From d8e47babf6ed19168c7f0992d322e690d83f869b Mon Sep 17 00:00:00 2001
From: Scott Schroeder <scottschroeder@users.noreply.github.com>
Date: Mon, 13 Aug 2018 15:08:02 -0700
Subject: [PATCH] change invalid cert api to match native-tls (#327)

---
 src/async_impl/client.rs | 42 ++++++++++++++--------------------------
 src/client.rs            | 42 ++++++++++++++--------------------------
 2 files changed, 30 insertions(+), 54 deletions(-)

diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs
index fbb19b6..28e1de7 100644
--- a/src/async_impl/client.rs
+++ b/src/async_impl/client.rs
@@ -141,7 +141,9 @@ impl ClientBuilder {
         self
     }
 
-    /// Disable hostname verification.
+    /// Controls the use of hostname verification.
+    ///
+    /// Defaults to `false`.
     ///
     /// # Warning
     ///
@@ -150,47 +152,33 @@ impl ClientBuilder {
     /// site will be trusted for use from any other. This introduces a
     /// significant vulnerability to man-in-the-middle attacks.
     #[inline]
-    pub fn danger_disable_hostname_verification(&mut self) -> &mut ClientBuilder {
-
+    pub fn danger_accept_invalid_hostnames(&mut self, accept_invalid_hostname: bool) -> &mut ClientBuilder {
         if let Some(config) = config_mut(&mut self.config, &self.err) {
-            config.hostname_verification = false;
+            config.hostname_verification = !accept_invalid_hostname;
         }
         self
     }
 
-    /// Enable hostname verification.
-    #[inline]
-    pub fn enable_hostname_verification(&mut self) -> &mut ClientBuilder {
-        if let Some(config) = config_mut(&mut self.config, &self.err) {
-            config.hostname_verification = true;
-        }
-        self
-    }
 
-    /// Disable certs verification.
+    /// Controls the use of certificate validation.
+    ///
+    /// Defaults to `false`.
     ///
     /// # Warning
     ///
-    /// You should think very carefully before you use this method. If
-    /// hostname verification is not used, any valid certificate for any
-    /// site will be trusted for use from any other. This introduces a
-    /// significant vulnerability to man-in-the-middle attacks.
+    /// You should think very carefully before using this method. If
+    /// invalid certificates are trusted, *any* certificate for *any* site
+    /// will be trusted for use. This includes expired certificates. This
+    /// introduces significant vulnerabilities, and should only be used
+    /// as a last resort.
     #[inline]
-    pub fn danger_disable_certs_verification(&mut self) -> &mut ClientBuilder {
+    pub fn danger_accept_invalid_certs(&mut self, accept_invalid_certs: bool) -> &mut ClientBuilder {
         if let Some(config) = config_mut(&mut self.config, &self.err) {
-            config.certs_verification = false;
+            config.certs_verification = !accept_invalid_certs;
         }
         self
     }
 
-    /// Enable certs verification.
-    #[inline]
-    pub fn enable_certs_verification(&mut self) -> &mut ClientBuilder {
-        if let Some(config) = config_mut(&mut self.config, &self.err) {
-            config.certs_verification = true;
-        }
-        self
-    }
 
     /// Sets the default headers for every request.
     #[inline]
diff --git a/src/client.rs b/src/client.rs
index 07951fb..abbdf31 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -144,7 +144,9 @@ impl ClientBuilder {
     }
 
 
-    /// Disable hostname verification.
+    /// Controls the use of hostname verification.
+    ///
+    /// Defaults to `false`.
     ///
     /// # Warning
     ///
@@ -153,40 +155,26 @@ impl ClientBuilder {
     /// site will be trusted for use from any other. This introduces a
     /// significant vulnerability to man-in-the-middle attacks.
     #[inline]
-    pub fn danger_disable_hostname_verification(&mut self) -> &mut ClientBuilder {
-        self.inner.danger_disable_hostname_verification();
+    pub fn danger_accept_invalid_hostnames(&mut self, accept_invalid_hostname: bool) -> &mut ClientBuilder {
+        self.inner.danger_accept_invalid_hostnames(accept_invalid_hostname);
         self
     }
 
-    /// Enable hostname verification.
+
+    /// Controls the use of certificate validation.
     ///
-    /// Default is enabled.
-    #[inline]
-    pub fn enable_hostname_verification(&mut self) -> &mut ClientBuilder {
-        self.inner.enable_hostname_verification();
-        self
-    }
-
-     /// Disable certs verification.
+    /// Defaults to `false`.
     ///
     /// # Warning
     ///
-    /// You should think very carefully before you use this method. If
-    /// hostname verification is not used, any valid certificate for any
-    /// site will be trusted for use from any other. This introduces a
-    /// significant vulnerability to man-in-the-middle attacks.
+    /// You should think very carefully before using this method. If
+    /// invalid certificates are trusted, *any* certificate for *any* site
+    /// will be trusted for use. This includes expired certificates. This
+    /// introduces significant vulnerabilities, and should only be used
+    /// as a last resort.
     #[inline]
-    pub fn danger_disable_certs_verification(&mut self) -> &mut ClientBuilder {
-        self.inner.danger_disable_certs_verification();
-        self
-    }
-
-    /// Enable certs verification.
-    ///
-    /// Default is enabled.
-    #[inline]
-    pub fn enable_certs_verification(&mut self) -> &mut ClientBuilder {
-        self.inner.enable_certs_verification();
+    pub fn danger_accept_invalid_certs(&mut self, accept_invalid_certs: bool) -> &mut ClientBuilder {
+        self.inner.danger_accept_invalid_certs(accept_invalid_certs);
         self
     }