Merge pull request #15 from briansmith/remove-danger

Remove `danger` feature & the API it controls.
This commit is contained in:
quininer 2017-08-30 00:56:09 -05:00 committed by GitHub
commit 6a8c6431a3
3 changed files with 4 additions and 49 deletions

View File

@ -14,9 +14,6 @@ categories = ["asynchronous", "cryptography", "network-programming"]
travis-ci = { repository = "quininer/tokio-rustls" } travis-ci = { repository = "quininer/tokio-rustls" }
appveyor = { repository = "quininer/tokio-rustls" } appveyor = { repository = "quininer/tokio-rustls" }
[features]
danger = [ "rustls/dangerous_configuration" ]
[dependencies] [dependencies]
futures = "0.1.15" futures = "0.1.15"
tokio-io = "0.1.3" tokio-io = "0.1.3"

View File

@ -22,11 +22,6 @@ pub trait ClientConfigExt {
fn connect_async<S>(&self, domain: &str, stream: S) fn connect_async<S>(&self, domain: &str, stream: S)
-> ConnectAsync<S> -> ConnectAsync<S>
where S: AsyncRead + AsyncWrite; where S: AsyncRead + AsyncWrite;
#[cfg(feature = "danger")]
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
-> ConnectAsync<S>
where S: AsyncRead + AsyncWrite;
} }
/// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate. /// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate.
@ -53,30 +48,6 @@ impl ClientConfigExt for Arc<ClientConfig> {
{ {
connect_async_with_session(stream, ClientSession::new(self, domain)) connect_async_with_session(stream, ClientSession::new(self, domain))
} }
#[cfg(feature = "danger")]
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
-> ConnectAsync<S>
where S: AsyncRead + AsyncWrite
{
use rustls::{ ServerCertVerifier, RootCertStore, Certificate, ServerCertVerified, TLSError };
struct NoCertVerifier;
impl ServerCertVerifier for NoCertVerifier {
fn verify_server_cert(&self, _: &RootCertStore, _: &[Certificate], _: &str, _: &[u8])
-> Result<ServerCertVerified, TLSError>
{
Ok(ServerCertVerified::assertion())
}
}
let mut client_config = ClientConfig::new();
client_config.clone_from(self);
client_config.dangerous()
.set_certificate_verifier(Arc::new(NoCertVerifier));
Arc::new(client_config).connect_async("", stream)
}
} }
#[inline] #[inline]

View File

@ -60,7 +60,7 @@ fn start_server(cert: Vec<Certificate>, rsa: PrivateKey) -> SocketAddr {
recv.recv().unwrap() recv.recv().unwrap()
} }
fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> { fn start_client(addr: &SocketAddr, domain: &str, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> {
let mut config = ClientConfig::new(); let mut config = ClientConfig::new();
if let Some(mut chain) = chain { if let Some(mut chain) = chain {
config.root_store.add_pem_file(&mut chain).unwrap(); config.root_store.add_pem_file(&mut chain).unwrap();
@ -72,17 +72,7 @@ fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader
#[allow(unreachable_code, unused_variables)] #[allow(unreachable_code, unused_variables)]
let done = TcpStream::connect(addr, &handle) let done = TcpStream::connect(addr, &handle)
.and_then(|stream| if let Some(domain) = domain { .and_then(|stream| config.connect_async(domain, stream))
config.connect_async(domain, stream)
} else {
#[cfg(feature = "danger")]
let c = config.danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication(stream);
#[cfg(not(feature = "danger"))]
let c = panic!();
c
})
.and_then(|stream| aio::write_all(stream, HELLO_WORLD)) .and_then(|stream| aio::write_all(stream, HELLO_WORLD))
.and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()])) .and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()]))
.and_then(|(_, buf)| { .and_then(|(_, buf)| {
@ -102,10 +92,7 @@ fn main() {
let addr = start_server(cert, keys.pop().unwrap()); let addr = start_server(cert, keys.pop().unwrap());
start_client(&addr, Some("localhost"), Some(chain)).unwrap(); start_client(&addr, "localhost", Some(chain)).unwrap();
#[cfg(feature = "danger")]
start_client(&addr, None, None).unwrap();
} }
#[should_panic] #[should_panic]
@ -117,5 +104,5 @@ fn fail() {
let addr = start_server(cert, keys.pop().unwrap()); let addr = start_server(cert, keys.pop().unwrap());
start_client(&addr, Some("google.com"), Some(chain)).unwrap(); start_client(&addr, "google.com", Some(chain)).unwrap();
} }