How do i accept invalid certs in rustls?

i want this in rustls, right now its native-tls. like accepting a invalid certificate if a condition is met is needed

pub fn start_ssl(self, check_certificate: bool) -> RdpResult<Link<S>> {
        let mut builder = TlsConnector::builder();
        builder.danger_accept_invalid_certs(!check_certificate);
        builder.use_sni(false);

        let connector = builder.build()?;

        if let Stream::Raw(stream) = self.stream {
            return Ok(Link::new(Stream::Ssl(connector.connect("", stream)?)))
        }
        Err(Error::RdpError(RdpError::new(RdpErrorKind::NotImplemented, "start_ssl on ssl stream is forbidden")))
   }

Without further context, I have to say that that sounds a lot like a backdoor. Suspiciously so, even.

So, could you explain what you want this for, exactly?

:skull::skull::skull::skull::skull::skull::skull::skull:
bro im implementing rdp, and that's how Microsoft wants it

My understanding is that rustls is not interested in ergonomically supporting this use case.[1] You probably need a custom verifier. Here's how reqwest does it, I believe.

native_tls may be easier.

(Heads up: I'm not speaking from hands-on experience.)

Nah, in certain fields you have to deal with invalid certs all the time. Private signers, expired certs, obsolete ciphers, etc.


  1. "no obsolete crypto", "no api to disable verification" ↩ī¸Ž

2 Likes

i need async support aswell directly from the tls

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.