From 576613a2227c76d25d80982fc11cafb7c4d51979 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Wed, 9 Jan 2019 17:23:49 -0800 Subject: [PATCH] Remove built-in support for disabling certificate verification This can already be done by constructing a `ClientConfig` manually, and probably shouldn't be made too convenient. --- quinn/Cargo.toml | 4 ---- quinn/examples/client.rs | 13 ------------- quinn/src/lib.rs | 34 ++++------------------------------ 3 files changed, 4 insertions(+), 47 deletions(-) diff --git a/quinn/Cargo.toml b/quinn/Cargo.toml index 1e90e550f..a313165b5 100644 --- a/quinn/Cargo.toml +++ b/quinn/Cargo.toml @@ -19,9 +19,6 @@ codecov = { repository = "djc/quinn" } maintenance = { status = "experimental" } travis-ci = { repository = "djc/quinn" } -[features] -dangerous_configuration = ["quinn-proto/dangerous_configuration"] - [dependencies] bytes = "0.4.7" failure = "0.1" @@ -54,7 +51,6 @@ name = "server" [[example]] name = "interop" -required-features = ["dangerous_configuration"] [[example]] name = "client" diff --git a/quinn/examples/client.rs b/quinn/examples/client.rs index 2dc936cd7..66c2e872f 100644 --- a/quinn/examples/client.rs +++ b/quinn/examples/client.rs @@ -19,8 +19,6 @@ use url::Url; type Result = std::result::Result; /// HTTP/0.9 over QUIC client -/// -/// Build with the dangerous_configuration feature to support connecting to servers with invalid certificates. #[derive(StructOpt, Debug)] #[structopt(name = "client")] struct Opt { @@ -33,11 +31,6 @@ struct Opt { /// Custom certificate authority to trust, in DER format #[structopt(parse(from_os_str), long = "ca")] ca: Option, - - /// Accept invalid (e.g. self-signed) TLS certificates - #[cfg(feature = "dangerous_configuration")] - #[structopt(long = "accept-insecure-certs")] - accept_insecure_certs: bool, /* /// file to read/write session tickets to #[structopt(long = "session-cache", parse(from_os_str))] @@ -97,12 +90,6 @@ fn run(log: Logger, options: Opt) -> Result<()> { client_config .add_certificate_authority(quinn::Certificate::from_der(&fs::read(&ca_path)?)?)?; } - #[cfg(feature = "dangerous_configuration")] - { - if options.accept_insecure_certs { - client_config.accept_insecure_certs(); - } - } endpoint.default_client_config(client_config.build()); diff --git a/quinn/src/lib.rs b/quinn/src/lib.rs index 8bbf05892..d4810153e 100644 --- a/quinn/src/lib.rs +++ b/quinn/src/lib.rs @@ -402,6 +402,10 @@ impl ClientConfigBuilder { } /// Add a trusted certificate authority. + /// + /// For more advanced/less secure certificate verification, construct a [`ClientConfig`] + /// manually and use rustls's `dangerous_configuration` feature to override the certificate + /// verifier. pub fn add_certificate_authority(&mut self, cert: Certificate) -> Result<&mut Self, Error> { { let anchor = webpki::trust_anchor_util::cert_der_as_trust_anchor( @@ -441,36 +445,6 @@ impl ClientConfigBuilder { tls_config: Arc::new(self.config), } } - - /// DANGEROUS - Connect even if the server presents an invalid certificate. - /// - /// Restricted by the `dangerous_configuration` feature. Use with care. - /// - /// This allows connecting to servers whose certificates aren't signed by a trusted authority, e.g. servers using - /// self-signed certificates. This allows an attacker to impersonate the server and therefore read and modify - /// traffic, but is useful for applications where trust is not expected or is enforced by external means. - /// - /// Convenience method for specifying a custom `ServerCertVerifier` in the TLS configuration. - #[cfg(feature = "dangerous_configuration")] - pub fn accept_insecure_certs(&mut self) -> &mut Self { - struct NullVerifier; - impl rustls::ServerCertVerifier for NullVerifier { - fn verify_server_cert( - &self, - _roots: &rustls::RootCertStore, - _presented_certs: &[rustls::Certificate], - _dns_name: webpki::DNSNameRef, - _ocsp_response: &[u8], - ) -> Result { - Ok(rustls::ServerCertVerified::assertion()) - } - } - - self.config - .dangerous() - .set_certificate_verifier(Arc::new(NullVerifier)); - self - } } impl Default for ClientConfigBuilder {