From 9ec4e7192aa80d38d968e5989742ba10fbbbe575 Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Tue, 23 Mar 2021 17:00:32 -0700
Subject: [PATCH] Add -k option to cureq example (#342)

By analogy with curl, this turns off certificate verification. Requires
enabling the "dangerous_configuration" feature in the rustls dependency.
---
 Cargo.toml             |  3 ++-
 examples/cureq/main.rs | 34 ++++++++++++++++++++++++++++++----
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 8dce6ab..b755086 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -30,7 +30,7 @@ cookie = { version = "0.15", features = ["percent-encode"], optional = true}
 once_cell = "1"
 url = "2"
 socks = { version = "0.3.2", optional = true }
-rustls = { version = "0.19", optional = true, features = [] }
+rustls = { version = "0.19", optional = true }
 webpki = { version = "0.21", optional = true }
 webpki-roots = { version = "0.21", optional = true }
 rustls-native-certs = { version = "0.5", optional = true }
@@ -43,6 +43,7 @@ log = "0.4.11"
 [dev-dependencies]
 serde = { version = "1", features = ["derive"] }
 env_logger = "0.8.1"
+rustls = { version = "0.19", features = ["dangerous_configuration"] }
 
 [[example]]
 name = "smoke-test"
diff --git a/examples/cureq/main.rs b/examples/cureq/main.rs
index 8898ca9..183f8b0 100644
--- a/examples/cureq/main.rs
+++ b/examples/cureq/main.rs
@@ -1,10 +1,14 @@
-use std::env;
 use std::error;
 use std::fmt;
 use std::io;
 use std::time::Duration;
+use std::{env, sync::Arc};
 
+use rustls::{
+    Certificate, ClientConfig, RootCertStore, ServerCertVerified, ServerCertVerifier, TLSError,
+};
 use ureq;
+use webpki::DNSNameRef;
 
 #[derive(Debug)]
 struct StringError(String);
@@ -79,6 +83,20 @@ fn get(agent: &ureq::Agent, url: &str, print_headers: bool) -> Result<(), Error>
     Ok(())
 }
 
+struct AcceptAll {}
+
+impl ServerCertVerifier for AcceptAll {
+    fn verify_server_cert(
+        &self,
+        _roots: &RootCertStore,
+        _presented_certs: &[Certificate],
+        _dns_name: DNSNameRef<'_>,
+        _ocsp_response: &[u8],
+    ) -> Result<ServerCertVerified, TLSError> {
+        Ok(ServerCertVerified::assertion())
+    }
+}
+
 fn main() {
     match main2() {
         Ok(()) => {}
@@ -103,10 +121,9 @@ Fetch url and copy it to stdout.
     }
     args.remove(0);
     env_logger::init();
-    let agent = ureq::builder()
+    let mut builder = ureq::builder()
         .timeout_connect(Duration::from_secs(30))
-        .timeout(Duration::from_secs(300))
-        .build();
+        .timeout(Duration::from_secs(300));
     let flags: Vec<&String> = args.iter().filter(|s| s.starts_with("-")).collect();
     let nonflags: Vec<&String> = args.iter().filter(|s| !s.starts_with("-")).collect();
 
@@ -114,10 +131,19 @@ Fetch url and copy it to stdout.
     for flag in flags {
         match flag.as_ref() {
             "-i" => print_headers = true,
+            "-k" => {
+                let mut client_config = ClientConfig::new();
+                client_config
+                    .dangerous()
+                    .set_certificate_verifier(Arc::new(AcceptAll {}));
+                builder = builder.tls_config(Arc::new(client_config));
+            }
             f => Err(StringError(format!("unrecognized flag '{}'", f)))?,
         }
     }
 
+    let agent = builder.build();
+
     for url in nonflags {
         get(&agent, &url, print_headers)?;
     }