Allow user to disable server certificate validation. #257
Conversation
LucioFranco
left a comment
LucioFranco
left a comment
There was a problem hiding this comment.
This looks like a great start! I left you some comments in line, let me know if you have any questions :)
| ] | ||
| tls = ["transport", "tokio-rustls"] | ||
| tls-roots = ["tls", "rustls-native-certs"] | ||
| tls-dangerous = ["rustls", "webpki"] |
There was a problem hiding this comment.
This should only have to enable "rustls/dangerous_configuration" then we leave it out of the default. So this is an opt-in feature that will only enable that specific rustls feature if you opt in.
There was a problem hiding this comment.
I didn't know feature flags were transitive, I'm looking into it.
There was a problem hiding this comment.
After thinking about it, I don't understand what you want me to do
There was a problem hiding this comment.
It should be possible to set tls-dangerous to be like:
tls-dangerous = ["rustls/dangerous-config", "webpki"]Since, rustls is already included with tokio-rustls this feature set should work.
Let me know if that makes sense!
LucioFranco
left a comment
LucioFranco
left a comment
There was a problem hiding this comment.
Looking good! Left a few questions :)
|
I am going to close this for now since its a bit old now and if we can avoid having to expose something like this then I think that is better since it is dangerous :D lmk if you have anyquestions. |
|
@LucioFranco is there now a nice way to turn off the check? some times when debugging its handy to turn it off and i would like to give my app a cli flag to accept invalid certs Im happy to open a issue if not but thought i would skip the issue if we can already do this? |
|
I would suggest for now to go around the transport module and use hyper-rustls + hyper directly. |
|
@LucioFranco could you elaborate on this, specifically in the light of 0.7? Thanks for your time. |
|
#968 here is a PR that adds an example for this. |
3 participants
Motivation
Currently, if you want to disable server certificate validation, you have to manually set a
rustlsconfiguration. Unfortunately, it also overrides default tonic configuration like ALPN protocols.Solution
This PR exposes
danger_accept_invalid_certsinClientTlsConfig. That function while still preservingtonicdefaulttlsconfiguration, disables server certificate validation. Because it introduces a security vulnerability, we gated that function behindtls-dangerousfeature flag.