Rust Reqwest+Rustls 自签名证书校验

rust 复制代码
    let mut tls = rustls::ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(NoRootCertVerifier))
    .with_no_client_auth();


     let mut client_builder = reqwest::Client::builder()

        .timeout(Duration::from_secs(200000))

        .connect_timeout(Duration::from_secs(10))
        .tcp_nodelay(true)

        .use_preconfigured_tls(tls);

    let client = client_builder.build()?;

问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown

rust 复制代码
    #[cfg(any(feature = "native-tls", feature = "__rustls",))]
    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]
    pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {
        init_logger();

        let mut tls = Some(tls);
        #[cfg(feature = "native-tls")]
        {
            if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);
                self.config.tls = tls;
                return self;
            }
        }
        #[cfg(feature = "__rustls")]
        {
            if let Some(conn) =
                (&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>()
            {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltRustls(tls);
                self.config.tls = tls;
                return self;
            }
        }

        // Otherwise, we don't recognize the TLS backend!
        self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;
        self
    }

所以这里必须保证reqwest引用的rustls库和本地工程一致

rust 复制代码
#[derive(Debug)]

struct NoRootCertVerifier;





impl ServerCertVerifier for NoRootCertVerifier {

    fn verify_server_cert(

        &self,

        _end_entity: &CertificateDer<'_>,

        _intermediates: &[CertificateDer<'_>],

        _server_name: &ServerName<'_>,

        _ocsp_response: &[u8],

        _now: UnixTime,

    ) -> Result<ServerCertVerified, Error> {

        // 在这里实现自签名证书的验证逻辑
        log::info!("verify_server_cert");
        Ok(ServerCertVerified::assertion())

    }



    fn verify_tls12_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.2 签名验证逻辑
        log::info!("verify_tls12_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn verify_tls13_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.3 签名验证逻辑
        log::info!("verify_tls13_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {

        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::ECDSA_SHA1_Legacy,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]

    }

}

以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断

相关推荐
JavaGuide1 分钟前
JDK 25(长期支持版) 发布,新特性解读!
java·后端
weiwenhao14 分钟前
关于 nature 编程语言
人工智能·后端·开源
薛定谔的算法23 分钟前
phoneGPT:构建专业领域的检索增强型智能问答系统
前端·数据库·后端
RoyLin40 分钟前
TypeScript设计模式:责任链模式
前端·后端·typescript
RoyLin1 小时前
TypeScript设计模式:装饰器模式
前端·后端·typescript
Java中文社群1 小时前
有点意思!Java8后最有用新特性排行榜!
java·后端·面试
代码匠心1 小时前
从零开始学Flink:数据源
java·大数据·后端·flink
掘金一周1 小时前
Flutter Riverpod 3.0 发布,大规模重构下的全新状态管理框架 | 掘金一周 9.18
前端·人工智能·后端
moisture1 小时前
CUDA常规知识点
后端·面试
用户298698530141 小时前
Java 使用 Spire.PDF 将PDF文档转换为Word格式
java·后端