Comments (12)
i can't find ClientConfig::builder().with_custom_certificate_verifier()
You'll want to use ClientConfig::builder().dangerous() to access a DangerousClientConfigBuilder
and then with_custom_certificate_verifier().
This is mentioned in the release notes under:
Moved
...
DangerousClientConfig (client::danger)
...
Added
...
DangerousClientConfigBuilder (client::danger)
The tlsclient-mio.rs example in the repository uses a custom certificate verifier with flag_insecure
and has been updated to 0.22. I recommend using it as an example to reference.
from rustls.
i can't find ClientConfig::builder().with_custom_certificate_verifier()
You'll want to use ClientConfig::builder().dangerours() to access a
DangerousClientConfigBuilder
and then with_custom_certificate_verifier().This is mentioned in the release notes under:
Moved
...
DangerousClientConfig (client::danger)
...
Added
...
DangerousClientConfigBuilder (client::danger)The tlsclient-mio.rs example in the repository uses a custom certificate verifier with
flag_insecure
and has been updated to 0.22. I recommend using it as an example to reference.
Thank you for your reply. Let me take a look at these examples first
from rustls.
Thanks, this code really helped me in my upgrade in https://github.com/maplibre/martin/pull/1136/files -- I created an issue #1749 to improve upgrade documentation
from rustls.
Please provide the compiler error you ran into and/or a much smaller code sample.
from rustls.
Please provide the compiler error you ran into and/or a much smaller code sample.
Thank you for your reply,Sorry, I'm not very familiar with how to use the new version of Rustls。
you can check in my project
(this is use tokio-rustls = version= "0.24.0" and rustls = version = "0.21.0")
https://github.com/rbatis/rbatis/blob/master/rbdc/src/net/tls/rustls.rs
when update to
tokio-rustls = {version= "0.25.0", optional = true}
rustls = { version = "0.22.1", features = [], optional = true }
after my error is
error[E0432]: unresolved imports `rustls::client::ServerCertVerified`, `rustls::client::ServerCertVerifier`, `rustls::client::WebPkiVerifier`, `rustls::OwnedTrustAnchor`, `rustls::ServerName`
--> rbdc\src\net\tls\rustls.rs:3:14
|
3 | client::{ServerCertVerified, ServerCertVerifier, WebPkiVerifier},
| ^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ no `WebPkiVerifier` in `client`
| | |
| | no `ServerCertVerifier` in `client`
| no `ServerCertVerified` in `client`
4 | CertificateError, ClientConfig, Error as TlsError, OwnedTrustAnchor, RootCertStore, ServerName,
| ^^^^^^^^^^^^^^^^ ^^^^^^^^^^ no `ServerName` in the root
| |
| no `OwnedTrustAnchor` in the root
|
= help: consider importing this struct instead:
rustls::client::danger::ServerCertVerified
= help: consider importing this trait instead:
rustls::client::danger::ServerCertVerifier
= help: consider importing one of these items instead:
rustls::internal::msgs::handshake::ClientExtension::ServerName
rustls::pki_types::ServerName
and then i change code to
use rustls::client::danger::ServerCertVerified;
use rustls::client::danger::ServerCertVerifier;
use rustls::pki_types::ServerName;
this is also error of
error[E0432]: unresolved imports `rustls::client::WebPkiVerifier`, `rustls::OwnedTrustAnchor`, `rustls::ServerName`
--> rbdc\src\net\tls\rustls.rs:8:15
|
8 | client::{ WebPkiVerifier},
| ^^^^^^^^^^^^^^ no `WebPkiVerifier` in `client`
9 | CertificateError, ClientConfig, Error as TlsError, OwnedTrustAnchor, RootCertStore, ServerName,
| ^^^^^^^^^^^^^^^^ ^^^^^^^^^^ no `ServerName` in the root
| |
| no `OwnedTrustAnchor` in the root
|
= help: consider importing one of these items instead:
rustls::internal::msgs::handshake::ClientExtension::ServerName
rustls::pki_types::ServerName
from rustls.
Have you reviewed the 0.22 release notes? They are fairly detailed and will hopefully help you find replacements for each of the removed/renamed items that are causing you build errors.
no
OwnedTrustAnchor
in the root
For example, this item is covered in the release notes:
OwnedTrustAnchor - use rustls_pki_types::TrustAnchor instead, and replace from_subject_spki_name_constraints with direct assignment to the struct fields.
from rustls.
Have you reviewed the 0.22 release notes? They are fairly detailed and will hopefully help you find replacements for each of the removed/renamed items that are causing you build errors.
no
OwnedTrustAnchor
in the rootFor example, this item is covered in the release notes:
OwnedTrustAnchor - use rustls_pki_types::TrustAnchor instead, and replace from_subject_spki_name_constraints with direct assignment to the struct fields.
thank you,
i change the code It still reports an error
Updated code:
use crate::net::CertificateInput;
use rustls::client::danger::ServerCertVerified;
use rustls::client::danger::ServerCertVerifier;
use rustls::pki_types::ServerName;
use rustls::client::WebPkiServerVerifier as WebPkiVerifier;
use rustls::{CertificateError, ClientConfig, Error as TlsError, RootCertStore, };
use rustls_pki_types::TrustAnchor as OwnedTrustAnchor;
use rustls_pki_types::CertificateDer as Certificate;
use std::io::Cursor;
use std::sync::Arc;
use std::time::SystemTime;
use crate::Error;
pub async fn configure_tls_connector(
accept_invalid_certs: bool,
accept_invalid_hostnames: bool,
root_cert_path: Option<&CertificateInput>,
) -> Result<crate::rt::TlsConnector, Error> {
let config = ClientConfig::builder().with_safe_defaults();
let config = if accept_invalid_certs {
config
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
.with_no_client_auth()
} else {
let mut cert_store = RootCertStore::empty();
cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject.to_vec(),
ta.subject_public_key_info.to_vec(),
ta.name_constraints.clone().map(|v| v.to_vec()),
)
}));
if let Some(ca) = root_cert_path {
let data = ca.data().await?;
let mut cursor = Cursor::new(data);
for cert_result in rustls_pemfile::certs(&mut cursor)
{
let cert = cert_result.map_err(|_| Error::E(format!("Invalid certificate {}", ca)))?;
cert_store
.add(cert)
.map_err(|err| Error::E(err.to_string()))?;
}
}
if accept_invalid_hostnames {
let verifier = WebPkiVerifier::builder(Arc::new(cert_store))
.build()
.map_err(|e| crate::error::Error::E(e.to_string()))?;
config
.with_custom_certificate_verifier(Arc::new(NoHostnameTlsVerifier { verifier }))
.with_no_client_auth()
} else {
config
.with_root_certificates(cert_store)
.with_no_client_auth()
}
};
Ok(Arc::new(config).into())
}
#[derive(Debug)]
struct DummyTlsVerifier;
impl ServerCertVerifier for DummyTlsVerifier {
fn verify_server_cert(
&self,
_end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &ServerName,
_scts: &mut dyn Iterator<Item=&[u8]>,
_ocsp_response: &[u8],
_now: SystemTime,
) -> Result<ServerCertVerified, TlsError> {
Ok(ServerCertVerified::assertion())
}
}
#[derive(Debug)]
pub struct NoHostnameTlsVerifier {
verifier: WebPkiVerifier,
}
impl ServerCertVerifier for NoHostnameTlsVerifier {
fn verify_server_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
server_name: &ServerName,
scts: &mut dyn Iterator<Item=&[u8]>,
ocsp_response: &[u8],
now: SystemTime,
) -> Result<ServerCertVerified, TlsError> {
match self.verifier.verify_server_cert(
end_entity,
intermediates,
server_name,
scts,
ocsp_response,
now,
) {
Err(TlsError::InvalidCertificate(reason))
if reason == CertificateError::NotValidForName =>
{
Ok(ServerCertVerified::assertion())
}
res => res,
}
}
}
from rustls.
i change the code It still reports an error
What is the error? What have you tried to fix the error?
from rustls.
i change the code It still reports an error
What is the error? What have you tried to fix the error?
i can't find ClientConfig::builder().with_custom_certificate_verifier()
from rustls.
I'm going to close this issue to keep our tracker tidy but if you run into further issues we can continue the discussion.
from rustls.
I'm going to close this issue to keep our tracker tidy but if you run into further issues we can continue the discussion.
finally, i change the code success(It seems to have been compiled successfully). Do you have any suggestions or mistakes regarding my modified code?
see this code
https://github.com/rbatis/rbatis/blob/master/rbdc/src/net/tls/rustls.rs
from rustls.
finally, i change the code success(It seems to have been compiled successfully).
Great, glad to hear.
Do you have any suggestions or mistakes regarding my modified code?
Nope! Looks good to me :-)
from rustls.
Related Issues (20)
- Suggest registering for OpenSSF Best Practices badge HOT 7
- Pass ClientHello by reference to ResolvesServerCert HOT 2
- GHSA-6g7w-8wpp-frhj and CVE-2024-32650 don't make it clear that async rustls servers aren't susceptible HOT 2
- AWS LC fails against golang TLS server while ring works fine HOT 6
- Rustls w/ aws-lc-rs on Windows requires NASM HOT 33
- Making impl ClientHelloPayload public ? HOT 21
- Question. Does rustls have something to hide cert (as it is sensitive data ) in binary and memory HOT 3
- Verify that SigningKey matches public key within certificate HOT 6
- Ensuring that a provider based on the one built-in is used HOT 8
- Compile error when target is watchos HOT 6
- Expose ability to customize ClientHello message HOT 4
- How I use CryptoProvider::install_default() ? HOT 3
- Illegal instruction on arm-a72 HOT 3
- Add RustCrypto cryptographic backend HOT 5
- Build rustls v0.23.5 with musl HOT 2
- UnbufferedConnectionState HOT 2
- Unbuffered process_tls_records does not mach usage scenario HOT 2
- Clean up crate feature naming
- build failure due to aws-lc-sys v0.16.0 HOT 1
- `UnknownIssuer` with self-signed certificate HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.