Include a workaround for a bug with rustls & webpki

This commit is contained in:
Ben Aaron Goldberg 2020-11-21 23:45:05 -05:00 committed by Emi Tatsuo
parent 0ca71e46c9
commit 4d0b0521d6
Signed by: Emi
GPG key ID: 68FAB2E2E6DFC98B

View file

@ -17,6 +17,7 @@ use tokio::{
};
use tokio::net::TcpListener;
use rustls::ClientCertVerifier;
use rustls::internal::msgs::handshake::DigitallySignedStruct;
use tokio_rustls::{rustls, TlsAcceptor};
use rustls::*;
use anyhow::*;
@ -434,6 +435,8 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
Some(false)
}
// the below methods are a hack until webpki doesn't break with certain certs
fn verify_client_cert(
&self,
_: &[Certificate],
@ -441,6 +444,24 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
) -> Result<ClientCertVerified, TLSError> {
Ok(ClientCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
_message: &[u8],
_cert: &Certificate,
_dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, TLSError> {
Ok(HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &Certificate,
_dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, TLSError> {
Ok(HandshakeSignatureValid::assertion())
}
}
#[cfg(test)]