Implement "default" functions of the trait to fix "insecure" mode (#1259)

Ignoring validation seems broken as some default functions actually do check. That is fine for the proper TLS validation, but gets in the way when someone wants to skip TLS validation (e.g. for self-signed certificates). This change re-implements these default functions in a way that they do not check, but return "success" all the time. Fixes #1210
2021-04-29 02:19:46 +02:00
parent 8d3e27966c
commit b0af278f78
1 changed files with 22 additions and 1 deletions
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -1,5 +1,8 @@
 #[cfg(feature = "__rustls")]
-use rustls::{RootCertStore, ServerCertVerified, ServerCertVerifier, TLSError};
+use rustls::{
+    internal::msgs::handshake::DigitallySignedStruct, HandshakeSignatureValid, RootCertStore,
+    ServerCertVerified, ServerCertVerifier, TLSError,
+};
 use std::fmt;
 #[cfg(feature = "__rustls")]
 use tokio_rustls::webpki::DNSNameRef;
@@ -323,6 +326,24 @@ impl ServerCertVerifier for NoVerifier {
    ) -> Result<ServerCertVerified, TLSError> {
        Ok(ServerCertVerified::assertion())
    }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &rustls::Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &rustls::Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
 }

 #[cfg(test)]