Skip to content

[question] How to disable certificate verification for https client #3547

New issue
New issue
Closed
Closed
[question] How to disable certificate verification for https client#3547
Labels
C-bugCategory: bug. Something is wrong. This is bad!
@wpeng102

Description

@wpeng102
wpeng102
opened on Jan 28, 2024

I am using hyper-tls library to build a https client and meet hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) } }) error when using it to access a existing system via token.

We only have token for the client side, does the client can turn off certificate checking? Do we have any example for how to disable certificate verification.

Following is my code:

 let https_connector = TimeoutConnector::new(
        hyper_rustls::HttpsConnectorBuilder::new()
            .with_native_roots()
            .https_only()
            .enable_all_versions()
            .build(),
    );

    let https_client = Client::builder().build::<_, hyper::Body>(https_connector);
    let uri =
        "my_url".parse::<Uri>()?;
    let req = hyper::Request::builder()
        .method(Method::GET)
        .uri(uri)
        .header(CONTENT_TYPE, "application/json")
        .header(AUTHORIZATION, "my_token".to_string())
        .body(Body::from(String::new()))?;

I also test the following code to set custom certificate verifier. But got 500 Internal Server Error , I am sure the token and RUL is correct in my code , curl -k command works well with the token and URL.

struct NoCertificateVerification;

impl ServerCertVerifier for NoCertificateVerification {
    fn verify_server_cert(
        &self,
        _end_entity: &rustls::Certificate,
        _intermediates: &[rustls::Certificate],
        _server_name: &ServerName,
        _scts: &mut dyn Iterator<Item = &[u8]>,
        _ocsp_response: &[u8],
        _now: SystemTime,
    ) -> Result<ServerCertVerified, rustls::Error> {
        #[cfg(not(test))]
        println!("IGNORING SERVER CERT, Please ensure that I am removed to actually validate TLS.");
        Ok(ServerCertVerified::assertion())
    }
}
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    let config = ClientConfig::builder()
        .with_safe_defaults()
        .with_custom_certificate_verifier(std::sync::Arc::new(NoCertificateVerification))
        .with_no_client_auth();


    let https_connector = TimeoutConnector::new(
        hyper_rustls::HttpsConnectorBuilder::new()
            .with_tls_config(config)
            .https_only()
            .enable_http1()
            .build(),
    );

    let https_client = Client::builder().build::<_, hyper::Body>(https_connector);
    let uri =
        "my_url".parse::<Uri>()?;
    let req: hyper::Request<Body> = hyper::Request::builder()
        .method(Method::GET)
        .uri(uri)
        .header(CONTENT_TYPE, "application/json")
        .header(AUTHORIZATION, "my_token".to_string())
        .body(Body::from(String::new()))?;

    let req = https_client.request(req).await?;

    println!("{} ", req.status());

    let body = req.into_body();
    let bytes = hyper::body::to_bytes(body).await.unwrap();
    println!("{}", String::from_utf8_lossy(&bytes));

    Ok(())
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-bugCategory: bug. Something is wrong. This is bad!

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions