Support connecting to IP addresses #564
Comments
|
IDK it works for me (with my custom certificate verifier code). |
|
@demimarie-parity can you elaborate on the exact error behavior you're seeing? |
|
In what repo is your code @est31 ? |
|
@burdges not public (yet). All I did was: /// A certificate verifier that accepts any certificate
struct NullVerifier;
impl rustls::ServerCertVerifier for NullVerifier {
fn verify_server_cert(
&self,
_roots :&rustls::RootCertStore,
_presented_certs :&[rustls::Certificate],
_dns_name :webpki::DNSNameRef,
_ocsp_response :&[u8],
) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
Ok(rustls::ServerCertVerified::assertion())
}
}
let mut client_config = quinn::ClientConfigBuilder::default();
let mut client_config = client_config.build();
// Trust all certificates
Arc::get_mut(&mut client_config.crypto).unwrap().dangerous()
.set_certificate_verifier(Arc::new(NullVerifier));For the moment that's enough for my purposes. |
|
@djc I get |
|
@demimarie-parity I'm hardcoding the hostname, maybe that's the difference? let url = "127.0.0.1:4000";
let url = url.to_socket_addrs()?.next().expect("socket addr expected");
endpoint.connect(url, "something")?; |
|
See also briansmith/webpki#54 and rustls/rustls#184. If you hardcode a valid garbage hostname (e.g. any alphabetic ASCII string) and use a custom cert verifier I think that should get the behavior you want in lieu of extensions to the underlying libraries. |
|
BTW, I know Brian Smith is open to adding support, but he has been looking for a sponsor for the work involved. Maybe Parity can support that? |
|
This should be supported since rustls/webpki#5. |
Quinn currently errors out if I try to connect to an IP address, presumably because webpki does not support them. However, my code uses a custom certificate verifier that does not use webpki.
The text was updated successfully, but these errors were encountered: