It would be nicer if client ssl connection allow insecure cert.

[Murasame233]

set verify

There are lots of usage when using local network. We only can provide insecure cert during development.

[fakeshadow]

xitca-client support custom tls connector with the ClientBuilder::tls_connector API. Below is an example of overriding the default openssl connector where you can customize the ssl builder as you want:

[dependencies]
xitca-client = { git = "https://github.com/HFQR/xitca-web", features = ["openssl"] }
tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
openssl = "0.10"

use openssl::ssl::{SslConnector, SslMethod, SslVerifyMode};
use xitca_client::{error::Error, http::Version, Io, Service};

#[tokio::main]
async fn main() {
    let cli = xitca_client::Client::builder()
        .tls_connector(MyConnector::new())
        .finish();
}

impl<'n> Service<(&'n str, Box<dyn Io>)> for MyConnector {
    type Response = (Box<dyn Io>, Version);
    type Error = Error;

    async fn call(&self, req: (&'n str, Box<dyn Io>)) -> Result<Self::Response, Self::Error> {
        // just forward the connector logic to default SslConnector because
        // the custom logic only happens in the builder phase.
        self.0.call(req).await
    }
}

struct MyConnector(SslConnector);

impl MyConnector {
    fn new() -> Self {
        let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();

        // your custom verification mod goes here
        ssl.set_verify(SslVerifyMode::empty());

        ssl.set_alpn_protos(b"\x08http/1.1\x02h2").unwrap();

        MyConnector(ssl.build())
    }
}

Apparently this is powerful and verbose at the same time and I'm open to alternatives with less boilerplate.

[Murasame233]

Thanks