diff options
| author | Steven Fackler <[email protected]> | 2016-11-12 16:51:26 +0000 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-12 16:51:26 +0000 |
| commit | 2f8301fc63114120b930fbb5779e383f1b100635 (patch) | |
| tree | ccc67f4e9d799c32a6d59b529d8a34914dd1876d | |
| parent | Add a connect method that does not perform hostname verification (diff) | |
| download | rust-openssl-2f8301fc63114120b930fbb5779e383f1b100635.tar.xz rust-openssl-2f8301fc63114120b930fbb5779e383f1b100635.zip | |
Be a bit more emphatic about the danger
| -rw-r--r-- | openssl/src/ssl/connector.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index f838edf4..39c19841 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -114,7 +114,7 @@ impl SslConnector { /// You should think very carefully before you use this method. If hostname verification is not /// used, *any* valid certificate for *any* site will be trusted for use from any other. This /// introduces a significant vulnerability to man-in-the-middle attacks. - pub fn connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>( + pub fn danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication<S>( &self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 855903c9..fb9a96b9 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1093,7 +1093,7 @@ fn connector_invalid_no_hostname_verification() { let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let s = TcpStream::connect("google.com:443").unwrap(); - connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) + connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) .unwrap(); } @@ -1103,7 +1103,7 @@ fn connector_no_hostname_still_verifies() { let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); - assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) + assert!(connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) .is_err()); } @@ -1115,7 +1115,7 @@ fn connector_no_hostname_can_disable_verify() { connector.builder_mut().set_verify(SSL_VERIFY_NONE); let connector = connector.build(); - connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); + connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); } #[test] |