From 4d0b0521d67e7e692d7757de2a712ebad540d289 Mon Sep 17 00:00:00 2001
From: Ben Aaron Goldberg <ben@benaaron.dev>
Date: Sat, 21 Nov 2020 23:45:05 -0500
Subject: [PATCH] Include a workaround for a bug with rustls & webpki

---
 src/lib.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/lib.rs b/src/lib.rs
index b8e00d6..a014a8a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -17,6 +17,7 @@ use tokio::{
 };
 use tokio::net::TcpListener;
 use rustls::ClientCertVerifier;
+use rustls::internal::msgs::handshake::DigitallySignedStruct;
 use tokio_rustls::{rustls, TlsAcceptor};
 use rustls::*;
 use anyhow::*;
@@ -434,6 +435,8 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
         Some(false)
     }
 
+    // the below methods are a hack until webpki doesn't break with certain certs
+
     fn verify_client_cert(
         &self,
         _: &[Certificate],
@@ -441,6 +444,24 @@ impl ClientCertVerifier for AllowAnonOrSelfsignedClient {
     ) -> Result<ClientCertVerified, TLSError> {
         Ok(ClientCertVerified::assertion())
     }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
 }
 
 #[cfg(test)]