diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-08 23:45:24 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-08 23:45:24 +0100 |
| commit | 207f467b879194c993c70a092c232daca8ad1057 (patch) | |
| tree | 118c8940e2d9d37400219335263f1ec9c1c94d2d /src/reverse_proxy.rs | |
| parent | ca8c5aad2378dd9f8ec525b3b0779f5c53cfe9eb (diff) | |
| download | tricot-207f467b879194c993c70a092c232daca8ad1057.tar.gz tricot-207f467b879194c993c70a092c232daca8ad1057.zip | |
Support totally ignoring backend HTTPS certificate stuff
Diffstat (limited to 'src/reverse_proxy.rs')
| -rw-r--r-- | src/reverse_proxy.rs | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs index 9d7780c..82e7c7a 100644 --- a/src/reverse_proxy.rs +++ b/src/reverse_proxy.rs @@ -1,16 +1,23 @@ //! Copied from https://github.com/felipenoris/hyper-reverse-proxy //! See there for original Copyright notice +use std::sync::Arc; +use std::convert::TryInto; +use std::time::SystemTime; +use std::net::IpAddr; +use std::str::FromStr; + use anyhow::Result; use log::*; -use std::convert::TryInto; use http::header::HeaderName; use hyper::header::{HeaderMap, HeaderValue}; use hyper::{Body, Client, Request, Response, Uri}; +use rustls::{Certificate, ServerName}; +use rustls::client::{ServerCertVerifier, ServerCertVerified}; use lazy_static::lazy_static; -use std::net::IpAddr; -use std::str::FromStr; + +use crate::tls_util::HttpsConnectorFixedDnsname; fn is_hop_header(name: &str) -> bool { use unicase::Ascii; @@ -149,12 +156,12 @@ pub async fn call_https( trace!("Proxied request (HTTPS): {:?}", proxied_request); - let https = hyper_rustls::HttpsConnectorBuilder::new() - .with_native_roots() - .https_only() - .enable_http1() - .build(); - let client: Client<_, hyper::Body> = Client::builder().build(https); + let tls_config = rustls::client::ClientConfig::builder() + .with_safe_defaults() + .with_custom_certificate_verifier(Arc::new(DontVerifyServerCert)) + .with_no_client_auth(); + let connector = HttpsConnectorFixedDnsname::new(tls_config, "dummy"); + let client: Client<_, hyper::Body> = Client::builder().build(connector); let response = client.request(proxied_request).await?; trace!("Inner response (HTTPS): {:?}", response); @@ -162,3 +169,21 @@ pub async fn call_https( let proxied_response = create_proxied_response(response); Ok(proxied_response) } + +struct DontVerifyServerCert; + +impl ServerCertVerifier for DontVerifyServerCert { + fn verify_server_cert( + &self, + _end_entity: &Certificate, + _intermediates: &[Certificate], + _server_name: &ServerName, + _scts: &mut dyn Iterator<Item = &[u8]>, + _ocsp_response: &[u8], + _now: SystemTime + ) -> Result<ServerCertVerified, rustls::Error> { + Ok(ServerCertVerified::assertion()) + } +} + + |