From c788fc9f9e2c9128ea0dd5f28c1bafe8ba3b369c Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 12 Apr 2020 19:18:31 +0200 Subject: Cleanup --- src/tls_util.rs | 58 --------------------------------------------------------- 1 file changed, 58 deletions(-) (limited to 'src/tls_util.rs') diff --git a/src/tls_util.rs b/src/tls_util.rs index 5a17d380..dfc4e716 100644 --- a/src/tls_util.rs +++ b/src/tls_util.rs @@ -7,7 +7,6 @@ use core::future::Future; use futures_util::future::*; use tokio::io::{AsyncRead, AsyncWrite}; use rustls::internal::pemfile; -use rustls::*; use hyper::client::HttpConnector; use hyper::client::connect::Connection; use hyper::service::Service; @@ -60,63 +59,6 @@ pub fn load_private_key(filename: &str) -> Result { } -// ---- AWFUL COPYPASTA FROM rustls/verifier.rs -// ---- USED TO ALLOW TO VERIFY SERVER CERTIFICATE VALIDITY IN CHAIN -// ---- BUT DISREGARD HOSTNAME PARAMETER - -pub struct NoHostnameCertVerifier; - -type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm]; -static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - &webpki::ECDSA_P256_SHA256, - &webpki::ECDSA_P256_SHA384, - &webpki::ECDSA_P384_SHA256, - &webpki::ECDSA_P384_SHA384, - &webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - &webpki::RSA_PKCS1_2048_8192_SHA256, - &webpki::RSA_PKCS1_2048_8192_SHA384, - &webpki::RSA_PKCS1_2048_8192_SHA512, - &webpki::RSA_PKCS1_3072_8192_SHA384 -]; - -impl rustls::ServerCertVerifier for NoHostnameCertVerifier { - fn verify_server_cert(&self, - roots: &RootCertStore, - presented_certs: &[Certificate], - _dns_name: webpki::DNSNameRef, - _ocsp_response: &[u8]) -> Result { - - if presented_certs.is_empty() { - return Err(TLSError::NoCertificatesPresented); - } - - let cert = webpki::EndEntityCert::from(&presented_certs[0].0) - .map_err(TLSError::WebPKIError)?; - - let chain = presented_certs.iter() - .skip(1) - .map(|cert| cert.0.as_ref()) - .collect::>(); - - let trustroots: Vec = roots.roots - .iter() - .map(|x| x.to_trust_anchor()) - .collect(); - - let now = webpki::Time::try_from(std::time::SystemTime::now()) - .map_err( |_ | TLSError::FailedToGetCurrentTime)?; - - cert.verify_is_valid_tls_server_cert(SUPPORTED_SIG_ALGS, - &webpki::TLSServerTrustAnchors(&trustroots), &chain, now) - .map_err(TLSError::WebPKIError)?; - - Ok(rustls::ServerCertVerified::assertion()) - } -} - - // ---- AWFUL COPYPASTA FROM HYPER-RUSTLS connector.rs // ---- ALWAYS USE `garage` AS HOSTNAME FOR TLS VERIFICATION -- cgit v1.2.3