Trust invalid certificate convenience function
ynuwenhof opened this issue · comments
The current process of configuring ureq to trust invalid certificates is a bit annoying since you have to figure out the correct rustls version based on the ureq version you are using and then create a ClientConfig and custom catch all ServerCertVerifier. A simple convenience function or example in the documentation would be great.
[dependencies.rustls]
version = "0.21.6"
features = ["dangerous_configuration"]let mut client_config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(RootCertStore::empty())
.with_no_client_auth();
client_config
.dangerous()
.set_certificate_verifier(Arc::new(NoVerification));
AgentBuilder::new().tls_config(Arc::new(client_config)).build();#[derive(Debug)]
struct NoVerification;
impl ServerCertVerifier for NoVerification {
fn verify_server_cert(
&self,
_end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &rustls::ServerName,
_scts: &mut dyn Iterator<Item = &[u8]>,
_ocsp_response: &[u8],
_now: SystemTime,
) -> Result<ServerCertVerified, Error> {
Ok(ServerCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
_message: &[u8],
_cert: &Certificate,
_dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error> {
Ok(HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &Certificate,
_dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error> {
Ok(HandshakeSignatureValid::assertion())
}
}
Hi @ynuwenhof, welcome to ureq!
Disabling certificate verification is a contentious issue. Some library authors would say it should be hard to disable it, others don't. It would be interesting to know what some other libraries do, like reqwest, curl, urllib3 for example.
Reqwest provides the convenience function danger_accept_invalid_certs on their ClientBuilder as for curl IIRC you can simply add the --insecure flag.
