Allow verification to be disabled in OpenSsl
This commit is contained in:
Steven Fackler
parent
b673d8a727
commit
99cab46f38
@ -43,7 +43,7 @@ hex = "0.2"
|
||||
log = "0.3"
|
||||
postgres-protocol = "0.2"
|
||||
|
||||
openssl = { version = "0.9", optional = true }
|
||||
openssl = { version = "0.9.2", optional = true }
|
||||
native-tls = { version = "0.1", optional = true }
|
||||
rustc-serialize = { version = "0.3", optional = true }
|
||||
schannel = { version = "0.1", optional = true }
|
||||
|
||||
@ -21,7 +21,10 @@ impl TlsStream for SslStream<Stream> {
|
||||
/// A `TlsHandshake` implementation that uses OpenSSL.
|
||||
///
|
||||
/// Requires the `with-openssl` feature.
|
||||
pub struct OpenSsl(SslConnector);
|
||||
pub struct OpenSsl {
|
||||
connector: SslConnector,
|
||||
disable_verification: bool,
|
||||
}
|
||||
|
||||
impl fmt::Debug for OpenSsl {
|
||||
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
|
||||
@ -33,23 +36,36 @@ impl OpenSsl {
|
||||
/// Creates a `OpenSsl` with `SslConnector`'s default configuration.
|
||||
pub fn new() -> Result<OpenSsl, ErrorStack> {
|
||||
let connector = try!(SslConnectorBuilder::new(SslMethod::tls())).build();
|
||||
Ok(OpenSsl(connector))
|
||||
Ok(OpenSsl::from(connector))
|
||||
}
|
||||
|
||||
/// Returns a reference to the inner `SslConnector`.
|
||||
pub fn connector(&self) -> &SslConnector {
|
||||
&self.0
|
||||
&self.connector
|
||||
}
|
||||
|
||||
/// Returns a mutable reference to the inner `SslConnector`.
|
||||
pub fn connector_mut(&mut self) -> &mut SslConnector {
|
||||
&mut self.0
|
||||
&mut self.connector
|
||||
}
|
||||
|
||||
/// If set, the
|
||||
/// `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
|
||||
/// method will be used to connect.
|
||||
///
|
||||
/// If certificate verification has been disabled in the `SslConnector`, verification must be
|
||||
/// additionally disabled here for that setting to take effect.
|
||||
pub fn danger_disable_hostname_verification(&mut self, disable_verification: bool) {
|
||||
self.disable_verification = disable_verification;
|
||||
}
|
||||
}
|
||||
|
||||
impl From<SslConnector> for OpenSsl {
|
||||
fn from(connector: SslConnector) -> OpenSsl {
|
||||
OpenSsl(connector)
|
||||
OpenSsl {
|
||||
connector: connector,
|
||||
disable_verification: false,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,7 +74,11 @@ impl TlsHandshake for OpenSsl {
|
||||
domain: &str,
|
||||
stream: Stream)
|
||||
-> Result<Box<TlsStream>, Box<Error + Send + Sync>> {
|
||||
let stream = try!(self.0.connect(domain, stream));
|
||||
let stream = if self.disable_verification {
|
||||
try!(self.connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(stream))
|
||||
} else {
|
||||
try!(self.connector.connect(domain, stream))
|
||||
};
|
||||
Ok(Box::new(stream))
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user