added dangerous feature for accepting self signed certs #48
Conversation
|
I'd be pretty nervous about making this a compile-time option: It wouldn't be visible from code inspection alone whether this is set - you need to know the options you've built with, or testing. I can see the value in having this option, but I'm wary of this PR. In fact, I think your message is a great example why: People turn off certificate validation at the first sign of trouble. If you want to accept a self-signed certificate in an internal network, you probably know what the certificate should be, so add it to a RootCertStore and connect with verification on. |
|
While I agree with you in principal, it's not always that simple. If you are bringing a device online for a short period of time and need to enable TLS between 100k endpoints (using While this probably isn't a feature that will be widely used, it is something I see value in for various workflows. There are workarounds, but this is the most ergonomic in some scenarios. This PR won't make or break anything for me. |
|
I appreciate the contribution here, but I'm not really comfortable having something like this in the public API. A fork of rustls with |
|
Upon further consideration, I concur. Thanks for the discussion, love the |
The
constis already there and needs to be manually set for testing. Using a feature, we can avoid editing source and this could be passed along by projects usingrustlsas a dependency. Sometimes it is necessary to accept a self signed certificate (internal networks, ephemeral certificate creation, etc).