mirror of https://github.com/ctz/rustls
Store the verifier in a Box
These objects are seldom created.
This commit is contained in:
parent
b5bddd3455
commit
9e3d7a497e
|
@ -135,8 +135,6 @@ impl rustls::ServerCertVerifier for NoVerification {
|
|||
}
|
||||
}
|
||||
|
||||
static NO_VERIFICATION: NoVerification = NoVerification {};
|
||||
|
||||
fn make_server_cfg(opts: &Options) -> Arc<rustls::ServerConfig> {
|
||||
let mut cfg = rustls::ServerConfig::new();
|
||||
let persist = rustls::ServerSessionMemoryCache::new(32);
|
||||
|
@ -149,7 +147,7 @@ fn make_server_cfg(opts: &Options) -> Arc<rustls::ServerConfig> {
|
|||
if opts.offer_no_client_cas || opts.require_any_client_cert {
|
||||
cfg.client_auth_offer = true;
|
||||
cfg.dangerous()
|
||||
.set_certificate_verifier(&NO_VERIFICATION);
|
||||
.set_certificate_verifier(Box::new(NoVerification {}));
|
||||
}
|
||||
|
||||
if opts.require_any_client_cert {
|
||||
|
@ -190,7 +188,7 @@ fn make_client_cfg(opts: &Options) -> Arc<rustls::ClientConfig> {
|
|||
}
|
||||
|
||||
cfg.dangerous()
|
||||
.set_certificate_verifier(&NO_VERIFICATION);
|
||||
.set_certificate_verifier(Box::new(NoVerification {}));
|
||||
|
||||
if !opts.protocols.is_empty() {
|
||||
cfg.set_protocols(&opts.protocols);
|
||||
|
|
|
@ -393,8 +393,6 @@ mod danger {
|
|||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
pub static NO_CERT_VERIFICATION: NoCertificateVerification = NoCertificateVerification {};
|
||||
}
|
||||
|
||||
#[cfg(feature = "dangerous_configuration")]
|
||||
|
@ -402,7 +400,7 @@ fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) {
|
|||
if args.flag_insecure {
|
||||
cfg
|
||||
.dangerous()
|
||||
.set_certificate_verifier(&danger::NO_CERT_VERIFICATION)
|
||||
.set_certificate_verifier(Box::new(danger::NoCertificateVerification {}));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -191,7 +191,7 @@ pub struct ClientConfig {
|
|||
pub versions: Vec<ProtocolVersion>,
|
||||
|
||||
/// How to verify the server certificate chain.
|
||||
verifier: &'static verify::ServerCertVerifier,
|
||||
verifier: Box<verify::ServerCertVerifier>,
|
||||
}
|
||||
|
||||
impl ClientConfig {
|
||||
|
@ -208,13 +208,13 @@ impl ClientConfig {
|
|||
client_auth_cert_resolver: Box::new(FailResolveClientCert {}),
|
||||
enable_tickets: true,
|
||||
versions: vec![ProtocolVersion::TLSv1_3, ProtocolVersion::TLSv1_2],
|
||||
verifier: &verify::WEB_PKI
|
||||
verifier: Box::new(verify::WebPKIVerifier {})
|
||||
}
|
||||
}
|
||||
|
||||
#[doc(hidden)]
|
||||
pub fn get_verifier(&self) -> &'static verify::ServerCertVerifier {
|
||||
self.verifier
|
||||
pub fn get_verifier(&self) -> &verify::ServerCertVerifier {
|
||||
self.verifier.as_ref()
|
||||
}
|
||||
|
||||
/// Set the ALPN protocol list to the given protocol names.
|
||||
|
@ -271,14 +271,17 @@ impl ClientConfig {
|
|||
/// Container for unsafe APIs
|
||||
#[cfg(feature = "dangerous_configuration")]
|
||||
pub mod danger {
|
||||
use super::ClientConfig;
|
||||
use super::verify::ServerCertVerifier;
|
||||
|
||||
pub struct DangerousClientConfig<'a> {
|
||||
pub cfg: &'a mut super::ClientConfig
|
||||
pub cfg: &'a mut ClientConfig
|
||||
}
|
||||
|
||||
impl<'a> DangerousClientConfig<'a> {
|
||||
/// Overrides the default `ServerCertVerifier` with something else.
|
||||
pub fn set_certificate_verifier(&mut self,
|
||||
verifier: &'static super::verify::ServerCertVerifier) {
|
||||
verifier: Box<ServerCertVerifier>) {
|
||||
self.cfg.verifier = verifier;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -130,7 +130,7 @@ pub struct ServerConfig {
|
|||
pub versions: Vec<ProtocolVersion>,
|
||||
|
||||
/// How to verify client certificates.
|
||||
verifier: &'static verify::ClientCertVerifier,
|
||||
verifier: Box<verify::ClientCertVerifier>,
|
||||
}
|
||||
|
||||
/// Something which never stores sessions.
|
||||
|
@ -270,13 +270,13 @@ impl ServerConfig {
|
|||
client_auth_offer: false,
|
||||
client_auth_mandatory: false,
|
||||
versions: vec![ ProtocolVersion::TLSv1_3, ProtocolVersion::TLSv1_2 ],
|
||||
verifier: &verify::WEB_PKI
|
||||
verifier: Box::new(verify::WebPKIVerifier {}),
|
||||
}
|
||||
}
|
||||
|
||||
#[doc(hidden)]
|
||||
pub fn get_verifier(&self) -> &'static verify::ClientCertVerifier {
|
||||
self.verifier
|
||||
pub fn get_verifier(&self) -> &verify::ClientCertVerifier {
|
||||
self.verifier.as_ref()
|
||||
}
|
||||
|
||||
/// Sets the session persistence layer to `persist`.
|
||||
|
@ -331,14 +331,17 @@ impl ServerConfig {
|
|||
/// Container for unsafe APIs
|
||||
#[cfg(feature = "dangerous_configuration")]
|
||||
pub mod danger {
|
||||
use super::ServerConfig;
|
||||
use super::verify::ClientCertVerifier;
|
||||
|
||||
pub struct DangerousServerConfig<'a> {
|
||||
pub cfg: &'a mut super::ServerConfig
|
||||
pub cfg: &'a mut ServerConfig
|
||||
}
|
||||
|
||||
impl<'a> DangerousServerConfig<'a> {
|
||||
/// Overrides the default `ClientCertVerifier` with something else.
|
||||
pub fn set_certificate_verifier(&mut self,
|
||||
verifier: &'static super::verify::ClientCertVerifier) {
|
||||
verifier: Box<ClientCertVerifier>) {
|
||||
self.cfg.verifier = verifier;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,7 +46,6 @@ pub trait ClientCertVerifier : Send + Sync {
|
|||
}
|
||||
|
||||
pub struct WebPKIVerifier {}
|
||||
pub static WEB_PKI: WebPKIVerifier = WebPKIVerifier {};
|
||||
|
||||
impl ServerCertVerifier for WebPKIVerifier {
|
||||
fn verify_server_cert(&self,
|
||||
|
|
|
@ -35,7 +35,7 @@ fn bench<Fsetup, Ftest, S>(count: usize, name: &'static str, f_setup: Fsetup, f_
|
|||
times.iter().min().unwrap() / 1000);
|
||||
}
|
||||
|
||||
static V: &'static verify::WebPKIVerifier = &verify::WEB_PKI;
|
||||
static V: &'static verify::WebPKIVerifier = &verify::WebPKIVerifier {};
|
||||
|
||||
#[test]
|
||||
fn test_reddit_cert() {
|
||||
|
|
Loading…
Reference in New Issue