Add flag for allowing TLS connections to verify the server CA

AtherEnergy / rumqtt

Pure rust mqtt cilent

The Unlicense

202 stars 71 forks source link

Add flag for allowing TLS connections to verify the server CA #23

Closed rschifflin closed 8 years ago

rschifflin commented 8 years ago

@kteza1 While using this library I noticed the TLS connection is hard-coded to ignore the server's certificate. I added a flag to control this behavior instead, which the user can set with set_should_verify_ca(bool). It defaults to true, so this may break some integration tests that relied on the previous default permissive behavior. Right now the only failing cargo test is the same failure from master. Let me know what you think.

tekjar commented 8 years ago

While using this library I noticed the TLS connection is hard-coded to ignore the server's certificate. I added a flag to control this behavior instead, which the user can set with set_should_verify_ca(bool)

I wasn't testing TLS much yet but that was very bad default config from me :)

It defaults to true, so this may break some integration tests that relied on the previous default permissive behavior.

There aren't any tests with TLS yet ( would love some)

I've manually tested this and it looks good. Thanks a lot @rschifflin :)