fix: NoCertificateVerification implementation

It updates the `NoCertificateVerification` implementation of `rustls::client::danger::ServerCertVerifier` trait, it keeps the usage of both `ServerCertVerified::assertion()` and `HandshakeSignatureValid::assertion()` usage, but now instead of having an empty vector vector of supported `SignatureScheme`, it uses the ones supported by the used `CryptoProvider`.
bitcoindevkit · Sep 27, 2024 · 17a4152 · 17a4152
1 parent 0b97659
commit 17a4152
Showing 1 changed file with 27 additions and 18 deletions.
diff --git a/src/raw_client.rs b/src/raw_client.rs
@@ -299,46 +299,52 @@ impl RawClient<ElectrumSslStream> {
 ))]
 mod danger {
     use crate::raw_client::ServerName;
-    use rustls::client::danger::ServerCertVerified;
-    use rustls::pki_types::CertificateDer;
-    use rustls::pki_types::UnixTime;
-    use rustls::Error;
+    use rustls::pki_types::{CertificateDer, UnixTime};
+    use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified};
+    use rustls::crypto::CryptoProvider;
+    use rustls::DigitallySignedStruct;
 
     #[derive(Debug)]
-    pub struct NoCertificateVerification {}
+    pub struct NoCertificateVerification(CryptoProvider);
+
+    impl NoCertificateVerification {
+        pub fn new(provider: CryptoProvider) -> Self {
+            Self(provider)
+        }
+    }
 
     impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
         fn verify_server_cert(
             &self,
-            _end_entity: &CertificateDer,
-            _intermediates: &[CertificateDer],
-            _server_name: &ServerName,
-            _ocsp_response: &[u8],
+            _end_entity: &CertificateDer<'_>,
+            _intermediates: &[CertificateDer<'_>],
+            _server_name: &ServerName<'_>,
+            _ocsp: &[u8],
             _now: UnixTime,
-        ) -> Result<ServerCertVerified, Error> {
+        ) -> Result<ServerCertVerified, rustls::Error> {
             Ok(ServerCertVerified::assertion())
         }
 
         fn verify_tls12_signature(
             &self,
             _message: &[u8],
             _cert: &CertificateDer<'_>,
-            _dss: &rustls::DigitallySignedStruct,
-        ) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
-            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+            _dss: &DigitallySignedStruct,
+        ) -> Result<HandshakeSignatureValid, rustls::Error> {
+            Ok(HandshakeSignatureValid::assertion())
         }
 
         fn verify_tls13_signature(
             &self,
             _message: &[u8],
             _cert: &CertificateDer<'_>,
-            _dss: &rustls::DigitallySignedStruct,
-        ) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
-            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+            _dss: &DigitallySignedStruct,
+        ) -> Result<HandshakeSignatureValid, rustls::Error> {
+            Ok(HandshakeSignatureValid::assertion())
         }
 
         fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-            vec![]
+            self.0.signature_verification_algorithms.supported_schemes()
         }
     }
 }
@@ -420,7 +426,10 @@ impl RawClient<ElectrumSslStream> {
             builder
                 .dangerous()
                 .with_custom_certificate_verifier(std::sync::Arc::new(
-                    danger::NoCertificateVerification {},
+                    #[cfg(feature = "use-rustls")]
+                    danger::NoCertificateVerification::new(rustls::crypto::aws_lc_rs::default_provider()),
+                    #[cfg(feature = "use-rustls-ring")]
+                    danger::NoCertificateVerification::new(rustls::crypto::aws_lc_rs::default_provider()),
                 ))
                 .with_no_client_auth()
         };