Fix certificate verifier

2026-02-09 11:34:39 +01:00 · 2026-02-09 11:34:39 +01:00 · 9e98cb5f39
commit 9e98cb5f39
parent dec39cf2e3
3 changed files with 394 additions and 142 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -9,6 +9,7 @@ argp = "0.4.0"
 env_logger = "0.11.8"
 futures-util = "0.3.31"
 log = "0.4.28"
+rustls-platform-verifier = "0.6.2"
 sslrelay = { path = "../sslrelay", optional = true }
 static_cell = "2.1.1"
 tokio = { version = "1.48.0", features = ["io-util", "macros", "net", "rt", "rt-multi-thread", "sync", "time"]}
@ -40,4 +41,8 @@ ring = ["tokio-rustls/ring"]
 symcrypt = ["rustls-symcrypt"]

 [profile.release]
-#lto = "fat"
+lto = "fat"
+
+[patch.crates-io]
+rustls = { path = "../rustls/rustls" }
+rustls-platform-verifier = { path = "../rustls-platform-verifier/rustls-platform-verifier"}
--- a/src/client.rs
+++ b/src/client.rs
@ -3,6 +3,7 @@ use crate::{
 	util::ResponseStreamer,
 };

+use rustls_platform_verifier::BuilderVerifierExt;
 use std::{
 	collections::HashSet,
 	net::ToSocketAddrs,
@ -124,8 +125,10 @@ pub async fn play(

 	if use_tls {
 		let mut config = tokio_rustls::rustls::ClientConfig::builder()
-			.dangerous()
-			.with_custom_certificate_verifier(Arc::new(DummyCertVerifier))
+			//.dangerous()
+			//.with_custom_certificate_verifier(Arc::new(DummyCertVerifier))
+			.with_platform_verifier()
+			.unwrap()
 			.with_no_client_auth();
 		let mut enable_early_data = false;
 		for (var, val) in std::env::vars() {