search

hyperium / hyper-tls

Apache License 2.0
189 stars 96 forks source link

Using Self Signed Certificate with TLS #11

Closed FarooqKhan closed 6 years ago

FarooqKhan commented 6 years ago

Do you have a working example of using a Self Signed Certificate with hyper-tls

I have tried several ways to do it but not succeeded.

Thanks

astonbitecode commented 6 years ago

You can try this.

ghost commented 6 years ago

It's been months, @FarooqKhan should probably close this.

FarooqKhan commented 6 years ago

Solved it eventually, since then I have changed my project so I am unable to update here the working code. But this can be closed

nbigaouette-eai commented 5 years ago

I'm trying to trust a specific self-signed certificate using restson/hyper-tls/native-tls but cannot wrap my head around this...

The site http://www.jalg.net/2017/09/hyper-client-and-self-signed-certs is now offline so the information that was there disappeared (even wayback machine doesn't have a snapshot).

I couldn't find any docs or example doing so... How can this be achieved?

Thanks!!

astonbitecode commented 5 years ago

A quick google search brought this up: http://algermissen.io/2017/09/hyper-client-and-self-signed-certs

nbigaouette-eai commented 5 years ago

Thanks for the updated link! My google-foo couldn't find it... :(

I'm not sure the description there is sufficient though.

The piece of code on that site is:

let mut f = File::open("/...my cert file").unwrap();
let mut buffer = vec![];
f.read_to_end(&mut buffer).unwrap();
let cert = Certificate::from_der(buffer.as_slice()).unwrap();

let mut http = HttpConnector::new(4, handle);
http.enforce_http(false);

let mut tls = TlsConnector::builder().unwrap();
tls.add_root_certificate(cert);
let mut tls = tls.build().unwrap();

let ct = HttpsConnector::from((http, tls));
let client = Client::configure().connector(ct).build(handle);

I think TlsConnector comes from native-tls (https://docs.rs/native-tls/0.2.2/native_tls/struct.TlsConnector.html) which hyper-tls does not expose. So a project depending on hyper-tls only cannot use this if I understand correctly.

sfackler commented 5 years ago

https://docs.rs/hyper-tls/0.3.1/src/hyper_tls/client.rs.html#62-70

nbigaouette-eai commented 5 years ago

Thanks. I've described in https://github.com/spietika/restson-rust/pull/20 how I've made my client accept the self-signed certificate.

The main issue was that I was missing the tls_connector_builder.danger_accept_invalid_hostnames(true) which was required for that specific server.