v1.13.0

author: Bartek Iwańczuk <biwanczuk@gmail.com> 2021-08-10 16:22:21 +0200
committer: GitHub <noreply@github.com> 2021-08-10 16:22:21 +0200
commit: d82351d67784a2bcb5431ebb233abc727f673152 (patch)
tree: 68b99db16a836e47791c94b62228fb7d79c74b84 /extensions/tls/lib.rs
parent: 548e4661121b32b2b9bfb0356b2329be91dec738 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/extensions/tls/lib.rs b/extensions/tls/lib.rs
index 932f5ba4c..8f56f0ffd 100644
--- a/extensions/tls/lib.rs
+++ b/extensions/tls/lib.rs
@@ -25,6 +25,7 @@ use rustls::ServerCertVerified;
 use rustls::ServerCertVerifier;
 use rustls::StoresClientSessions;
 use rustls::TLSError;
+use rustls::WebPKIVerifier;
 use serde::Deserialize;
 use std::collections::HashMap;
 use std::io::BufReader;
@@ -42,17 +43,22 @@ pub struct NoCertificateVerification(pub Vec<String>);
 impl ServerCertVerifier for NoCertificateVerification {
   fn verify_server_cert(
     &self,
-    _roots: &RootCertStore,
-    _presented_certs: &[Certificate],
-    dns_name: DNSNameRef<'_>,
-    _ocsp: &[u8],
+    roots: &RootCertStore,
+    presented_certs: &[Certificate],
+    dns_name_ref: DNSNameRef<'_>,
+    ocsp: &[u8],
   ) -> Result<ServerCertVerified, TLSError> {
-    let dns_name: &str = dns_name.into();
+    let dns_name: &str = dns_name_ref.into();
     let dns_name: String = dns_name.to_owned();
     if self.0.is_empty() || self.0.contains(&dns_name) {
       Ok(ServerCertVerified::assertion())
     } else {
-      Err(TLSError::General(dns_name))
+      WebPKIVerifier::new().verify_server_cert(
+        roots,
+        presented_certs,
+        dns_name_ref,
+        ocsp,
+      )
     }
   }
author	Bartek Iwańczuk <biwanczuk@gmail.com>	2021-08-10 16:22:21 +0200
committer	GitHub <noreply@github.com>	2021-08-10 16:22:21 +0200
commit	d82351d67784a2bcb5431ebb233abc727f673152 (patch)
tree	68b99db16a836e47791c94b62228fb7d79c74b84 /extensions/tls/lib.rs
parent	548e4661121b32b2b9bfb0356b2329be91dec738 (diff)