use rustls::DistinguishedName; use rustls::Error; use rustls::SignatureScheme; use rustls::pki_types::CertificateDer; use rustls::pki_types::UnixTime; use rustls::DigitallySignedStruct; use rustls::client::danger::HandshakeSignatureValid; use rustls::server::danger::ClientCertVerified; use rustls::server::danger::ClientCertVerifier; #[derive(Debug)] pub struct FakeClientCertVerifier { pub dn: [DistinguishedName; 1], } impl ClientCertVerifier for FakeClientCertVerifier { fn root_hint_subjects(&self) -> &[DistinguishedName] { &self.dn } fn verify_client_cert( &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], _now: UnixTime, ) -> Result { Ok(ClientCertVerified::assertion()) } fn verify_tls12_signature( &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result { Ok(HandshakeSignatureValid::assertion()) } fn verify_tls13_signature( &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result { Ok(HandshakeSignatureValid::assertion()) } fn supported_verify_schemes(&self) -> Vec { vec![ SignatureScheme::RSA_PKCS1_SHA1, SignatureScheme::ECDSA_SHA1_Legacy, SignatureScheme::RSA_PKCS1_SHA256, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::RSA_PKCS1_SHA384, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::RSA_PKCS1_SHA512, SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::RSA_PSS_SHA256, SignatureScheme::RSA_PSS_SHA384, SignatureScheme::RSA_PSS_SHA512, SignatureScheme::ED25519, SignatureScheme::ED448, //SignatureScheme::Unknown(u16), ] } fn offer_client_auth(&self) -> bool { true } fn client_auth_mandatory(&self) -> bool { false } }