wip

algesten · Dec 3, 2023 · 22ae189 · 22ae189
1 parent b340700
commit 22ae189
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 234 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,7 +43,7 @@ serde_json = { version = ">=1.0.97", optional = true }
 encoding_rs = { version = "0.8", optional = true }
 cookie_store = { version = "0.20", optional = true, default-features = false, features = ["preserve_order"] }
 log = "0.4"
-webpki = { package = "rustls-webpki", version = "0.101", optional = true }
+webpki = { package = "rustls-webpki", version = "0.102", optional = true }
 webpki-roots = { version = "0.26", optional = true }
 rustls = { version = "0.22.0", optional = true }
 rustls-pki-types = { version = "1", optional = true }
@@ -57,8 +57,8 @@ http = { version = "1.0", optional = true }
 [dev-dependencies]
 serde = { version = "1", features = ["derive"] }
 env_logger = "0.10"
-rustls = { version = ">=0.21.6, <0.22", features = ["dangerous_configuration"] }
-rustls-pemfile = { version = "1.0" }
+rustls = { version = "0.22.0" }
+rustls-pemfile = { version = "2.0" }
 
 [[example]]
 name = "cureq"
@@ -67,7 +67,3 @@ required-features = ["charset", "cookies", "socks-proxy", "native-tls"]
 [[example]]
 name = "tls_config"
 required-features = ["tls", "native-tls"]
-
-[patch.crates-io]
-# TODO: Remove once 0.22 stablized.
-rustls = { git = "https://github.com/rustls/rustls", rev = "e5a2a2acf59150b82c5c5eeae18e5290b5539f25" }
diff --git a/examples/cureq/main.rs b/examples/cureq/main.rs
@@ -3,13 +3,11 @@ use std::fmt;
 use std::io;
 use std::thread;
 use std::time::Duration;
-use std::time::SystemTime;
 use std::{env, sync::Arc};
 
-use rustls::client::ServerCertVerified;
-use rustls::client::ServerCertVerifier;
-use rustls::ServerName;
-use rustls::{Certificate, ClientConfig};
+use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
+use rustls::ClientConfig;
+use rustls_pki_types::{CertificateDer, ServerName, UnixTime};
 use ureq;
 
 #[derive(Debug)]
@@ -96,20 +94,42 @@ fn perform(
     Ok(())
 }
 
+#[derive(Debug)]
 struct AcceptAll {}
 
 impl ServerCertVerifier for AcceptAll {
     fn verify_server_cert(
         &self,
-        _end_entity: &Certificate,
-        _intermediates: &[Certificate],
+        _end_entity: &CertificateDer,
+        _intermediates: &[CertificateDer],
         _server_name: &ServerName,
-        _scts: &mut dyn Iterator<Item = &[u8]>,
         _ocsp_response: &[u8],
-        _now: SystemTime,
+        _now: UnixTime,
     ) -> Result<ServerCertVerified, rustls::Error> {
         Ok(ServerCertVerified::assertion())
     }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &rustls::DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &rustls::DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+        todo!()
+    }
 }
 
 fn main() {
@@ -165,7 +185,7 @@ Fetch url and copy it to stdout.
             }
             "-k" => {
                 let client_config = ClientConfig::builder()
-                    .with_safe_defaults()
+                    .dangerous()
                     .with_custom_certificate_verifier(Arc::new(AcceptAll {}))
                     .with_no_client_auth();
                 builder = builder.tls_config(Arc::new(client_config));