Rust Reqwest+Rustls 自签名证书校验

rust 复制代码
    let mut tls = rustls::ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(NoRootCertVerifier))
    .with_no_client_auth();


     let mut client_builder = reqwest::Client::builder()

        .timeout(Duration::from_secs(200000))

        .connect_timeout(Duration::from_secs(10))
        .tcp_nodelay(true)

        .use_preconfigured_tls(tls);

    let client = client_builder.build()?;

问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown

rust 复制代码
    #[cfg(any(feature = "native-tls", feature = "__rustls",))]
    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]
    pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {
        init_logger();

        let mut tls = Some(tls);
        #[cfg(feature = "native-tls")]
        {
            if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);
                self.config.tls = tls;
                return self;
            }
        }
        #[cfg(feature = "__rustls")]
        {
            if let Some(conn) =
                (&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>()
            {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltRustls(tls);
                self.config.tls = tls;
                return self;
            }
        }

        // Otherwise, we don't recognize the TLS backend!
        self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;
        self
    }

所以这里必须保证reqwest引用的rustls库和本地工程一致

rust 复制代码
#[derive(Debug)]

struct NoRootCertVerifier;





impl ServerCertVerifier for NoRootCertVerifier {

    fn verify_server_cert(

        &self,

        _end_entity: &CertificateDer<'_>,

        _intermediates: &[CertificateDer<'_>],

        _server_name: &ServerName<'_>,

        _ocsp_response: &[u8],

        _now: UnixTime,

    ) -> Result<ServerCertVerified, Error> {

        // 在这里实现自签名证书的验证逻辑
        log::info!("verify_server_cert");
        Ok(ServerCertVerified::assertion())

    }



    fn verify_tls12_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.2 签名验证逻辑
        log::info!("verify_tls12_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn verify_tls13_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.3 签名验证逻辑
        log::info!("verify_tls13_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {

        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::ECDSA_SHA1_Legacy,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]

    }

}

以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断

相关推荐
CodeCraft Studio22 分钟前
借助Aspose.HTML控件,在 Python 中将 HTML 转换为 Markdown
开发语言·python·html·markdown·aspose·html转markdown·asposel.html
QQ_43766431423 分钟前
C++11 右值引用 Lambda 表达式
java·开发语言·c++
aramae24 分钟前
大话数据结构之<队列>
c语言·开发语言·数据结构·算法
封奚泽优1 小时前
使用Python实现单词记忆软件
开发语言·python·random·qpushbutton·qtwidgets·qtcore·qtgui
midsummer_woo1 小时前
基于spring boot的医院挂号就诊系统(源码+论文)
java·spring boot·后端
liulilittle2 小时前
C++/CLI与标准C++的语法差异(一)
开发语言·c++·.net·cli·clr·托管·原生
daixin88482 小时前
什么是缓存雪崩?缓存击穿?缓存穿透?分别如何解决?什么是缓存预热?
java·开发语言·redis·缓存
Olrookie2 小时前
若依前后端分离版学习笔记(三)——表结构介绍
笔记·后端·mysql
沸腾_罗强2 小时前
Bugs
后端
一条GO2 小时前
ORM中实现SaaS的数据与库的隔离
后端