From b0af278f780b8b6fb83dffbd43146537bac65dfb Mon Sep 17 00:00:00 2001
From: Jens Reimann <ctron@dentrassi.de>
Date: Thu, 29 Apr 2021 02:19:46 +0200
Subject: [PATCH] Implement "default" functions of the trait to fix "insecure"
 mode (#1259)

Ignoring validation seems broken as some default functions actually do
check. That is fine for the proper TLS validation, but gets in the way
when someone wants to skip TLS validation (e.g. for self-signed
certificates).

This change re-implements these default functions in a way that they
do not check, but return "success" all the time.

Fixes #1210
---
 src/tls.rs | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/tls.rs b/src/tls.rs
index d0c53fa..3c3696b 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -1,5 +1,8 @@
 #[cfg(feature = "__rustls")]
-use rustls::{RootCertStore, ServerCertVerified, ServerCertVerifier, TLSError};
+use rustls::{
+    internal::msgs::handshake::DigitallySignedStruct, HandshakeSignatureValid, RootCertStore,
+    ServerCertVerified, ServerCertVerifier, TLSError,
+};
 use std::fmt;
 #[cfg(feature = "__rustls")]
 use tokio_rustls::webpki::DNSNameRef;
@@ -323,6 +326,24 @@ impl ServerCertVerifier for NoVerifier {
     ) -> Result<ServerCertVerified, TLSError> {
         Ok(ServerCertVerified::assertion())
     }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &rustls::Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &rustls::Certificate,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, TLSError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
 }
 
 #[cfg(test)]