solana_tls_utils/
skip_server_verification.rs

1use {
2    crate::crypto_provider,
3    rustls::{
4        client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
5        crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider},
6        pki_types::{CertificateDer, ServerName, UnixTime},
7        DigitallySignedStruct, Error, SignatureScheme,
8    },
9    std::{
10        fmt::{self, Debug, Formatter},
11        sync::Arc,
12    },
13};
14
15/// Implementation of [`ServerCertVerifier`] that ignores the server
16/// certificate. Yet still checks the TLS signatures.
17/// This is useful for turbine (where server verification is not feasible) and for tests
18/// Logic mostly copied from rustls examples.
19pub struct SkipServerVerification(Arc<CryptoProvider>);
20
21impl SkipServerVerification {
22    pub fn new() -> Arc<Self> {
23        Arc::new(Self(Arc::new(crypto_provider())))
24    }
25}
26
27impl ServerCertVerifier for SkipServerVerification {
28    fn verify_tls12_signature(
29        &self,
30        message: &[u8],
31        cert: &CertificateDer<'_>,
32        dss: &DigitallySignedStruct,
33    ) -> Result<HandshakeSignatureValid, Error> {
34        verify_tls12_signature(
35            message,
36            cert,
37            dss,
38            &self.0.signature_verification_algorithms,
39        )
40    }
41
42    fn verify_tls13_signature(
43        &self,
44        message: &[u8],
45        cert: &CertificateDer<'_>,
46        dss: &DigitallySignedStruct,
47    ) -> Result<HandshakeSignatureValid, Error> {
48        verify_tls13_signature(
49            message,
50            cert,
51            dss,
52            &self.0.signature_verification_algorithms,
53        )
54    }
55
56    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
57        self.0.signature_verification_algorithms.supported_schemes()
58    }
59
60    fn verify_server_cert(
61        &self,
62        _end_entity: &CertificateDer<'_>,
63        _intermediates: &[CertificateDer<'_>],
64        _server_name: &ServerName,
65        _ocsp_response: &[u8],
66        _now: UnixTime,
67    ) -> Result<ServerCertVerified, Error> {
68        Ok(ServerCertVerified::assertion())
69    }
70}
71
72impl Debug for SkipServerVerification {
73    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
74        f.debug_struct("SkipServerVerification")
75            .finish_non_exhaustive()
76    }
77}