POC: disable cert verification

This commit is contained in:
Tokarak 2024-09-20 17:29:13 +01:00
parent 793047f63f
commit ad02a6bb00
3 changed files with 32 additions and 2 deletions

1
Cargo.lock generated
View file

@ -1240,6 +1240,7 @@ dependencies = [
"route-recognizer",
"rss",
"rust-embed",
"rustls",
"sealed_test",
"serde",
"serde_json",

View file

@ -44,6 +44,7 @@ pretty_env_logger = "0.5.0"
dotenvy = "0.15.7"
rss = "2.0.7"
arc-swap = "1.7.1"
rustls = { version = "0.21.12", features = ["dangerous_configuration"] }
[dev-dependencies]

View file

@ -7,6 +7,7 @@ use hyper::header::HeaderValue;
use hyper::StatusCode;
use hyper::{body, body::Buf, client, header, Body, Client, Method, Request, Response, Uri};
use hyper_rustls::HttpsConnector;
use rustls::ClientConfig;
use libflate::gzip;
use log::{error, trace, warn};
use once_cell::sync::Lazy;
@ -16,7 +17,7 @@ use serde_json::Value;
use std::sync::atomic::Ordering;
use std::sync::atomic::{AtomicBool, AtomicU16};
use std::{io, result::Result};
use std::sync::Arc;
use crate::dbg_msg;
use crate::oauth::{force_refresh_token, token_daemon, Oauth};
use crate::server::RequestExt;
@ -26,7 +27,34 @@ const REDDIT_URL_BASE: &str = "https://oauth.reddit.com";
const ALTERNATIVE_REDDIT_URL_BASE: &str = "https://www.reddit.com";
pub static CLIENT: Lazy<Client<HttpsConnector<HttpConnector>>> = Lazy::new(|| {
let https = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots().https_only().enable_http1().build();
// let https = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots().https_only().enable_http1().build();
// A custom certificate verifier that does nothing.
struct NoCertificateVerification;
impl rustls::client::ServerCertVerifier for NoCertificateVerification {
fn verify_server_cert(
&self,
_: &rustls::Certificate,
_: &[rustls::Certificate],
_: &rustls::ServerName,
_: &mut dyn Iterator<Item = &[u8]>,
_: &[u8],
_: std::time::SystemTime,
) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
Ok(rustls::client::ServerCertVerified::assertion())
}
}
let mut config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(rustls::RootCertStore::empty())
.with_no_client_auth();
config.dangerous().set_certificate_verifier(Arc::new(NoCertificateVerification));
let https = hyper_rustls::HttpsConnectorBuilder::new()
.with_tls_config(config)
.https_only().enable_http1().build();
client::Client::builder().build(https)
});