net: Pass certs that fail the SSL handshake out of the network layer.

2025-08-06 14:10:11 +01:00 · 2020-05-29 11:56:17 -04:00 · 2020-05-29 11:56:17 -04:00 · 0ce2aa917a
commit 0ce2aa917a
parent 1cdaf40eb2
7 changed files with 136 additions and 44 deletions
--- a/components/net/resource_thread.rs
+++ b/components/net/resource_thread.rs
@ -4,7 +4,9 @@

 //! A thread that takes a URL and streams back the binary data.

-use crate::connector::{create_http_client, create_tls_config, ExtraCerts, ALPN_H2_H1};
+use crate::connector::{
+    create_http_client, create_tls_config, ConnectionCerts, ExtraCerts, ALPN_H2_H1,
+};
 use crate::cookie;
 use crate::cookie_storage::CookieStorage;
 use crate::fetch::cors_cache::CorsCache;
@ -127,7 +129,7 @@ struct ResourceChannelManager {
 fn create_http_states(
    config_dir: Option<&Path>,
    certificate_path: Option<String>,
-) -> (Arc<HttpState>, Arc<HttpState>, ExtraCerts) {
+) -> (Arc<HttpState>, Arc<HttpState>) {
    let mut hsts_list = HstsList::from_servo_preload();
    let mut auth_cache = AuthCache::new();
    let http_cache = HttpCache::new();
@ -144,6 +146,7 @@ fn create_http_states(
    };

    let extra_certs = ExtraCerts::new();
+    let connection_certs = ConnectionCerts::new();

    let http_state = HttpState {
        hsts_list: RwLock::new(hsts_list),
@ -153,11 +156,21 @@ fn create_http_states(
        http_cache: RwLock::new(http_cache),
        http_cache_state: Mutex::new(HashMap::new()),
        client: create_http_client(
-            create_tls_config(&certs, ALPN_H2_H1, extra_certs.clone()),
+            create_tls_config(
+                &certs,
+                ALPN_H2_H1,
+                extra_certs.clone(),
+                connection_certs.clone(),
+            ),
            HANDLE.lock().unwrap().as_ref().unwrap().executor(),
        ),
+        extra_certs,
+        connection_certs,
    };

+    let extra_certs = ExtraCerts::new();
+    let connection_certs = ConnectionCerts::new();
+
    let private_http_state = HttpState {
        hsts_list: RwLock::new(HstsList::from_servo_preload()),
        cookie_jar: RwLock::new(CookieStorage::new(150)),
@ -166,16 +179,19 @@ fn create_http_states(
        http_cache: RwLock::new(HttpCache::new()),
        http_cache_state: Mutex::new(HashMap::new()),
        client: create_http_client(
-            create_tls_config(&certs, ALPN_H2_H1, extra_certs.clone()),
+            create_tls_config(
+                &certs,
+                ALPN_H2_H1,
+                extra_certs.clone(),
+                connection_certs.clone(),
+            ),
            HANDLE.lock().unwrap().as_ref().unwrap().executor(),
        ),
+        extra_certs,
+        connection_certs,
    };

-    (
-        Arc::new(http_state),
-        Arc::new(private_http_state),
-        extra_certs,
-    )
+    (Arc::new(http_state), Arc::new(private_http_state))
 }

 impl ResourceChannelManager {
@ -186,7 +202,7 @@ impl ResourceChannelManager {
        private_receiver: IpcReceiver<CoreResourceMsg>,
        memory_reporter: IpcReceiver<ReportsChan>,
    ) {
-        let (public_http_state, private_http_state, extra_certs) = create_http_states(
+        let (public_http_state, private_http_state) = create_http_states(
            self.config_dir.as_ref().map(Deref::deref),
            self.certificate_path.clone(),
        );