Comments (12)
i can't find ClientConfig::builder().with_custom_certificate_verifier()
You'll want to use ClientConfig::builder().dangerous() to access a DangerousClientConfigBuilder
and then with_custom_certificate_verifier().
This is mentioned in the release notes under:
Moved
...
DangerousClientConfig (client::danger)
...
Added
...
DangerousClientConfigBuilder (client::danger)
The tlsclient-mio.rs example in the repository uses a custom certificate verifier with flag_insecure
and has been updated to 0.22. I recommend using it as an example to reference.
from rustls.
i can't find ClientConfig::builder().with_custom_certificate_verifier()
You'll want to use ClientConfig::builder().dangerours() to access a
DangerousClientConfigBuilder
and then with_custom_certificate_verifier().This is mentioned in the release notes under:
Moved
...
DangerousClientConfig (client::danger)
...
Added
...
DangerousClientConfigBuilder (client::danger)The tlsclient-mio.rs example in the repository uses a custom certificate verifier with
flag_insecure
and has been updated to 0.22. I recommend using it as an example to reference.
Thank you for your reply. Let me take a look at these examples first
from rustls.
Thanks, this code really helped me in my upgrade in https://github.com/maplibre/martin/pull/1136/files -- I created an issue #1749 to improve upgrade documentation
from rustls.
Please provide the compiler error you ran into and/or a much smaller code sample.
from rustls.
Please provide the compiler error you ran into and/or a much smaller code sample.
Thank you for your reply,Sorry, I'm not very familiar with how to use the new version of Rustls。
you can check in my project
(this is use tokio-rustls = version= "0.24.0" and rustls = version = "0.21.0")
https://github.com/rbatis/rbatis/blob/master/rbdc/src/net/tls/rustls.rs
when update to
tokio-rustls = {version= "0.25.0", optional = true}
rustls = { version = "0.22.1", features = [], optional = true }
after my error is
error[E0432]: unresolved imports `rustls::client::ServerCertVerified`, `rustls::client::ServerCertVerifier`, `rustls::client::WebPkiVerifier`, `rustls::OwnedTrustAnchor`, `rustls::ServerName`
--> rbdc\src\net\tls\rustls.rs:3:14
|
3 | client::{ServerCertVerified, ServerCertVerifier, WebPkiVerifier},
| ^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ no `WebPkiVerifier` in `client`
| | |
| | no `ServerCertVerifier` in `client`
| no `ServerCertVerified` in `client`
4 | CertificateError, ClientConfig, Error as TlsError, OwnedTrustAnchor, RootCertStore, ServerName,
| ^^^^^^^^^^^^^^^^ ^^^^^^^^^^ no `ServerName` in the root
| |
| no `OwnedTrustAnchor` in the root
|
= help: consider importing this struct instead:
rustls::client::danger::ServerCertVerified
= help: consider importing this trait instead:
rustls::client::danger::ServerCertVerifier
= help: consider importing one of these items instead:
rustls::internal::msgs::handshake::ClientExtension::ServerName
rustls::pki_types::ServerName
and then i change code to
use rustls::client::danger::ServerCertVerified;
use rustls::client::danger::ServerCertVerifier;
use rustls::pki_types::ServerName;
this is also error of
error[E0432]: unresolved imports `rustls::client::WebPkiVerifier`, `rustls::OwnedTrustAnchor`, `rustls::ServerName`
--> rbdc\src\net\tls\rustls.rs:8:15
|
8 | client::{ WebPkiVerifier},
| ^^^^^^^^^^^^^^ no `WebPkiVerifier` in `client`
9 | CertificateError, ClientConfig, Error as TlsError, OwnedTrustAnchor, RootCertStore, ServerName,
| ^^^^^^^^^^^^^^^^ ^^^^^^^^^^ no `ServerName` in the root
| |
| no `OwnedTrustAnchor` in the root
|
= help: consider importing one of these items instead:
rustls::internal::msgs::handshake::ClientExtension::ServerName
rustls::pki_types::ServerName
from rustls.
Have you reviewed the 0.22 release notes? They are fairly detailed and will hopefully help you find replacements for each of the removed/renamed items that are causing you build errors.
no
OwnedTrustAnchor
in the root
For example, this item is covered in the release notes:
OwnedTrustAnchor - use rustls_pki_types::TrustAnchor instead, and replace from_subject_spki_name_constraints with direct assignment to the struct fields.
from rustls.
Have you reviewed the 0.22 release notes? They are fairly detailed and will hopefully help you find replacements for each of the removed/renamed items that are causing you build errors.
no
OwnedTrustAnchor
in the rootFor example, this item is covered in the release notes:
OwnedTrustAnchor - use rustls_pki_types::TrustAnchor instead, and replace from_subject_spki_name_constraints with direct assignment to the struct fields.
thank you,
i change the code It still reports an error
Updated code:
use crate::net::CertificateInput;
use rustls::client::danger::ServerCertVerified;
use rustls::client::danger::ServerCertVerifier;
use rustls::pki_types::ServerName;
use rustls::client::WebPkiServerVerifier as WebPkiVerifier;
use rustls::{CertificateError, ClientConfig, Error as TlsError, RootCertStore, };
use rustls_pki_types::TrustAnchor as OwnedTrustAnchor;
use rustls_pki_types::CertificateDer as Certificate;
use std::io::Cursor;
use std::sync::Arc;
use std::time::SystemTime;
use crate::Error;
pub async fn configure_tls_connector(
accept_invalid_certs: bool,
accept_invalid_hostnames: bool,
root_cert_path: Option<&CertificateInput>,
) -> Result<crate::rt::TlsConnector, Error> {
let config = ClientConfig::builder().with_safe_defaults();
let config = if accept_invalid_certs {
config
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
.with_no_client_auth()
} else {
let mut cert_store = RootCertStore::empty();
cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject.to_vec(),
ta.subject_public_key_info.to_vec(),
ta.name_constraints.clone().map(|v| v.to_vec()),
)
}));
if let Some(ca) = root_cert_path {
let data = ca.data().await?;
let mut cursor = Cursor::new(data);
for cert_result in rustls_pemfile::certs(&mut cursor)
{
let cert = cert_result.map_err(|_| Error::E(format!("Invalid certificate {}", ca)))?;
cert_store
.add(cert)
.map_err(|err| Error::E(err.to_string()))?;
}
}
if accept_invalid_hostnames {
let verifier = WebPkiVerifier::builder(Arc::new(cert_store))
.build()
.map_err(|e| crate::error::Error::E(e.to_string()))?;
config
.with_custom_certificate_verifier(Arc::new(NoHostnameTlsVerifier { verifier }))
.with_no_client_auth()
} else {
config
.with_root_certificates(cert_store)
.with_no_client_auth()
}
};
Ok(Arc::new(config).into())
}
#[derive(Debug)]
struct DummyTlsVerifier;
impl ServerCertVerifier for DummyTlsVerifier {
fn verify_server_cert(
&self,
_end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &ServerName,
_scts: &mut dyn Iterator<Item=&[u8]>,
_ocsp_response: &[u8],
_now: SystemTime,
) -> Result<ServerCertVerified, TlsError> {
Ok(ServerCertVerified::assertion())
}
}
#[derive(Debug)]
pub struct NoHostnameTlsVerifier {
verifier: WebPkiVerifier,
}
impl ServerCertVerifier for NoHostnameTlsVerifier {
fn verify_server_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
server_name: &ServerName,
scts: &mut dyn Iterator<Item=&[u8]>,
ocsp_response: &[u8],
now: SystemTime,
) -> Result<ServerCertVerified, TlsError> {
match self.verifier.verify_server_cert(
end_entity,
intermediates,
server_name,
scts,
ocsp_response,
now,
) {
Err(TlsError::InvalidCertificate(reason))
if reason == CertificateError::NotValidForName =>
{
Ok(ServerCertVerified::assertion())
}
res => res,
}
}
}
from rustls.
i change the code It still reports an error
What is the error? What have you tried to fix the error?
from rustls.
i change the code It still reports an error
What is the error? What have you tried to fix the error?
i can't find ClientConfig::builder().with_custom_certificate_verifier()
from rustls.
I'm going to close this issue to keep our tracker tidy but if you run into further issues we can continue the discussion.
from rustls.
I'm going to close this issue to keep our tracker tidy but if you run into further issues we can continue the discussion.
finally, i change the code success(It seems to have been compiled successfully). Do you have any suggestions or mistakes regarding my modified code?
see this code
https://github.com/rbatis/rbatis/blob/master/rbdc/src/net/tls/rustls.rs
from rustls.
finally, i change the code success(It seems to have been compiled successfully).
Great, glad to hear.
Do you have any suggestions or mistakes regarding my modified code?
Nope! Looks good to me :-)
from rustls.
Related Issues (20)
- 0.23 release preparation HOT 9
- Support for some clipersuite to connect Microsoft-IIS 8.5 server HOT 6
- Current main fails to compile aws-lc-sys HOT 18
- When accepting new TLS connection with Accepted::into_connection(config) no TLS alert is sent HOT 17
- Is there any benchmark comparison of existing TLS libraries in other languages like java, C++ and python etc. with Rustls ? HOT 6
- Random with 0 system entropy - workarounds? HOT 2
- Be able to get the not_before and not_after through some API in CertifiedKey or CertificateDer<'_>. HOT 6
- ServerConnection data lost HOT 3
- Async code in `ProducesTickets` implementation HOT 2
- `ServerHelloPayload` re-export inquery/request HOT 7
- Benchmark the `Unbuffered{Client,Server}Connection` API
- ClientConnection.peer_certificates() to return Some() regardless of CertificateError::UnknownIssuer HOT 5
- Consider a process default server certificate verifier HOT 1
- Profile-Guided Optimization (PGO) benchmark results
- 0.23 docs build is broken HOT 2
- optimize receiving data with TLS 1.2 and aes-128-gcm HOT 1
- optimize receiving data with TLS 1.3 and aes-256-gcm
- optimize server-side full handshakes for TLS 1.2 and 1.3 HOT 1
- Connection::dangerous_extract_secrets returns ConnectionTrafficSecrets::Aes128Gcm even when AES-256-GCM is negotiated
- Error: badRecordMac HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.