Add option to allow connections with invalid ssl certificates #56
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
scottschroeder
commented
Sep 3, 2017
Cargo.toml
Outdated
| security-framework = { version = "0.1.15", features = ["OSX_10_8" ]} | ||
| security-framework-sys = "0.1.15" | ||
| security-framework = { git = "https://github.com/scottschroeder/rust-security-framework", branch = "noverify", features = ["OSX_10_8" ]} | ||
| security-framework-sys = { git = "https://github.com/scottschroeder/rust-security-framework", branch = "noverify" } |
There was a problem hiding this comment.
This PR is blocked on updates to the security-framework crate, I'll update the Cargo.toml if/when a new crate gets published there.
|
I noticed that kornelski/rust-security-framework#46 is merged. Can this be merged now or is there a wait for sfackler/rust-security-framework to cut a new release? |
|
Yeah, waiting on a new crate to get published. Then I'll update this PR to reflect the new version. |
|
Will this ever go in ? :( Thanks scott btw! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DON'T MERGE, blocked on kornelski/rust-security-framework#46
Motivation
I know this is just... wrong, and everyone should be using letsencrypt, or adding their self-signed cert as a trusted root. Allowing invalid SSL connections is still a "feature" that rust doesn't have, and I'd like to fix that.
Also, this should put #13 to bed.
Changes
Interface
Added
danger_disable_certificate_validation_entirely()to theTlsConnectorBuilder, along with a strongly worded doc-string about fire and brimstone. Please let me know if this needs to be more obnoxious.OpenSSL
Set the provided
SSL_VERIFY_NONEflag.Schannel
Register a validation callback which will validate any certificate.
security-framework
Set a flag in the
ClientBuilderto accept invalid certificates. This is blocked on updates to thesecurity-frameworkcrate.Testing
Built a project using
rust-native-tls, and made connections to:Verified that each url goes from failure to success by setting
danger_disable_certificate_validation_entirely(). This was done on a linux, mac, and windows workstation.