Remove danger feature & the API it controls.

The singular purpose of this crate should be to integrate Tokio and
Rustls. Therefore, any feature that isn't about making Rustls work
nicely with Tokio should be assumed a priori to be out of scope.

In particular, it is out of scope for tokio-rustls to provide APIs to
control SNI behavior. Instead, the application should configure
Rustls's SNI behavior using Rustls's configuration APIs, and pass the
configuration to tokio-rustls. Similarly, it is out of scope for
tokio-rustls to provide APIs to control the certificate validation
behavior. Instead, the application should configure certificate
validation using Rustls's APIs. Perhaps there should be a crate that
makes it convenient to do "dangerous" certificate validation, but IMO
that shouldn't be tokio-rustls, but a different one.

FWIW, the `danger` API was inherited from tokio-tls, and I'm working on
making an analogous change there.
This commit is contained in:
Brian Smith 2017-08-28 18:40:16 -10:00
parent aefc023dd4
commit eccf90a534
3 changed files with 4 additions and 49 deletions

View File

@ -14,9 +14,6 @@ categories = ["asynchronous", "cryptography", "network-programming"]
travis-ci = { repository = "quininer/tokio-rustls" } travis-ci = { repository = "quininer/tokio-rustls" }
appveyor = { repository = "quininer/tokio-rustls" } appveyor = { repository = "quininer/tokio-rustls" }
[features]
danger = [ "rustls/dangerous_configuration" ]
[dependencies] [dependencies]
futures = "0.1" futures = "0.1"
tokio-io = "0.1" tokio-io = "0.1"

View File

@ -22,11 +22,6 @@ pub trait ClientConfigExt {
fn connect_async<S>(&self, domain: &str, stream: S) fn connect_async<S>(&self, domain: &str, stream: S)
-> ConnectAsync<S> -> ConnectAsync<S>
where S: AsyncRead + AsyncWrite; where S: AsyncRead + AsyncWrite;
#[cfg(feature = "danger")]
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
-> ConnectAsync<S>
where S: AsyncRead + AsyncWrite;
} }
/// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate. /// Extension trait for the `Arc<ServerConfig>` type in the `rustls` crate.
@ -53,30 +48,6 @@ impl ClientConfigExt for Arc<ClientConfig> {
{ {
connect_async_with_session(stream, ClientSession::new(self, domain)) connect_async_with_session(stream, ClientSession::new(self, domain))
} }
#[cfg(feature = "danger")]
fn danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(&self, stream: S)
-> ConnectAsync<S>
where S: AsyncRead + AsyncWrite
{
use rustls::{ ServerCertVerifier, RootCertStore, Certificate, ServerCertVerified, TLSError };
struct NoCertVerifier;
impl ServerCertVerifier for NoCertVerifier {
fn verify_server_cert(&self, _: &RootCertStore, _: &[Certificate], _: &str, _: &[u8])
-> Result<ServerCertVerified, TLSError>
{
Ok(ServerCertVerified::assertion())
}
}
let mut client_config = ClientConfig::new();
client_config.clone_from(self);
client_config.dangerous()
.set_certificate_verifier(Arc::new(NoCertVerifier));
Arc::new(client_config).connect_async("", stream)
}
} }
#[inline] #[inline]

View File

@ -60,7 +60,7 @@ fn start_server(cert: Vec<Certificate>, rsa: PrivateKey) -> SocketAddr {
recv.recv().unwrap() recv.recv().unwrap()
} }
fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> { fn start_client(addr: &SocketAddr, domain: &str, chain: Option<BufReader<Cursor<&str>>>) -> io::Result<()> {
let mut config = ClientConfig::new(); let mut config = ClientConfig::new();
if let Some(mut chain) = chain { if let Some(mut chain) = chain {
config.root_store.add_pem_file(&mut chain).unwrap(); config.root_store.add_pem_file(&mut chain).unwrap();
@ -72,17 +72,7 @@ fn start_client(addr: &SocketAddr, domain: Option<&str>, chain: Option<BufReader
#[allow(unreachable_code, unused_variables)] #[allow(unreachable_code, unused_variables)]
let done = TcpStream::connect(addr, &handle) let done = TcpStream::connect(addr, &handle)
.and_then(|stream| if let Some(domain) = domain { .and_then(|stream| config.connect_async(domain, stream))
config.connect_async(domain, stream)
} else {
#[cfg(feature = "danger")]
let c = config.danger_connect_async_without_providing_domain_for_certificate_verification_and_server_name_indication(stream);
#[cfg(not(feature = "danger"))]
let c = panic!();
c
})
.and_then(|stream| aio::write_all(stream, HELLO_WORLD)) .and_then(|stream| aio::write_all(stream, HELLO_WORLD))
.and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()])) .and_then(|(stream, _)| aio::read_exact(stream, vec![0; HELLO_WORLD.len()]))
.and_then(|(_, buf)| { .and_then(|(_, buf)| {
@ -102,10 +92,7 @@ fn main() {
let addr = start_server(cert, keys.pop().unwrap()); let addr = start_server(cert, keys.pop().unwrap());
start_client(&addr, Some("localhost"), Some(chain)).unwrap(); start_client(&addr, "localhost", Some(chain)).unwrap();
#[cfg(feature = "danger")]
start_client(&addr, None, None).unwrap();
} }
#[should_panic] #[should_panic]
@ -117,5 +104,5 @@ fn fail() {
let addr = start_server(cert, keys.pop().unwrap()); let addr = start_server(cert, keys.pop().unwrap());
start_client(&addr, Some("google.com"), Some(chain)).unwrap(); start_client(&addr, "google.com", Some(chain)).unwrap();
} }