Closed golddranks closed 7 years ago
inejge
commented
7 years ago Perhaps, but on first glance that would require heavy restructuring of the connection code, which I'm not prepared to do right now, the medium-term priority being StartTLS with the existing infrastructure. I haven't closely followed recent native-tls devlopment, but maybe they've added support for self-signed certs in the meantime; if so, I'd consider making it configurable.
golddranks
commented
7 years ago Indeed, native-tls allows adding custom certs using the add_root_certificate method on TlsConnector builder.
I implemented the needed APIs for providing the TlsConnector to work; check PR #11 . I already tested this with my LDAP server that has a self-signed certificate, and it works. If you want example code for this crate, I'm happy to provide some.
golddranks
commented
7 years ago I need this functionality in my work, so I'd be happy to see it pulled in. I don't mind if the API will break afterwards in newer releases because I can pin the version in Cargo. I'm also open for critique for the APIs.
inejge
commented
7 years ago Implemented and published, so I'm going to close this issue.
I need to connect to an LDAP server that is using self-signed certificates. I think that the most flexible way to manage to do this is to allow building the connection by providing a readymady TLS stream to the builder.