Include a workaround for a bug with rustls & webpki

2020-11-21 23:45:05 -05:00 · 2020-11-21 23:45:05 -05:00 · 4d0b0521d6
parent 0ca71e46c9
commit 4d0b0521d6
1 changed files with 21 additions and 0 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@ -17,6 +17,7 @@ use tokio::{
 };
 use tokio::net::TcpListener;
 use rustls::ClientCertVerifier;
+use rustls::internal::msgs::handshake::DigitallySignedStruct;
 use tokio_rustls::{rustls, TlsAcceptor};
 use rustls::*;
 use anyhow::*;
@ -434,6 +435,8 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
        Some(false)
    }

+    // the below methods are a hack until webpki doesn't break with certain certs
+
    fn verify_client_cert(
        &self,
        _: &[Certificate],
@ -441,6 +444,24 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
    ) -> Result<ClientCertVerified, TLSError> {
        Ok(ClientCertVerified::assertion())
    }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
 }

 #[cfg(test)]