leyloe
July 24, 2024, 7:21am
1
i want this in rustls, right now its native-tls. like accepting a invalid certificate if a condition is met is needed
pub fn start_ssl(self, check_certificate: bool) -> RdpResult<Link<S>> {
let mut builder = TlsConnector::builder();
builder.danger_accept_invalid_certs(!check_certificate);
builder.use_sni(false);
let connector = builder.build()?;
if let Stream::Raw(stream) = self.stream {
return Ok(Link::new(Stream::Ssl(connector.connect("", stream)?)))
}
Err(Error::RdpError(RdpError::new(RdpErrorKind::NotImplemented, "start_ssl on ssl stream is forbidden")))
}
jjpe
July 24, 2024, 5:24pm
2
Without further context, I have to say that that sounds a lot like a backdoor. Suspiciously so, even.
So, could you explain what you want this for, exactly?
leyloe
July 24, 2024, 5:32pm
3
My understanding is that rustls
is not interested in ergonomically supporting this use case. You probably need a custom verifier. Here's how reqwest
does it, I believe.
native_tls
may be easier.
(Heads up: I'm not speaking from hands-on experience.)
jjpe:
Suspiciously so, even.
Nah, in certain fields you have to deal with invalid certs all the time. Private signers, expired certs, obsolete ciphers, etc.
2 Likes
leyloe
July 24, 2024, 6:13pm
5
i need async support aswell directly from the tls
system
Closed
October 22, 2024, 6:14pm
6
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.