Rust Reqwest+Rustls 自签名证书校验

rust 复制代码
    let mut tls = rustls::ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(NoRootCertVerifier))
    .with_no_client_auth();


     let mut client_builder = reqwest::Client::builder()

        .timeout(Duration::from_secs(200000))

        .connect_timeout(Duration::from_secs(10))
        .tcp_nodelay(true)

        .use_preconfigured_tls(tls);

    let client = client_builder.build()?;

问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown

rust 复制代码
    #[cfg(any(feature = "native-tls", feature = "__rustls",))]
    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]
    pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {
        init_logger();

        let mut tls = Some(tls);
        #[cfg(feature = "native-tls")]
        {
            if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);
                self.config.tls = tls;
                return self;
            }
        }
        #[cfg(feature = "__rustls")]
        {
            if let Some(conn) =
                (&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>()
            {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltRustls(tls);
                self.config.tls = tls;
                return self;
            }
        }

        // Otherwise, we don't recognize the TLS backend!
        self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;
        self
    }

所以这里必须保证reqwest引用的rustls库和本地工程一致

rust 复制代码
#[derive(Debug)]

struct NoRootCertVerifier;





impl ServerCertVerifier for NoRootCertVerifier {

    fn verify_server_cert(

        &self,

        _end_entity: &CertificateDer<'_>,

        _intermediates: &[CertificateDer<'_>],

        _server_name: &ServerName<'_>,

        _ocsp_response: &[u8],

        _now: UnixTime,

    ) -> Result<ServerCertVerified, Error> {

        // 在这里实现自签名证书的验证逻辑
        log::info!("verify_server_cert");
        Ok(ServerCertVerified::assertion())

    }



    fn verify_tls12_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.2 签名验证逻辑
        log::info!("verify_tls12_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn verify_tls13_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.3 签名验证逻辑
        log::info!("verify_tls13_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {

        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::ECDSA_SHA1_Legacy,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]

    }

}

以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断

相关推荐
Ajiang282473530442 分钟前
对于C++中stack和queue的认识以及priority_queue的模拟实现
开发语言·c++
幽兰的天空1 小时前
Python 中的模式匹配:深入了解 match 语句
开发语言·python
Theodore_10224 小时前
4 设计模式原则之接口隔离原则
java·开发语言·设计模式·java-ee·接口隔离原则·javaee
----云烟----6 小时前
QT中QString类的各种使用
开发语言·qt
lsx2024066 小时前
SQL SELECT 语句:基础与进阶应用
开发语言
开心工作室_kaic6 小时前
ssm161基于web的资源共享平台的共享与开发+jsp(论文+源码)_kaic
java·开发语言·前端
向宇it6 小时前
【unity小技巧】unity 什么是反射?反射的作用?反射的使用场景?反射的缺点?常用的反射操作?反射常见示例
开发语言·游戏·unity·c#·游戏引擎
武子康6 小时前
Java-06 深入浅出 MyBatis - 一对一模型 SqlMapConfig 与 Mapper 详细讲解测试
java·开发语言·数据仓库·sql·mybatis·springboot·springcloud
qq_17448285757 小时前
springboot基于微信小程序的旧衣回收系统的设计与实现
spring boot·后端·微信小程序
转世成为计算机大神7 小时前
易考八股文之Java中的设计模式?
java·开发语言·设计模式