Try to use a custom verifier for TLS #6564

charliermarsh · 2024-08-24T02:36:48Z

Summary

This is one attempt to do what's described in #4944 (comment). I'm stuck though because there is no public API to add an Identity to a client builder.

charliermarsh · 2024-08-24T02:37:26Z

crates/uv-client/src/base_client.rs

+                // If not, we use ring.
+                let provider = rustls::crypto::CryptoProvider::get_default()
+                    .map(|arc| arc.clone())
+                    .unwrap();


All the of above has to be vendored and kept in-sync with reqwest.

charliermarsh · 2024-08-24T02:37:48Z

crates/uv-client/src/base_client.rs

+                // Finalize TLS config
+                // STOPSHIP(charlie): Add `SSL_CERT` thing, it's private though? Ugh.
+                let mut tls = config_builder.with_no_client_auth();
+                tls.enable_sni = true;


Basically stuck here, we need to read SSL_CERT and add it to config_builder, but the APIs that reqwest uses aren't public.

charliermarsh marked this pull request as draft August 24, 2024 02:36

Try to use a custom verifier (oof)

574189a

charliermarsh force-pushed the charlie/tls branch from 001330e to 574189a Compare August 24, 2024 02:37

charliermarsh commented Aug 24, 2024

View reviewed changes

charliermarsh closed this Aug 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Try to use a custom verifier for TLS #6564

Try to use a custom verifier for TLS #6564

charliermarsh commented Aug 24, 2024

charliermarsh Aug 24, 2024

charliermarsh Aug 24, 2024

Try to use a custom verifier for TLS #6564

Try to use a custom verifier for TLS #6564

Conversation

charliermarsh commented Aug 24, 2024

Summary

charliermarsh Aug 24, 2024

Choose a reason for hiding this comment

charliermarsh Aug 24, 2024

Choose a reason for hiding this comment