aboutsummaryrefslogtreecommitdiff
path: root/src/tls_util.rs
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-04-12 19:18:31 +0200
committerAlex Auvolat <alex@adnab.me>2020-04-12 19:18:31 +0200
commitc788fc9f9e2c9128ea0dd5f28c1bafe8ba3b369c (patch)
tree30c9e34b979bd8d38ef93e8371a4fea087556e72 /src/tls_util.rs
parentd2814b5c3374f8b99a81dbb9fa3614c875cfc5e6 (diff)
downloadgarage-c788fc9f9e2c9128ea0dd5f28c1bafe8ba3b369c.tar.gz
garage-c788fc9f9e2c9128ea0dd5f28c1bafe8ba3b369c.zip
Cleanup
Diffstat (limited to 'src/tls_util.rs')
-rw-r--r--src/tls_util.rs58
1 files changed, 0 insertions, 58 deletions
diff --git a/src/tls_util.rs b/src/tls_util.rs
index 5a17d380..dfc4e716 100644
--- a/src/tls_util.rs
+++ b/src/tls_util.rs
@@ -7,7 +7,6 @@ use core::future::Future;
use futures_util::future::*;
use tokio::io::{AsyncRead, AsyncWrite};
use rustls::internal::pemfile;
-use rustls::*;
use hyper::client::HttpConnector;
use hyper::client::connect::Connection;
use hyper::service::Service;
@@ -60,63 +59,6 @@ pub fn load_private_key(filename: &str) -> Result<rustls::PrivateKey, Error> {
}
-// ---- AWFUL COPYPASTA FROM rustls/verifier.rs
-// ---- USED TO ALLOW TO VERIFY SERVER CERTIFICATE VALIDITY IN CHAIN
-// ---- BUT DISREGARD HOSTNAME PARAMETER
-
-pub struct NoHostnameCertVerifier;
-
-type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm];
-static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[
- &webpki::ECDSA_P256_SHA256,
- &webpki::ECDSA_P256_SHA384,
- &webpki::ECDSA_P384_SHA256,
- &webpki::ECDSA_P384_SHA384,
- &webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
- &webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
- &webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
- &webpki::RSA_PKCS1_2048_8192_SHA256,
- &webpki::RSA_PKCS1_2048_8192_SHA384,
- &webpki::RSA_PKCS1_2048_8192_SHA512,
- &webpki::RSA_PKCS1_3072_8192_SHA384
-];
-
-impl rustls::ServerCertVerifier for NoHostnameCertVerifier {
- fn verify_server_cert(&self,
- roots: &RootCertStore,
- presented_certs: &[Certificate],
- _dns_name: webpki::DNSNameRef,
- _ocsp_response: &[u8]) -> Result<rustls::ServerCertVerified, TLSError> {
-
- if presented_certs.is_empty() {
- return Err(TLSError::NoCertificatesPresented);
- }
-
- let cert = webpki::EndEntityCert::from(&presented_certs[0].0)
- .map_err(TLSError::WebPKIError)?;
-
- let chain = presented_certs.iter()
- .skip(1)
- .map(|cert| cert.0.as_ref())
- .collect::<Vec<_>>();
-
- let trustroots: Vec<webpki::TrustAnchor> = roots.roots
- .iter()
- .map(|x| x.to_trust_anchor())
- .collect();
-
- let now = webpki::Time::try_from(std::time::SystemTime::now())
- .map_err( |_ | TLSError::FailedToGetCurrentTime)?;
-
- cert.verify_is_valid_tls_server_cert(SUPPORTED_SIG_ALGS,
- &webpki::TLSServerTrustAnchors(&trustroots), &chain, now)
- .map_err(TLSError::WebPKIError)?;
-
- Ok(rustls::ServerCertVerified::assertion())
- }
-}
-
-
// ---- AWFUL COPYPASTA FROM HYPER-RUSTLS connector.rs
// ---- ALWAYS USE `garage` AS HOSTNAME FOR TLS VERIFICATION