let mut tls = rustls::ClientConfig::builder().dangerous().with_custom_certificate_verifier(Arc::new(NoRootCertVerifier)).with_no_client_auth();let mut client_builder = reqwest::Client::builder().timeout(Duration::from_secs(200000)).connect_timeout(Duration::from_secs(10)).tcp_nodelay(true).use_preconfigured_tls(tls);let client = client_builder.build()?;问题1:Unknown TLS backend passed to "use_preconfigured_tls
处理方案:对齐reqwest库里面的rustls版本和本工程里面的rustls版本,这个是因为版本不一致时候,use_preconfigured_tls方法会判断类型错误,导致识别失败unknown
#[cfg(any(feature = "native-tls", feature = "__rustls",))]#[cfg_attr(docsrs, doc(cfg(any(feature = "native-tls", feature = "rustls-tls"))))]pub fn use_preconfigured_tls(mut self, tls: impl Any) -> ClientBuilder {init_logger();let mut tls = Some(tls);#[cfg(feature = "native-tls")]{if let Some(conn) = (&mut tls as &mut dyn Any).downcast_mut::<Option<TlsConnector>>() {let tls = conn.take().expect("is definitely Some");let tls = crate::tls::TlsBackend::BuiltNativeTls(tls);self.config.tls = tls;return self;}}#[cfg(feature = "__rustls")]{if let Some(conn) =(&mut tls as &mut dyn Any).downcast_mut::<Option<rustls::ClientConfig>>(){let tls = conn.take().expect("is definitely Some");let tls = crate::tls::TlsBackend::BuiltRustls(tls);self.config.tls = tls;return self;}}// Otherwise, we don't recognize the TLS backend!self.config.tls = crate::tls::TlsBackend::UnknownPreconfigured;self}所以这里必须保证reqwest引用的rustls库和本地工程一致
#[derive(Debug)]struct NoRootCertVerifier;impl ServerCertVerifier for NoRootCertVerifier {fn verify_server_cert(&self,_end_entity: &CertificateDer<'_>,_intermediates: &[CertificateDer<'_>],_server_name: &ServerName<'_>,_ocsp_response: &[u8],_now: UnixTime,) -> Result<ServerCertVerified, Error> {// 在这里实现自签名证书的验证逻辑log::info!("verify_server_cert");Ok(ServerCertVerified::assertion())}fn verify_tls12_signature(&self,_message: &[u8],_cert: &CertificateDer<'_>,_dss: &DigitallySignedStruct,) -> Result<HandshakeSignatureValid, Error> {// 实现 TLS 1.2 签名验证逻辑log::info!("verify_tls12_signature");Ok(HandshakeSignatureValid::assertion())}fn verify_tls13_signature(&self,_message: &[u8],_cert: &CertificateDer<'_>,_dss: &DigitallySignedStruct,) -> Result<HandshakeSignatureValid, Error> {// 实现 TLS 1.3 签名验证逻辑log::info!("verify_tls13_signature");Ok(HandshakeSignatureValid::assertion())}fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {vec![SignatureScheme::RSA_PKCS1_SHA1,SignatureScheme::ECDSA_SHA1_Legacy,SignatureScheme::RSA_PKCS1_SHA256,SignatureScheme::ECDSA_NISTP256_SHA256,SignatureScheme::RSA_PKCS1_SHA384,SignatureScheme::ECDSA_NISTP384_SHA384,SignatureScheme::RSA_PKCS1_SHA512,SignatureScheme::ECDSA_NISTP521_SHA512,SignatureScheme::RSA_PSS_SHA256,SignatureScheme::RSA_PSS_SHA384,SignatureScheme::RSA_PSS_SHA512,SignatureScheme::ED25519,SignatureScheme::ED448,]}}
以上就是实现不校验签名的逻辑,后续自己可以在对应回调进行逻辑判断