Rust Reqwest+Rustls 自签名证书校验

rust 复制代码
    let mut tls = rustls::ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(NoRootCertVerifier))
    .with_no_client_auth();


     let mut client_builder = reqwest::Client::builder()

        .timeout(Duration::from_secs(200000))

        .connect_timeout(Duration::from_secs(10))
        .tcp_nodelay(true)

        .use_preconfigured_tls(tls);

    let client = client_builder.build()?;

问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown

rust 复制代码
    #[cfg(any(feature = "native-tls", feature = "__rustls",))]
    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]
    pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {
        init_logger();

        let mut tls = Some(tls);
        #[cfg(feature = "native-tls")]
        {
            if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);
                self.config.tls = tls;
                return self;
            }
        }
        #[cfg(feature = "__rustls")]
        {
            if let Some(conn) =
                (&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>()
            {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltRustls(tls);
                self.config.tls = tls;
                return self;
            }
        }

        // Otherwise, we don't recognize the TLS backend!
        self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;
        self
    }

所以这里必须保证reqwest引用的rustls库和本地工程一致

rust 复制代码
#[derive(Debug)]

struct NoRootCertVerifier;





impl ServerCertVerifier for NoRootCertVerifier {

    fn verify_server_cert(

        &self,

        _end_entity: &CertificateDer<'_>,

        _intermediates: &[CertificateDer<'_>],

        _server_name: &ServerName<'_>,

        _ocsp_response: &[u8],

        _now: UnixTime,

    ) -> Result<ServerCertVerified, Error> {

        // 在这里实现自签名证书的验证逻辑
        log::info!("verify_server_cert");
        Ok(ServerCertVerified::assertion())

    }



    fn verify_tls12_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.2 签名验证逻辑
        log::info!("verify_tls12_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn verify_tls13_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.3 签名验证逻辑
        log::info!("verify_tls13_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {

        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::ECDSA_SHA1_Legacy,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]

    }

}

以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断

相关推荐
_WndProc9 分钟前
【Python】Flask网页
开发语言·python·flask
深栈解码13 分钟前
JMM深度解析(三) volatile实现机制详解
java·后端
张家宝683720 分钟前
ambari
后端
StephenCurryFans22 分钟前
Spring AI vs LangChain4j:Java AI开发框架完整对比指南 🚀
后端·spring
liujing1023292924 分钟前
Day04_刷题niuke20250703
java·开发语言·算法
程序员辉哥26 分钟前
学会在Cursor中使用Rules生成代码后可以躺平了吗?
前端·后端
Brookty27 分钟前
【MySQL】JDBC编程
java·数据库·后端·学习·mysql·jdbc
_代号00730 分钟前
MySQL梳理一:整体架构概览
后端·mysql
前端付豪34 分钟前
11、打造自己的 CLI 工具:从命令行到桌面效率神器
后端·python
前端付豪34 分钟前
12、用类写出更可控、更易扩展的爬虫框架🕷
后端·python