min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Be a bit more emphatic about the danger

This commit is contained in:
Steven Fackler 2016-11-12 16:51:26 +00:00
parent 6b3599d319
commit 2f8301fc63
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssl/src/ssl/connector.rs
View File

@ -114,7 +114,7 @@ impl SslConnector {
/// You should think very carefully before you use this method. If hostname verification is not
/// used, *any* valid certificate for *any* site will be trusted for use from any other. This
/// introduces a significant vulnerability to man-in-the-middle attacks.
pub fn connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{

6
openssl/src/ssl/tests/mod.rs
View File

@ -1093,7 +1093,7 @@ fn connector_invalid_no_hostname_verification() {
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap();
connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s)
connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s)
.unwrap();
}
@ -1103,7 +1103,7 @@ fn connector_no_hostname_still_verifies() {
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp)
assert!(connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp)
.is_err());
}
@ -1115,7 +1115,7 @@ fn connector_no_hostname_can_disable_verify() {
connector.builder_mut().set_verify(SSL_VERIFY_NONE);
let connector = connector.build();
connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap();
connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap();
}
#[test]