min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Be a bit more emphatic about the danger

This commit is contained in:
Steven Fackler 2016-11-12 16:51:26 +00:00
parent 6b3599d319
commit 2f8301fc63
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssl/src/ssl/connector.rs
View File

@ -114,7 +114,7 @@ impl SslConnector {
/// You should think very carefully before you use this method. If hostname verification is not /// You should think very carefully before you use this method. If hostname verification is not
/// used, *any* valid certificate for *any* site will be trusted for use from any other. This /// used, *any* valid certificate for *any* site will be trusted for use from any other. This
/// introduces a significant vulnerability to man-in-the-middle attacks. /// introduces a significant vulnerability to man-in-the-middle attacks.
pub fn connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>( pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> &self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write where S: Read + Write
{ {

6
openssl/src/ssl/tests/mod.rs
View File

@ -1093,7 +1093,7 @@ fn connector_invalid_no_hostname_verification() {
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap(); let s = TcpStream::connect("google.com:443").unwrap();
connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s)
.unwrap(); .unwrap();
} }
@ -1103,7 +1103,7 @@ fn connector_no_hostname_still_verifies() {
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) assert!(connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp)
.is_err()); .is_err());
} }
@ -1115,7 +1115,7 @@ fn connector_no_hostname_can_disable_verify() {
connector.builder_mut().set_verify(SSL_VERIFY_NONE); connector.builder_mut().set_verify(SSL_VERIFY_NONE);
let connector = connector.build(); let connector = connector.build();
connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap();
} }
#[test] #[test]