CODEWITHSUNDEEP
rusthyper
kanudo
kanudo

Reputation: 2219

Implementing HTTPS Server using Rustls with Hyper in Rust

I am trying to implement implement HTTPS server using Rustls with Hyper, but am not able to get proper example of how to implement the same. And for that i have followed and tried example given on hyper-rustls repository here (Hyper Rustls server example)

It always gives this error

FAILED: error accepting connection: TLS Error: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }

I am completely new to Rust and hence don't know how to properly implement the HTTPS over Hyper. I also gone through question related to this here

But still not able to find the solution. If more information is required do let me know for the same.

Upvotes: 5

Views: 7951

Answers (1)

kreo
kreo

Reputation: 2841

It looks like your problem is not with Hyper or Rust, it is with TLS. By default, when you establish connection via HTTPS, client verifies server certificate authenticity. The certificate needs to be signed by a trusted authority: for details, see, for example, this page.

To verify, use curl:

$ curl https://localhost:1337/echo -X POST -v --insecure
...
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
...
< HTTP/2 200 
< date: Sun, 12 Apr 2020 12:45:03 GMT
<

So this works fine. If you remove --insecure flag, curl will refuse to establish connection:

$ curl https://localhost:1337/echo -X POST -v
...
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

To fix this, you need to either:

  1. Use a properly-signed certificate instead of a self-signed one, or
  2. Configure your client not to verify certificate, or
  3. Configure your client to trust your particular self-signed certificate.

In production, your only choice is (1). While you are developing, you can get away with (2) or (3).

Upvotes: 6

Related Questions