I know this is just... wrong, and everyone should be using letsencrypt, or adding their self-signed cert as a trusted root. Allowing invalid SSL connections is still a "feature" that rust doesn't have, and I'd like to fix that.
This change adds an optional flag onto the
ClientBuilder to accept invalid certificates.
The validation logic treated the
RecoverableTrustFailure identically to the
FatalTrustFailure. Upon a limited reading of the documentation, it seems as though the intended use of the
RecoverableTrustFailure was to allow the user to opt into the insecure connection.
During validation, if we get a
RecoverableTrustFailure, and the user has opted into allowing invalid certs, I treat it just like a
Proceed. If the user has not opted-in, the result is the same as it was before.
In keeping with rust's theme of not wanting you to shoot yourself in the foot, I've named the function
danger_accept_invalid_certs(), and put a big warning in the doc comments. If you want this to be more obnoxious name, I'm open to suggestions.
I added a test-case from badssl.com. I also tested this by making connections to a variety of bad servers from my osx workstation.