Add option to allow connections with invalid ssl certificates #56
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DON'T MERGE, blocked on kornelski/rust-security-framework#46
Motivation
I know this is just... wrong, and everyone should be using letsencrypt, or adding their self-signed cert as a trusted root. Allowing invalid SSL connections is still a "feature" that rust doesn't have, and I'd like to fix that.
Also, this should put #13 to bed.
Changes
Interface
Added
danger_disable_certificate_validation_entirely()
to theTlsConnectorBuilder
, along with a strongly worded doc-string about fire and brimstone. Please let me know if this needs to be more obnoxious.OpenSSL
Set the provided
SSL_VERIFY_NONE
flag.Schannel
Register a validation callback which will validate any certificate.
security-framework
Set a flag in the
ClientBuilder
to accept invalid certificates. This is blocked on updates to thesecurity-framework
crate.Testing
Built a project using
rust-native-tls
, and made connections to:Verified that each url goes from failure to success by setting
danger_disable_certificate_validation_entirely()
. This was done on a linux, mac, and windows workstation.