# rustls-dangerous
A minimalist Rust library that provides a **dangerous** implementation of `ServerCertVerifier` for the [rustls](https://github.com/rustls/rustls) TLS library.
⚠️ **WARNING**: This library disables all TLS certificate verification! It should **ONLY** be used for development, testing, or debugging purposes where you fully understand and accept the security risks.
## Overview
`NoCertificateVerification` is a `ServerCertVerifier` implementation that accepts any server certificate without validation. This can be useful for:
- Connecting to servers with self-signed certificates in development environments
- Testing TLS clients against test servers
- Debugging certificate-related issues
## Security Warning
**DO NOT USE THIS IN PRODUCTION!** This implementation bypasses critical security checks and makes your application vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept your TLS connections and impersonate any server.
## Installation
Add this to your `Cargo.toml`:
```toml
[dependencies]
rustls-dangerous = "0.1"
```
## Usage
```rust,ignore
use rustls::ClientConfig;
use rustls_dangerous::NoCertificateVerification;
use std::sync::Arc;
let verifier = NoCertificateVerification;
// Use with your rustls ClientConfig
let config = ClientConfig::builder()
.dangerous()
.with_custom_certificate_verifier(Arc::new(verifier))
.with_no_client_auth();
```
## Features
The `NoCertificateVerification` struct implements the `ServerCertVerifier` trait with the following behavior:
- **verify_server_cert**: Always returns success
- **verify_tls12_signature**: Always returns success
- **verify_tls13_signature**: Always returns success
- **supported_verify_schemes**: Supports a comprehensive set of signature schemes
- **requires_raw_public_keys**: Returns `false`
- **root_hint_subjects**: Returns `None`
## Testing
Run the test suite with:
```bash
cargo test
```
Run clippy to check for warnings:
```bash
cargo clippy
```
## License
See the LICENSE file for details.