Modifying underlying TLS connection on grpc client #103
Description
In development mode, we are using self-signed certs that fail verification.
let http = httpbis::client_conf::ClientConf::new();
let conf = grpc::ClientConf { http: http };
let client = MyGrpcClient::new_tls::<TlsConnector>("localhost", 50051, conf)
.unwrap();This results in getting the builder for TlsConnector in https://github.com/stepancheg/rust-http2/blob/master/src/client.rs#L95, which is then built to the default options from https://github.com/stepancheg/rust-tls-api/blob/master/impl-openssl/src/lib.rs#L169. As far as I can tell, this is all out of the control of the caller.
I currentl have a forked version for development that sets no-verify on the builder:
fn builder() -> Result<TlsConnectorBuilder> {
openssl::ssl::SslConnectorBuilder::new(openssl::ssl::SslMethod::tls())
.map(|mut builder| {
builder.builder_mut().set_verify(
openssl::ssl::SslVerifyMode::empty(),
);
builder
})
.map(TlsConnectorBuilder)
.map_err(Error::new)
}Ideally I wouldn't have a forked version for this, of course. I tried to create my own struct wrapping TlsConnector and passing that in for creating the grpc client, but that failed because there was a type mismatch between because of the Builder constraint in TlsConnector:
type Builder: TlsConnectorBuilder<Connector = Self>Is there someway to modify the underlying tls connection to set no-verify? Or do I need to create not only a struct wrapping TlsConnector, but one also wrapping TlsConnectorBuilder to satisfy the Builder constraint?