rustls-dangerous 0.1.0

A dangerous implementation of ServerCertVerifier for rustls that disables all certificate validation. WARNING: Development and testing only!
Documentation
  • Coverage
  • 100%
    2 out of 2 items documented0 out of 1 items with examples
  • Size
  • Source code size: 21.64 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 415.72 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 1m 18s Average build duration of successful builds.
  • all releases: 1m 18s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Repository
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • jc4st3lls

rustls-dangerous

A minimalist Rust library that provides a dangerous implementation of ServerCertVerifier for the rustls TLS library.

⚠️ WARNING: This library disables all TLS certificate verification! It should ONLY be used for development, testing, or debugging purposes where you fully understand and accept the security risks.

Overview

NoCertificateVerification is a ServerCertVerifier implementation that accepts any server certificate without validation. This can be useful for:

  • Connecting to servers with self-signed certificates in development environments
  • Testing TLS clients against test servers
  • Debugging certificate-related issues

Security Warning

DO NOT USE THIS IN PRODUCTION! This implementation bypasses critical security checks and makes your application vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept your TLS connections and impersonate any server.

Installation

Add this to your Cargo.toml:

[dependencies]
rustls-dangerous = "0.1"

Usage

use rustls::ClientConfig;
use rustls_dangerous::NoCertificateVerification;
use std::sync::Arc;

let verifier = NoCertificateVerification;

// Use with your rustls ClientConfig
let config = ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(verifier))
    .with_no_client_auth();

Features

The NoCertificateVerification struct implements the ServerCertVerifier trait with the following behavior:

  • verify_server_cert: Always returns success
  • verify_tls12_signature: Always returns success
  • verify_tls13_signature: Always returns success
  • supported_verify_schemes: Supports a comprehensive set of signature schemes
  • requires_raw_public_keys: Returns false
  • root_hint_subjects: Returns None

Testing

Run the test suite with:

cargo test

Run clippy to check for warnings:

cargo clippy

License

See the LICENSE file for details.