From ade2f01b200860d6bbcf7b94b57b80cacf3c3782 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sun, 14 Apr 2024 12:52:06 -0400
Subject: [PATCH] client: NoneVerifier UnknownIssuer instead of BadSignature

The `NoneVerifier` that's used by default if a rustls client config
builder is built without a verifier being specified was configured to
return `Error::InvalidCertificate(CertificateError::BadSignature` from
all of its trait methods.

This commit updates the `verify_server_cert` trait method to instead
return `Error::InvalidCertificate(CertificateError::UnknownIssuer)`.
This will better match what would happen if you configured an empty root
certificate store with a real verifier and is perhaps less confusing to
debug than an error indicating a cryptographic signature validation
error.
---
 src/client.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client.rs b/src/client.rs
index 4282444b..d48548e5 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -76,7 +76,7 @@ impl ServerCertVerifier for NoneVerifier {
         _now: UnixTime,
     ) -> Result<ServerCertVerified, rustls::Error> {
         Err(rustls::Error::InvalidCertificate(
-            CertificateError::BadSignature,
+            CertificateError::UnknownIssuer,
         ))
     }