Skip to content

Commit b00b0be

Browse files
committed
fix: handle no-validation mode in MutualTLS configuration
1 parent 78d2ab3 commit b00b0be

2 files changed

Lines changed: 31 additions & 5 deletions

File tree

lib/src/auth/mod.rs

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ impl ClientCertificate {
2323

2424
#[derive(Debug, Clone, PartialEq)]
2525
pub struct MutualTLS {
26+
pub(crate) validation: bool,
2627
pub(crate) cert_file: Option<PathBuf>,
2728
pub(crate) client_cert: PathBuf,
2829
pub(crate) client_key: PathBuf,
@@ -35,9 +36,16 @@ impl MutualTLS {
3536
client_key: impl AsRef<Path>,
3637
) -> Self {
3738
MutualTLS {
39+
validation: true,
3840
cert_file: cert_file.map(|p| p.as_ref().to_path_buf()),
3941
client_cert: client_cert.as_ref().to_path_buf(),
4042
client_key: client_key.as_ref().to_path_buf(),
4143
}
4244
}
45+
pub fn with_no_validation(&self) -> Self {
46+
Self {
47+
validation: false,
48+
..self.clone()
49+
}
50+
}
4351
}

lib/src/connection.rs

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -402,7 +402,9 @@ impl ConnectionInfo {
402402
// do not apply validation if using a self-signed certificate,as the documentation suggests
403403
let config = if !validation {
404404
match tls_config {
405-
ConnectionTLSConfig::MutualTLS(_) => tls_config,
405+
ConnectionTLSConfig::MutualTLS(mtls) => {
406+
&ConnectionTLSConfig::MutualTLS(mtls.with_no_validation())
407+
}
406408
_ => &ConnectionTLSConfig::NoSSLValidation,
407409
}
408410
} else {
@@ -499,10 +501,26 @@ impl ConnectionInfo {
499501
.with_client_auth_cert(cert_certs.collect(), keys)
500502
.map_err(|_e| Error::ConnectionError)?
501503
} else {
502-
builder
503-
.with_root_certificates(RootCertStore::empty())
504-
.with_client_auth_cert(cert_certs.collect(), keys)
505-
.map_err(|_e| Error::ConnectionError)?
504+
if mutual.validation {
505+
match rustls_native_certs::load_native_certs() {
506+
Ok(certs) => {
507+
root_cert_store.add_parsable_certificates(certs);
508+
}
509+
Err(e) => {
510+
warn!("Failed to load native certificates: {e}");
511+
}
512+
}
513+
builder
514+
.with_root_certificates(root_cert_store)
515+
.with_client_auth_cert(cert_certs.collect(), keys)
516+
.map_err(|_e| Error::ConnectionError)?
517+
} else {
518+
builder
519+
.dangerous()
520+
.with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
521+
.with_client_auth_cert(cert_certs.collect(), keys)
522+
.map_err(|_e| Error::ConnectionError)?
523+
}
506524
}
507525
}
508526
};

0 commit comments

Comments
 (0)