Skip to main content

couchbase_core/
insecure_certverfier.rs

1/*
2 *
3 *  * Copyright (c) 2025 Couchbase, Inc.
4 *  *
5 *  * Licensed under the Apache License, Version 2.0 (the "License");
6 *  * you may not use this file except in compliance with the License.
7 *  * You may obtain a copy of the License at
8 *  *
9 *  *    http://www.apache.org/licenses/LICENSE-2.0
10 *  *
11 *  * Unless required by applicable law or agreed to in writing, software
12 *  * distributed under the License is distributed on an "AS IS" BASIS,
13 *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  * See the License for the specific language governing permissions and
15 *  * limitations under the License.
16 *
17 */
18
19use tokio_rustls::rustls::client::danger::{
20    HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier,
21};
22use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
23use tokio_rustls::rustls::{DigitallySignedStruct, SignatureScheme};
24
25#[derive(Debug)]
26pub struct InsecureCertVerifier {}
27
28impl ServerCertVerifier for InsecureCertVerifier {
29    fn verify_server_cert(
30        &self,
31        _end_entity: &CertificateDer<'_>,
32        _intermediates: &[CertificateDer<'_>],
33        _server_name: &ServerName<'_>,
34        _ocsp_response: &[u8],
35        _now: UnixTime,
36    ) -> std::result::Result<ServerCertVerified, tokio_rustls::rustls::Error> {
37        Ok(ServerCertVerified::assertion())
38    }
39
40    fn verify_tls12_signature(
41        &self,
42        _message: &[u8],
43        _cert: &CertificateDer<'_>,
44        _dss: &DigitallySignedStruct,
45    ) -> std::result::Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
46        Ok(HandshakeSignatureValid::assertion())
47    }
48
49    fn verify_tls13_signature(
50        &self,
51        _message: &[u8],
52        _cert: &CertificateDer<'_>,
53        _dss: &DigitallySignedStruct,
54    ) -> std::result::Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
55        Ok(HandshakeSignatureValid::assertion())
56    }
57
58    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
59        vec![
60            SignatureScheme::RSA_PKCS1_SHA1,
61            SignatureScheme::ECDSA_SHA1_Legacy,
62            SignatureScheme::RSA_PKCS1_SHA256,
63            SignatureScheme::ECDSA_NISTP256_SHA256,
64            SignatureScheme::RSA_PKCS1_SHA384,
65            SignatureScheme::ECDSA_NISTP384_SHA384,
66            SignatureScheme::RSA_PKCS1_SHA512,
67            SignatureScheme::ECDSA_NISTP521_SHA512,
68            SignatureScheme::RSA_PSS_SHA256,
69            SignatureScheme::RSA_PSS_SHA384,
70            SignatureScheme::RSA_PSS_SHA512,
71            SignatureScheme::ED25519,
72            SignatureScheme::ED448,
73        ]
74    }
75}