rustls-dangerous 0.1.0

A dangerous implementation of ServerCertVerifier for rustls that disables all certificate validation. WARNING: Development and testing only!
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

#![doc = include_str!("../README.md")]
#![warn(missing_docs)]

//! ⚠️ **WARNING**: This crate provides a dangerous implementation of `ServerCertVerifier`
//! that disables all TLS certificate validation. It should **ONLY** be used for development,
//! testing, or debugging purposes. Using this in production is a critical security risk.
//!
//! ## Security Note
//!
//! This verifier accepts any server certificate without validation, making the application
//! vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept and
//! impersonate any TLS server.

use rustls::{Error, SignatureScheme, client::danger::{HandshakeSignatureValid, ServerCertVerifier}, pki_types::{CertificateDer, ServerName, UnixTime}};

/// A dangerous implementation of `ServerCertVerifier` that accepts any certificate without validation.
///
/// ⚠️ **WARNING**: This struct disables all TLS certificate verification checks. It should
/// **ONLY** be used for development and testing purposes where you understand and accept
/// the security implications.
///
/// # Example
///
/// ```ignore
/// use rustls::ClientConfig;
/// use rustls_dangerous::NoCertificateVerification;
///
/// let verifier = NoCertificateVerification;
/// let config = ClientConfig::builder()
///     .dangerous()
///     .with_custom_certificate_verifier(std::sync::Arc::new(verifier))
///     .with_no_client_auth();
/// ```
#[derive(Debug, Clone, Copy)]
pub struct NoCertificateVerification;

impl ServerCertVerifier for NoCertificateVerification {
    /// Verifies the server certificate chain.
    ///
    /// ⚠️ **DANGEROUS**: This implementation always returns success without performing
    /// any certificate validation. It skips all security checks including:
    /// - Certificate chain validation
    /// - Hostname verification
    /// - Certificate expiration checks
    /// - Certificate revocation checks
    /// - Signature verification
    ///
    /// # Arguments
    ///
    /// * `_end_entity` - The server's end entity certificate (ignored)
    /// * `_intermediates` - The intermediate certificates in the chain (ignored)
    /// * `_server_name` - The server's hostname (ignored)
    /// * `_ocsp` - OCSP response data (ignored)
    /// * `_now` - The current time (ignored)
    fn verify_server_cert(
        &self,
        _end_entity: &CertificateDer<'_>,
        _intermediates: &[CertificateDer<'_>],
        _server_name: &ServerName,
        _ocsp: &[u8],
        _now: UnixTime,
    ) -> Result<rustls::client::danger::ServerCertVerified, Error> {
        Ok(rustls::client::danger::ServerCertVerified::assertion())
    }

    /// Verifies a TLS 1.2 handshake signature.
    ///
    /// ⚠️ **DANGEROUS**: This implementation always returns success without verifying
    /// the signature. This means:
    /// - Any message with any signature will be accepted
    /// - The signature is not cryptographically verified
    /// - An attacker could forge handshake messages
    ///
    /// # Arguments
    ///
    /// * `_msg` - The message that was signed (ignored)
    /// * `_cert` - The certificate containing the public key (ignored)
    /// * `_dss` - The digitally signed struct containing the signature (ignored)
    fn verify_tls12_signature(
        &self,
        _msg: &[u8],
        _cert: &CertificateDer<'_>,
        _dss: &rustls::DigitallySignedStruct,
    ) -> Result<HandshakeSignatureValid, Error> {
        Ok(HandshakeSignatureValid::assertion())
    }

    /// Verifies a TLS 1.3 handshake signature.
    ///
    /// ⚠️ **DANGEROUS**: This implementation always returns success without verifying
    /// the signature. This means:
    /// - Any message with any signature will be accepted
    /// - The signature is not cryptographically verified
    /// - An attacker could forge handshake messages
    ///
    /// # Arguments
    ///
    /// * `_msg` - The message that was signed (ignored)
    /// * `_cert` - The certificate containing the public key (ignored)
    /// * `_dss` - The digitally signed struct containing the signature (ignored)
    fn verify_tls13_signature(
        &self,
        _msg: &[u8],
        _cert: &CertificateDer<'_>,
        _dss: &rustls::DigitallySignedStruct,
    ) -> Result<HandshakeSignatureValid, Error> {
        Ok(HandshakeSignatureValid::assertion())
    }

    /// Returns a comprehensive list of supported signature schemes.
    ///
    /// This includes modern and legacy schemes for compatibility:
    /// - RSA PKCS#1 with SHA-1, SHA-256, SHA-384, SHA-512
    /// - ECDSA with NIST P-256, P-384, P-521
    /// - RSA-PSS with SHA-256, SHA-384, SHA-512
    /// - EdDSA (Ed25519, Ed448)
    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
        vec![
            SignatureScheme::RSA_PKCS1_SHA1,
            SignatureScheme::RSA_PKCS1_SHA256,
            SignatureScheme::RSA_PKCS1_SHA384,
            SignatureScheme::RSA_PKCS1_SHA512,
            SignatureScheme::ECDSA_NISTP256_SHA256,
            SignatureScheme::ECDSA_NISTP384_SHA384,
            SignatureScheme::ECDSA_NISTP521_SHA512,
            SignatureScheme::RSA_PSS_SHA256,
            SignatureScheme::RSA_PSS_SHA384,
            SignatureScheme::RSA_PSS_SHA512,
            SignatureScheme::ED25519,
            SignatureScheme::ED448,
        ]
    }
    
    /// Indicates whether raw public keys are required.
    ///
    /// Returns `false` because certificate-based verification is used
    /// (though all checks are bypassed in this dangerous implementation).
    fn requires_raw_public_keys(&self) -> bool {
        false
    }
    
    /// Returns hints about acceptable root certificate subjects.
    ///
    /// Returns `None` because no certificate validation is performed
    /// in this dangerous implementation.
    fn root_hint_subjects(&self) -> Option<&[rustls::DistinguishedName]> {
        None
    }
}


#[cfg(test)]
mod tests {
    use super::*;
    use rustls::SignatureScheme;

    /// Tests the basic functionality of `NoCertificateVerification`.
    ///
    /// This test verifies:
    /// - The verifier supports a comprehensive set of signature schemes
    /// - The ED25519 signature scheme is included
    /// - Raw public keys are not required
    /// - Root certificate hints are not provided
    #[test]
    fn no_certificate_verification_basic() {
        let verifier = NoCertificateVerification;

        let schemes = verifier.supported_verify_schemes();
        assert!(schemes.contains(&SignatureScheme::ED25519));

        assert!(!verifier.requires_raw_public_keys());

        assert!(verifier.root_hint_subjects().is_none());
    }
}