Rust Reqwest+Rustls 自签名证书校验

rust 复制代码
    let mut tls = rustls::ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(NoRootCertVerifier))
    .with_no_client_auth();


     let mut client_builder = reqwest::Client::builder()

        .timeout(Duration::from_secs(200000))

        .connect_timeout(Duration::from_secs(10))
        .tcp_nodelay(true)

        .use_preconfigured_tls(tls);

    let client = client_builder.build()?;

问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown

rust 复制代码
    #[cfg(any(feature = "native-tls", feature = "__rustls",))]
    #[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]
    pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {
        init_logger();

        let mut tls = Some(tls);
        #[cfg(feature = "native-tls")]
        {
            if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);
                self.config.tls = tls;
                return self;
            }
        }
        #[cfg(feature = "__rustls")]
        {
            if let Some(conn) =
                (&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>()
            {
                let tls = conn.take().expect("is definitely Some");
                let tls = crate::tls::TlsBackend::BuiltRustls(tls);
                self.config.tls = tls;
                return self;
            }
        }

        // Otherwise, we don't recognize the TLS backend!
        self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;
        self
    }

所以这里必须保证reqwest引用的rustls库和本地工程一致

rust 复制代码
#[derive(Debug)]

struct NoRootCertVerifier;





impl ServerCertVerifier for NoRootCertVerifier {

    fn verify_server_cert(

        &self,

        _end_entity: &CertificateDer<'_>,

        _intermediates: &[CertificateDer<'_>],

        _server_name: &ServerName<'_>,

        _ocsp_response: &[u8],

        _now: UnixTime,

    ) -> Result<ServerCertVerified, Error> {

        // 在这里实现自签名证书的验证逻辑
        log::info!("verify_server_cert");
        Ok(ServerCertVerified::assertion())

    }



    fn verify_tls12_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.2 签名验证逻辑
        log::info!("verify_tls12_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn verify_tls13_signature(

        &self,

        _message: &[u8],

        _cert: &CertificateDer<'_>,

        _dss: &DigitallySignedStruct,

    ) -> Result<HandshakeSignatureValid, Error> {

        // 实现 TLS 1.3 签名验证逻辑
        log::info!("verify_tls13_signature");
        Ok(HandshakeSignatureValid::assertion())

    }



    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {

        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::ECDSA_SHA1_Legacy,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]

    }

}

以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断

相关推荐
凤凰院凶涛QAQ10 分钟前
《Java版数据结构 & 集合类剖析》栈与队列:“push/pop 是栈的灵魂,offer/poll 是队列的骨架——四组 API,两种人生”
java·开发语言·数据结构
研☆香18 分钟前
为什么变量声明在赋值前也能使用?—— 深入理解 JavaScript 变量提升与作用域
开发语言·前端·javascript
高明珠25 分钟前
麒麟 V10 SP1 排查实录:ttyS5 每 10 秒莫名收到一批报文,元凶是 eGTouchD
后端
卷无止境25 分钟前
Python FFI 技术深度解析:ctypes、cffi 与 pybind11 的性能差异与实践挑战
后端·python
右耳朵猫AI27 分钟前
PHP周刊2026W28 | 安全更新、Laravel 13.18、Twig 3.28
开发语言·php·laravel
second6033 分钟前
第一部分:快速上手 —— 建立 C++ 基本语法与编程范式
开发语言·c++
郝学胜-神的一滴43 分钟前
算法实战:最小k个数——大顶堆的优雅解法
开发语言·数据结构·c++·python·程序人生·算法·排序算法
ServBay44 分钟前
AI Gateway 是什么?为什么每个平台都在做
后端·aigc·ai编程
bksczm1 小时前
linux之线程概念和控制
linux·开发语言·c++
SamDeepThinking1 小时前
Vibe Coding最重要的是Spec
后端·程序员·ai编程