Include a workaround for a bug with rustls & webpki
This commit is contained in:
Ben Aaron Goldberg
parent
0ca71e46c9
commit
4d0b0521d6
GPG key ID:
68FAB2E2E6DFC98B
21
src/lib.rs
21
src/lib.rs
|
|
@ -17,6 +17,7 @@ use tokio::{
|
||||||
};
|
};
|
||||||
use tokio::net::TcpListener;
|
use tokio::net::TcpListener;
|
||||||
use rustls::ClientCertVerifier;
|
use rustls::ClientCertVerifier;
|
||||||
|
use rustls::internal::msgs::handshake::DigitallySignedStruct;
|
||||||
use tokio_rustls::{rustls, TlsAcceptor};
|
use tokio_rustls::{rustls, TlsAcceptor};
|
||||||
use rustls::*;
|
use rustls::*;
|
||||||
use anyhow::*;
|
use anyhow::*;
|
||||||
|
|
@ -434,6 +435,8 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
|
||||||
Some(false)
|
Some(false)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// the below methods are a hack until webpki doesn't break with certain certs
|
||||||
|
|
||||||
fn verify_client_cert(
|
fn verify_client_cert(
|
||||||
&self,
|
&self,
|
||||||
_: &[Certificate],
|
_: &[Certificate],
|
||||||
|
|
@ -441,6 +444,24 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
|
||||||
) -> Result<ClientCertVerified, TLSError> {
|
) -> Result<ClientCertVerified, TLSError> {
|
||||||
Ok(ClientCertVerified::assertion())
|
Ok(ClientCertVerified::assertion())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn verify_tls12_signature(
|
||||||
|
&self,
|
||||||
|
_message: &[u8],
|
||||||
|
_cert: &Certificate,
|
||||||
|
_dss: &DigitallySignedStruct,
|
||||||
|
) -> Result<HandshakeSignatureValid, TLSError> {
|
||||||
|
Ok(HandshakeSignatureValid::assertion())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn verify_tls13_signature(
|
||||||
|
&self,
|
||||||
|
_message: &[u8],
|
||||||
|
_cert: &Certificate,
|
||||||
|
_dss: &DigitallySignedStruct,
|
||||||
|
) -> Result<HandshakeSignatureValid, TLSError> {
|
||||||
|
Ok(HandshakeSignatureValid::assertion())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue