ios_core/proto/
tls.rs

1use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
2use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
3use rustls::SignatureScheme;
4
5/// Accepts any server certificate. This matches Apple's lockdown/RSD flows where
6/// devices present ephemeral self-signed certificates and the channel is trusted
7/// via pairing or transport-level assumptions instead of PKI.
8#[derive(Debug)]
9pub struct InsecureSkipVerify;
10
11impl ServerCertVerifier for InsecureSkipVerify {
12    fn verify_server_cert(
13        &self,
14        _end_entity: &CertificateDer<'_>,
15        _intermediates: &[CertificateDer<'_>],
16        _server_name: &ServerName<'_>,
17        _ocsp_response: &[u8],
18        _now: UnixTime,
19    ) -> Result<ServerCertVerified, rustls::Error> {
20        Ok(ServerCertVerified::assertion())
21    }
22
23    fn verify_tls12_signature(
24        &self,
25        _message: &[u8],
26        _cert: &CertificateDer<'_>,
27        _dss: &rustls::DigitallySignedStruct,
28    ) -> Result<HandshakeSignatureValid, rustls::Error> {
29        Ok(HandshakeSignatureValid::assertion())
30    }
31
32    fn verify_tls13_signature(
33        &self,
34        _message: &[u8],
35        _cert: &CertificateDer<'_>,
36        _dss: &rustls::DigitallySignedStruct,
37    ) -> Result<HandshakeSignatureValid, rustls::Error> {
38        Ok(HandshakeSignatureValid::assertion())
39    }
40
41    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
42        vec![
43            SignatureScheme::RSA_PKCS1_SHA256,
44            SignatureScheme::ECDSA_NISTP256_SHA256,
45            SignatureScheme::RSA_PKCS1_SHA384,
46            SignatureScheme::ECDSA_NISTP384_SHA384,
47            SignatureScheme::RSA_PSS_SHA256,
48            SignatureScheme::RSA_PSS_SHA384,
49            SignatureScheme::RSA_PSS_SHA512,
50        ]
51    }
52}
ios_core/proto/tls.rs

ios_core/proto/
tls.rs
