From 2f8301fc63114120b930fbb5779e383f1b100635 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 12 Nov 2016 16:51:26 +0000 Subject: [PATCH] Be a bit more emphatic about the danger --- openssl/src/ssl/connector.rs | 2 +- openssl/src/ssl/tests/mod.rs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index f838edf4..39c19841 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -114,7 +114,7 @@ impl SslConnector { /// You should think very carefully before you use this method. If hostname verification is not /// used, *any* valid certificate for *any* site will be trusted for use from any other. This /// introduces a significant vulnerability to man-in-the-middle attacks. - pub fn connect_without_providing_domain_for_certificate_verification_and_server_name_indication( + pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication( &self, stream: S) -> Result, HandshakeError> where S: Read + Write { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 855903c9..fb9a96b9 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1093,7 +1093,7 @@ fn connector_invalid_no_hostname_verification() { let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let s = TcpStream::connect("google.com:443").unwrap(); - connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) + connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) .unwrap(); } @@ -1103,7 +1103,7 @@ fn connector_no_hostname_still_verifies() { let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); - assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) + assert!(connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) .is_err()); } @@ -1115,7 +1115,7 @@ fn connector_no_hostname_can_disable_verify() { connector.builder_mut().set_verify(SSL_VERIFY_NONE); let connector = connector.build(); - connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); + connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); } #[test]