fix(insecure-tls): NoCertificateVerification
implementation
#150
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #149 bitcoindevkit/bdk#1598
Description
It has been noticed some issues by both users and developers, as reported in #149, bitcoindevkit/bdk#1598 and wizardsardine/liana#1300, when using the library with
use-rustls-{ring}
feature to connect to electrum servers that use self-signed certificates, there are even some issues when trying to connect tossl://electrum.blockstream.info:50002
server.To connect in an insecure manner either with
rustls
oropenssl
features, the user can set thevalidate_domain
field in theConfig
to false, this will either set theSslVerifyMode::NONE
when usingopenssl
, or use the customNoCertificateVerification
for therustls::client::danger::ServerCertVerifier
trait when usingrustls
, that said it should ignore the certificate verification when used.At the current library state, it's failing because we didn't set up the supported
rustls::SignatureScheme
properly, returning an empty vector at the moment. This PR focuses on fixing this issue by relying on theCryptoProvider
in usage to get the correct and supported signature schemes.As part of the research to understand the problem, I've noticed that ideally, we should still use both the
rustls::webpki::verify_tls12_signature
andrustls::webpki::verify_tls12_signature
and only rely onrustls::client::danger::ServerCertVerified::assertion()
to ignore the certificate verification, however, it would still fail in scenarios such as bitcoindevkit/bdk#1598 which uses X.509 certificates with any version other than 3 (it uses version 1), see here.I kept the current behavior to also ignore the TLS signature, but I still would like to bring this to the discussion, should we validate it properly and update the documentation to mention the
webpki
limitation instead ?Notes to the reviewers
I kept the current behavior to also ignore the TLS signature, but I still would like to bring this to the discussion, should we validate it properly and update the documentation to mention the
webpki
limitation instead ?Changelog notice
NoCertificateVerification
implementation for therustls::client::danger::ServerCertVerifier
to use therustls::SignatureScheme
fromCryptoProvider
in use.Checklists
All Submissions:
cargo fmt
andcargo clippy
before committingNew Features:
Bugfixes: