tokio-tls: programmatic control over certificate validation
Migrated from issue in the deprecated repository tokio-rs/tokio-tls#42
I'm trying to use tokio-tls in a non-HTTP scenario with self-signed certificates building a peer to peer connection. All I want is essentially a Diffie-Hellman key exchange and an encrypted channel. During the handshake I'd like to avoid the usual PKI trust chain and let peers decide programatically if they trust the certificate of the other party.
To achieve this, the usual way is to provide a hook for a callback function where certificate of the peer can be validated. In Java you can set a custom TrustManager while initializing your SslContext. Also, crate rustls nicely supports this like shown here, but I'd like the same thing in Tokio without blocking.
I've found no way to achieve this with tokio-tls. Is this possible somehow out of the box? If not, is it hard to add to the library?
FYI @aep @Silur (with comments on the old one)
izolyomi
All 5 comments
I swapped TLS for noise entirely instead. TLS is way too complicated.
aep
on 9 Aug 2018
This is already possible with danger_accept_invalid_certs. If you build the TlsConnector yourself, you can convert it into the tokio-tls version of TlsConnector.
Personal statement of support here for using Noise instead of TLS. :P It feels like a backwards step to use TLS in a way that doesn't involve certificate validation.
tobz
on 10 Aug 2018
Maybe I misunderstand something, but I have to disagree here, I think your proposal is very different from what I asked about. You basically suggest to turn off the safety checks by ignoring validation features uniformly for all certificates. Contrary, I'd like to customize validation by providing something similar to a predicate like Fn(Certificate) -> bool where I can programatically decide based on any custom ruleset I want, potentially overriding choices of the default trust chain.
As I've shown above, it's a common feature of SSL/TLS toolchains in most languages, also crate rustls provides this by letting you define your own ServerCertVerifier::verify_server_cert(). I still think tokio-tls lacks this completely.
izolyomi
on 10 Aug 2018
native-tls is the underlying crate which is wrapped to provide TLS; you need to file an issue there if you want something more than disabling normal certificate validation.
tokio-tls itself wouldn't be able to provide you what you want unless native-tls too supported it.
tobz
on 11 Aug 2018
Closing due to inactivity.
carllerche
on 24 Jun 2019
Related issues
carllerche
路
3Comments
hawkw
路
5Comments
jonhoo
路
3Comments
RAnders00
路
4Comments
carllerche
路
4Comments
Most helpful comment
Maybe I misunderstand something, but I have to disagree here, I think your proposal is very different from what I asked about. You basically suggest to turn off the safety checks by ignoring validation features uniformly for all certificates. Contrary, I'd like to customize validation by providing something similar to a predicate like
Fn(Certificate) -> boolwhere I can programatically decide based on any custom ruleset I want, potentially overriding choices of the default trust chain.As I've shown above, it's a common feature of SSL/TLS toolchains in most languages, also crate
rustlsprovides this by letting you define your ownServerCertVerifier::verify_server_cert(). I still thinktokio-tlslacks this completely.