From ae9dc28b2804bf6ee2063419c30241eaa1363831 Mon Sep 17 00:00:00 2001
From: Jin Jie <jinjie@yunshan.net.cn>
Date: Wed, 28 Sep 2022 15:17:56 +0800
Subject: [PATCH] Add verify_tls1x_signature for NoCertVerification

Closes #1033

Signed-off-by: Jin Jie <jinjie@yunshan.net.cn>
---
 kube-client/src/client/tls.rs | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/kube-client/src/client/tls.rs b/kube-client/src/client/tls.rs
index bdfe744fb..b21c5d098 100644
--- a/kube-client/src/client/tls.rs
+++ b/kube-client/src/client/tls.rs
@@ -83,7 +83,8 @@ pub mod rustls_tls {
     use hyper_rustls::ConfigBuilderExt;
     use rustls::{
         self,
-        client::{ServerCertVerified, ServerCertVerifier},
+        client::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
+        internal::msgs::handshake::DigitallySignedStruct,
         Certificate, ClientConfig, PrivateKey,
     };
     use thiserror::Error;
@@ -194,8 +195,27 @@ pub mod rustls_tls {
             _ocsp_response: &[u8],
             _now: std::time::SystemTime,
         ) -> Result<ServerCertVerified, rustls::Error> {
+            tracing::warn!("Server cert bypassed");
             Ok(ServerCertVerified::assertion())
         }
+
+        fn verify_tls13_signature(
+            &self,
+            _message: &[u8],
+            _cert: &Certificate,
+            _dss: &DigitallySignedStruct,
+        ) -> Result<HandshakeSignatureValid, rustls::Error> {
+            Ok(HandshakeSignatureValid::assertion())
+        }
+
+        fn verify_tls12_signature(
+            &self,
+            _message: &[u8],
+            _cert: &Certificate,
+            _dss: &DigitallySignedStruct,
+        ) -> Result<HandshakeSignatureValid, rustls::Error> {
+            Ok(HandshakeSignatureValid::assertion())
+        }
     }
 }