Struct NoCertificateVerification 

pub struct NoCertificateVerification;

A dangerous implementation of ServerCertVerifier that accepts any certificate without validation.

⚠️ WARNING: This struct disables all TLS certificate verification checks. It should ONLY be used for development and testing purposes where you understand and accept the security implications.

Example

use rustls::ClientConfig;
use rustls_dangerous::NoCertificateVerification;

let verifier = NoCertificateVerification;
let config = ClientConfig::builder()
    .dangerous()
    .with_custom_certificate_verifier(std::sync::Arc::new(verifier))
    .with_no_client_auth();

Trait Implementations

impl Clone for NoCertificateVerification

fn clone(&self) -> NoCertificateVerification

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for NoCertificateVerification

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ServerCertVerifier for NoCertificateVerification

fn verify_server_cert( &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], _server_name: &ServerName<'_>, _ocsp: &[u8], _now: UnixTime, ) -> Result<ServerCertVerified, Error>

Verifies the server certificate chain.

⚠️ DANGEROUS: This implementation always returns success without performing any certificate validation. It skips all security checks including:

• Certificate chain validation
• Hostname verification
• Certificate expiration checks
• Certificate revocation checks
• Signature verification

Arguments

• _end_entity - The server’s end entity certificate (ignored)
• _intermediates - The intermediate certificates in the chain (ignored)
• _server_name - The server’s hostname (ignored)
• _ocsp - OCSP response data (ignored)
• _now - The current time (ignored)

fn verify_tls12_signature( &self, _msg: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verifies a TLS 1.2 handshake signature.

⚠️ DANGEROUS: This implementation always returns success without verifying the signature. This means:

• Any message with any signature will be accepted
• The signature is not cryptographically verified
• An attacker could forge handshake messages

Arguments

• _msg - The message that was signed (ignored)
• _cert - The certificate containing the public key (ignored)
• _dss - The digitally signed struct containing the signature (ignored)

fn verify_tls13_signature( &self, _msg: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verifies a TLS 1.3 handshake signature.

⚠️ DANGEROUS: This implementation always returns success without verifying the signature. This means:

• Any message with any signature will be accepted
• The signature is not cryptographically verified
• An attacker could forge handshake messages

Arguments

• _msg - The message that was signed (ignored)
• _cert - The certificate containing the public key (ignored)
• _dss - The digitally signed struct containing the signature (ignored)

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

Returns a comprehensive list of supported signature schemes.

This includes modern and legacy schemes for compatibility:

• RSA PKCS#1 with SHA-1, SHA-256, SHA-384, SHA-512
• ECDSA with NIST P-256, P-384, P-521
• RSA-PSS with SHA-256, SHA-384, SHA-512
• EdDSA (Ed25519, Ed448)

fn requires_raw_public_keys(&self) -> bool

Indicates whether raw public keys are required.

Returns false because certificate-based verification is used (though all checks are bypassed in this dangerous implementation).

fn root_hint_subjects(&self) -> Option<&[DistinguishedName]>

Returns hints about acceptable root certificate subjects.

Returns None because no certificate validation is performed in this dangerous implementation.

impl Copy for NoCertificateVerification