tekjar
commented
5 years ago Rustls is the default now and I don't think it supports disabling ca verification.
Open opensourcegeek opened 5 years ago
tekjar
commented
5 years ago Rustls is the default now and I don't think it supports disabling ca verification.
TotalKrill
commented
5 years ago @tekjar Seems you are correct, however this would be nice for development.
https://docs.rs/rustls/0.15.2/rustls/#rustls-takes-care-of-server-certificate-verification
opensourcegeek
commented
5 years ago @tekjar @TotalKrill - I haven't looked into rustls api in great detail, but possibly this is something that's not exposed in ring? I'll have a look to see what are the alternatives. This is a super handy feature for local dev/CI/lower environments which probably is useful for other servers/clients as well not just for MQTT broker/client.
There used to be set_should_verify_ca method on MqttOptions type, along with other methods that are all gone, which is fine but I'm not sure what is the equivalent of set_should_verify_ca method in new version. I can find most other methods have an equivalent but not this one.
There were self signed certs used for tests and lower environments in my case and I'm having to upgrade to newer version of rumqtt. I can see I need to use the new ConnectionMethod::Tls but there is no way of setting it to not verify the CA. Thanks