Add a connect method that does not perform hostname verification

The method name is intentionally painful to type to discourage its use
2016-11-12 16:45:18 +00:00 · 2016-11-12 16:45:18 +00:00 · 6b3599d319
parent 7cdb58bc47
commit 6b3599d319
2 changed files with 49 additions and 4 deletions
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@ -61,6 +61,7 @@ impl SslConnectorBuilder {
        try!(ctx.set_cipher_list("ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:\
                                  DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:\
                                  RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
+        ctx.set_verify(SSL_VERIFY_PEER);

        Ok(SslConnectorBuilder(ctx))
    }
@ -103,6 +104,22 @@ impl SslConnector {

        ssl.connect(stream)
    }
+
+    /// Initiates a client-side TLS session on a stream without performing hostname verification.
+    ///
+    /// The verification configuration of the connector's `SslContext` is not overridden.
+    ///
+    /// # Warning
+    ///
+    /// You should think very carefully before you use this method. If hostname verification is not
+    /// used, *any* valid certificate for *any* site will be trusted for use from any other. This
+    /// introduces a significant vulnerability to man-in-the-middle attacks.
+    pub fn connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>(
+            &self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
+        where S: Read + Write
+    {
+        try!(Ssl::new(&self.0)).connect(stream)
+    }
 }

 /// A builder for `SslAcceptor`s.
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@ -17,10 +17,8 @@ use tempdir::TempDir;
 use dh::Dh;
 use hash::MessageDigest;
 use ssl;
-use ssl::SSL_VERIFY_PEER;
-use ssl::{SslMethod, HandshakeError};
-use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder,
-          Error};
+use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult,
+    SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE};
 use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM};
 #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
 use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
@ -1090,6 +1088,36 @@ fn connector_invalid_hostname() {
    assert!(connector.connect("foobar.com", s).is_err());
 }

+#[test]
+fn connector_invalid_no_hostname_verification() {
+    let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
+
+    let s = TcpStream::connect("google.com:443").unwrap();
+    connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s)
+        .unwrap();
+}
+
+#[test]
+fn connector_no_hostname_still_verifies() {
+    let (_s, tcp) = Server::new();
+
+    let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
+
+    assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp)
+        .is_err());
+}
+
+#[test]
+fn connector_no_hostname_can_disable_verify() {
+    let (_s, tcp) = Server::new();
+
+    let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
+    connector.builder_mut().set_verify(SSL_VERIFY_NONE);
+    let connector = connector.build();
+
+    connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap();
+}
+
 #[test]
 fn connector_client_server_mozilla_intermediate() {
    let listener = TcpListener::bind("127.0.0.1:0").unwrap();