Skip to main content

Crate rustls_dangerous

Crate rustls_dangerous 

Source
Expand description

§rustls-dangerous

A minimalist Rust library that provides a dangerous implementation of ServerCertVerifier for the rustls TLS library.

⚠️ WARNING: This library disables all TLS certificate verification! It should ONLY be used for development, testing, or debugging purposes where you fully understand and accept the security risks.

§Overview

NoCertificateVerification is a ServerCertVerifier implementation that accepts any server certificate without validation. This can be useful for:

  • Connecting to servers with self-signed certificates in development environments
  • Testing TLS clients against test servers
  • Debugging certificate-related issues

§Security Warning

DO NOT USE THIS IN PRODUCTION! This implementation bypasses critical security checks and makes your application vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept your TLS connections and impersonate any server.

§Installation

Add this to your Cargo.toml:

[dependencies]
rustls-dangerous = "0.1"

§Usage

use rustls::ClientConfig;
use rustls_dangerous::NoCertificateVerification;
use std::sync::Arc;

let verifier = NoCertificateVerification;

// Use with your rustls ClientConfig
let config = ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(Arc::new(verifier))
    .with_no_client_auth();

§Features

The NoCertificateVerification struct implements the ServerCertVerifier trait with the following behavior:

  • verify_server_cert: Always returns success
  • verify_tls12_signature: Always returns success
  • verify_tls13_signature: Always returns success
  • supported_verify_schemes: Supports a comprehensive set of signature schemes
  • requires_raw_public_keys: Returns false
  • root_hint_subjects: Returns None

§Testing

Run the test suite with:

cargo test

Run clippy to check for warnings:

cargo clippy

§License

See the LICENSE file for details. ⚠️ WARNING: This crate provides a dangerous implementation of ServerCertVerifier that disables all TLS certificate validation. It should ONLY be used for development, testing, or debugging purposes. Using this in production is a critical security risk.

§Security Note

This verifier accepts any server certificate without validation, making the application vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept and impersonate any TLS server.

Structs§

NoCertificateVerification
A dangerous implementation of ServerCertVerifier that accepts any certificate without validation.