self> {
|
|
Arc::new(Self(provider))
|
|
}
|
|
}
|
|
|
|
impl rustls::client::danger::ServerCertVerifier for PhonyVerify {
|
|
fn verify_server_cert(
|
|
&self,
|
|
_end_entity: &CertificateDer<'_>,
|
|
_intermediates: &[CertificateDer<'_>],
|
|
_server_name: &ServerName<'_>,
|
|
_ocsp: &[u8],
|
|
_now: UnixTime,
|
|
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
|
|
Ok(rustls::client::danger::ServerCertVerified::assertion())
|
|
}
|
|
|
|
fn verify_tls12_signature(
|
|
&self,
|
|
message: &[u8],
|
|
cert: &CertificateDer<'_>,
|
|
dss: &DigitallySignedStruct,
|
|
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
|
verify_tls12_signature(
|
|
message,
|
|
cert,
|
|
dss,
|
|
&self.0.signature_verification_algorithms,
|
|
)
|
|
}
|
|
|
|
fn verify_tls13_signature(
|
|
&self,
|
|
message: &[u8],
|
|
cert: &CertificateDer<'_>,
|
|
dss: &DigitallySignedStruct,
|
|
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
|
verify_tls13_signature(
|
|
message,
|
|
cert,
|
|
dss,
|
|
&self.0.signature_verification_algorithms,
|
|
)
|
|
}
|
|
|
|
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
|
self.0.signature_verification_algorithms.supported_schemes()
|
|
}
|
|
}
|