Expose NoOpCertificateVerifier to C++#29322
Conversation
d3d3c10 to
406d412
Compare
| // Note: using this solely without any other authentication mechanisms on the | ||
| // peer identity will leave your applications to the MITM(Man-In-The-Middle) | ||
| // attacks. Users should avoid doing so in production environments. | ||
| class NoOpCertificateVerifier : public ExternalCertificateVerifier { |
There was a problem hiding this comment.
Why make this an external verifier? If we're providing this out of the box, let's just implement it inside core, the same way that we do for the hostname verifier, so that we don't have an extra and unnecessary level of indirection.
There was a problem hiding this comment.
Done. Now the NoOpCertificateVerifier is exposed through core. Could you take a look again? Thank you!
|
All failures seem irrelevant(seems something wrong with the MacOS test infra): I am going to merge now. A note for the importer: |
This is originally raised in an internal bug.
The original idea for not having NoOpCertificateVerifier is to raise security bars. NoOpCertificateVerifier can expose security issues if not properly used. So we tried to "hide" it and hope that will help us limit its usage.
As Advanced TLS becomes popular, there are more usages of NoOpCertificateVerifier internally, and their reasons for using it are all valid. In that case, we can expose this in C++, with better documentations, so that users would get a sense of what are implied when using this class.
I will clean-up all the internal sites as long as this goes in.