Merge pull request #15 from briansmith/remove-danger
Remove `danger` feature & the API it controls.
This commit is contained in:
commit
6a8c6431a3
@ -14,9 +14,6 @@ categories = ["asynchronous", "cryptography", "network-programming"]
|
|||||||
travis-ci = { repository = "quininer/tokio-rustls" }
|
travis-ci = { repository = "quininer/tokio-rustls" }
|
||||||
appveyor = { repository = "quininer/tokio-rustls" }
|
appveyor = { repository = "quininer/tokio-rustls" }
|
||||||
|
|
||||||
[features]
|
|
||||||
danger = [ "rustls/dangerous_configuration" ]
|
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
futures = "0.1.15"
|
futures = "0.1.15"
|
||||||
tokio-io = "0.1.3"
|
tokio-io = "0.1.3"
|
||||||
|
29
src/lib.rs
29
src/lib.rs
@ -22,11 +22,6 @@ pub trait ClientConfigExt {
|
|||||||
fn connect_async<S>(&self, domain: &str, stream: S)
|
fn connect_async<S>(&self, domain: &str, stream: S)
|
||||||
-> ConnectAsync<S>
|
-> ConnectAsync<S>
|
||||||
where S: AsyncRead + AsyncWrite;
|
where S: AsyncRead + AsyncWrite;
|
||||||
|
|
||||||
#[cfg(feature = "danger")]
|
|
||||||
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
|
|
||||||
-> ConnectAsync<S>
|
|
||||||
where S: AsyncRead + AsyncWrite;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate.
|
/// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate.
|
||||||
@ -53,30 +48,6 @@ impl ClientConfigExt for Arc<ClientConfig> {
|
|||||||
{
|
{
|
||||||
connect_async_with_session(stream, ClientSession::new(self, domain))
|
connect_async_with_session(stream, ClientSession::new(self, domain))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "danger")]
|
|
||||||
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
|
|
||||||
-> ConnectAsync<S>
|
|
||||||
where S: AsyncRead + AsyncWrite
|
|
||||||
{
|
|
||||||
use rustls::{ ServerCertVerifier, RootCertStore, Certificate, ServerCertVerified, TLSError };
|
|
||||||
|
|
||||||
struct NoCertVerifier;
|
|
||||||
impl ServerCertVerifier for NoCertVerifier {
|
|
||||||
fn verify_server_cert(&self, _: &RootCertStore, _: &[Certificate], _: &str, _: &[u8])
|
|
||||||
-> Result<ServerCertVerified, TLSError>
|
|
||||||
{
|
|
||||||
Ok(ServerCertVerified::assertion())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut client_config = ClientConfig::new();
|
|
||||||
client_config.clone_from(self);
|
|
||||||
client_config.dangerous()
|
|
||||||
.set_certificate_verifier(Arc::new(NoCertVerifier));
|
|
||||||
|
|
||||||
Arc::new(client_config).connect_async("", stream)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
|
@ -60,7 +60,7 @@ fn start_server(cert: Vec<Certificate>, rsa: PrivateKey) -> SocketAddr {
|
|||||||
recv.recv().unwrap()
|
recv.recv().unwrap()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> {
|
fn start_client(addr: &SocketAddr, domain: &str, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> {
|
||||||
let mut config = ClientConfig::new();
|
let mut config = ClientConfig::new();
|
||||||
if let Some(mut chain) = chain {
|
if let Some(mut chain) = chain {
|
||||||
config.root_store.add_pem_file(&mut chain).unwrap();
|
config.root_store.add_pem_file(&mut chain).unwrap();
|
||||||
@ -72,17 +72,7 @@ fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader
|
|||||||
|
|
||||||
#[allow(unreachable_code, unused_variables)]
|
#[allow(unreachable_code, unused_variables)]
|
||||||
let done = TcpStream::connect(addr, &handle)
|
let done = TcpStream::connect(addr, &handle)
|
||||||
.and_then(|stream| if let Some(domain) = domain {
|
.and_then(|stream| config.connect_async(domain, stream))
|
||||||
config.connect_async(domain, stream)
|
|
||||||
} else {
|
|
||||||
#[cfg(feature = "danger")]
|
|
||||||
let c = config.danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication(stream);
|
|
||||||
|
|
||||||
#[cfg(not(feature = "danger"))]
|
|
||||||
let c = panic!();
|
|
||||||
|
|
||||||
c
|
|
||||||
})
|
|
||||||
.and_then(|stream| aio::write_all(stream, HELLO_WORLD))
|
.and_then(|stream| aio::write_all(stream, HELLO_WORLD))
|
||||||
.and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()]))
|
.and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()]))
|
||||||
.and_then(|(_, buf)| {
|
.and_then(|(_, buf)| {
|
||||||
@ -102,10 +92,7 @@ fn main() {
|
|||||||
|
|
||||||
let addr = start_server(cert, keys.pop().unwrap());
|
let addr = start_server(cert, keys.pop().unwrap());
|
||||||
|
|
||||||
start_client(&addr, Some("localhost"), Some(chain)).unwrap();
|
start_client(&addr, "localhost", Some(chain)).unwrap();
|
||||||
|
|
||||||
#[cfg(feature = "danger")]
|
|
||||||
start_client(&addr, None, None).unwrap();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[should_panic]
|
#[should_panic]
|
||||||
@ -117,5 +104,5 @@ fn fail() {
|
|||||||
|
|
||||||
let addr = start_server(cert, keys.pop().unwrap());
|
let addr = start_server(cert, keys.pop().unwrap());
|
||||||
|
|
||||||
start_client(&addr, Some("google.com"), Some(chain)).unwrap();
|
start_client(&addr, "google.com", Some(chain)).unwrap();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user