auto merge of #4741 : Manishearth/servo/cert-checking, r=jdm

For now, this can only be tested by replacing `resources/certs` with `resources/cert-google-only` (an Equifax certificate -- will work for Google but not Wikipedia or Stack Exchange)

I can replace the error page with something less frivolous, but since we already have the "I tried" star (and this stuff is the job of the chrome anyway), I thought this would be more fun to have.


This also contains a partial hyper upgrade.

Fixes #4119
This commit is contained in:
bors-servo 2015-01-31 03:42:48 -07:00
commit 2010fbf0dd
11 changed files with 4139 additions and 29 deletions

View file

@ -25,4 +25,5 @@ git = "https://github.com/servo/rust-stb-image"
[dependencies]
url = "0.2.16"
time = "0.1.12"
time = "0.1.12"
openssl="0.2.15"

View file

@ -7,14 +7,19 @@ use resource_task::ProgressMsg::{Payload, Done};
use log;
use std::collections::HashSet;
use file_loader;
use hyper::client::Request;
use hyper::header::common::{ContentLength, ContentType, Host, Location};
use hyper::HttpError;
use hyper::method::Method;
use hyper::net::HttpConnector;
use hyper::status::StatusClass;
use std::error::Error;
use std::io::Reader;
use openssl::ssl::{SslContext, SslVerifyMode};
use std::io::{IoError, IoErrorKind, Reader};
use std::sync::mpsc::Sender;
use util::task::spawn_named;
use util::resource_files::resources_dir_path;
use url::{Url, UrlParser};
use std::borrow::ToOwned;
@ -74,9 +79,31 @@ fn load(load_data: LoadData, start_chan: Sender<TargetedLoadResponse>) {
info!("requesting {}", url.serialize());
let mut req = match Request::new(load_data.method.clone(), url.clone()) {
fn verifier(ssl: &mut SslContext) {
ssl.set_verify(SslVerifyMode::SslVerifyPeer, None);
let mut certs = resources_dir_path();
certs.push("certs");
ssl.set_CA_file(&certs);
};
let ssl_err_string = "[UnknownError { library: \"SSL routines\", \
function: \"SSL3_GET_SERVER_CERTIFICATE\", \
reason: \"certificate verify failed\" }]";
let mut connector = HttpConnector(Some(box verifier as Box<FnMut(&mut SslContext)>));
let mut req = match Request::with_connector(load_data.method.clone(), url.clone(), &mut connector) {
Ok(req) => req,
Err(HttpError::HttpIoError(IoError {kind: IoErrorKind::OtherIoError,
desc: "Error in OpenSSL",
detail: Some(ref det)})) if det.as_slice() == ssl_err_string => {
let mut image = resources_dir_path();
image.push("badcert.html");
let load_data = LoadData::new(Url::from_file_path(&image).unwrap(), senders.eventual_consumer);
file_loader::factory(load_data, senders.immediate_consumer);
return;
},
Err(e) => {
println!("{:?}", e);
send_error(url, e.description().to_string(), senders);
return;
}

View file

@ -17,6 +17,7 @@ extern crate hyper;
extern crate png;
#[macro_use]
extern crate log;
extern crate openssl;
extern crate serialize;
extern crate util;
extern crate stb_image;

View file

@ -103,7 +103,7 @@ name = "cookie"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"url 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -427,14 +427,14 @@ source = "git+https://github.com/servo/html5ever#d35dfaaf0d85007057a299afc370d07
[[package]]
name = "hyper"
version = "0.1.0"
source = "git+https://github.com/servo/hyper?branch=servo#248a6f29086baa841eb30c88540dca3196accae4"
version = "0.1.1"
source = "git+https://github.com/servo/hyper?branch=servo#7f48a7e945180a4f762dc75236210d20a69b4a6a"
dependencies = [
"cookie 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
"mime 0.0.6 (registry+https://github.com/rust-lang/crates.io-index)",
"mucell 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"unicase 0.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
@ -570,7 +570,7 @@ dependencies = [
"azure 0.1.0 (git+https://github.com/servo/rust-azure)",
"core_foundation 0.1.0 (git+https://github.com/servo/rust-core-foundation)",
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"io_surface 0.1.0 (git+https://github.com/servo/rust-io-surface)",
"layers 0.1.0 (git+https://github.com/servo/rust-layers)",
"style 0.0.1",
@ -588,7 +588,8 @@ name = "net"
version = "0.0.1"
dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"png 0.1.0 (git+https://github.com/servo/rust-png)",
"stb_image 0.1.0 (git+https://github.com/servo/rust-stb-image)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
@ -598,7 +599,7 @@ dependencies = [
[[package]]
name = "openssl"
version = "0.2.16"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl-sys 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -683,7 +684,7 @@ dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"gfx 0.0.1",
"html5ever 0.0.0 (git+https://github.com/servo/html5ever)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"js 0.1.0 (git+https://github.com/servo/rust-mozjs)",
"msg 0.0.1",
"net 0.0.1",

77
etc/cert_generator.js Normal file
View file

@ -0,0 +1,77 @@
// XPCShell script for generating a single file containing all certificates in PEM
// format. You may run this in the browser toolbox's console
// (Firefox -> devtools -> settings -> enable remote/chrome debugging,
// followed by settings -> devtools menu -> browser toolbox) or the
// xpcshell runner that comes with a built Firefox (./run-mozilla.sh ./xpcshell).
// The variable `certstring` contains the final pem file. You can use `save(path)` to
// save it to a file. `certlist` contains an array with the PEM certs as well as their names if you
// want to filter them.
// http://mxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/pippki.js
function getDERString(cert)
{
var length = {};
var derArray = cert.getRawDER(length);
var derString = '';
for (var i = 0; i < derArray.length; i++) {
derString += String.fromCharCode(derArray[i]);
}
return derString;
}
// http://mxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/pippki.js
function getPEMString(cert)
{
var derb64 = btoa(getDERString(cert));
// Wrap the Base64 string into lines of 64 characters,
// with CRLF line breaks (as specified in RFC 1421).
var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
return "-----BEGIN CERTIFICATE-----\r\n"
+ wrapped
+ "\r\n-----END CERTIFICATE-----\r\n";
}
let certcache = Components.classes["@mozilla.org/security/nsscertcache;1"].createInstance(Ci.nsINSSCertCache);
let certdb = Components.classes["@mozilla.org/security/x509certdb;1"].createInstance(Ci.nsIX509CertDB);
certcache.cacheAllCerts();
let enumerator = certcache.getX509CachedCerts().getEnumerator();
let certlist = [];
let certstring="";
while(enumerator.hasMoreElements()){
let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
let pem = getPEMString(cert);
let trusted = certdb.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT, Ci.nsIX509CertDB.TRUSTED_SSL);
certlist.push({name: cert.commonName, pem: pem, trusted: trusted});
if (trusted) {
certstring+=pem;
}
}
function save(path) {
// https://developer.mozilla.org/en-US/Add-ons/Code_snippets/File_I_O
Components.utils.import("resource://gre/modules/FileUtils.jsm");
var file = new FileUtils.File(path);
Components.utils.import("resource://gre/modules/NetUtil.jsm");
// file is nsIFile, data is a string
// You can also optionally pass a flags parameter here. It defaults to
// FileUtils.MODE_WRONLY | FileUtils.MODE_CREATE | FileUtils.MODE_TRUNCATE;
var ostream = FileUtils.openSafeFileOutputStream(file);
var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].
createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
converter.charset = "UTF-8";
var istream = converter.convertToInputStream(certstring);
// The last argument (the callback) is optional.
NetUtil.asyncCopy(istream, ostream, function(status) {
if (!Components.isSuccessCode(status)) {
// Handle error!
return;
}
// Data has been written to the file.
});
}

19
ports/cef/Cargo.lock generated
View file

@ -101,7 +101,7 @@ name = "cookie"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"url 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -395,14 +395,14 @@ source = "git+https://github.com/servo/html5ever#d35dfaaf0d85007057a299afc370d07
[[package]]
name = "hyper"
version = "0.1.0"
source = "git+https://github.com/servo/hyper?branch=servo#248a6f29086baa841eb30c88540dca3196accae4"
version = "0.1.1"
source = "git+https://github.com/servo/hyper?branch=servo#7f48a7e945180a4f762dc75236210d20a69b4a6a"
dependencies = [
"cookie 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
"mime 0.0.6 (registry+https://github.com/rust-lang/crates.io-index)",
"mucell 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"unicase 0.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
@ -533,7 +533,7 @@ dependencies = [
"azure 0.1.0 (git+https://github.com/servo/rust-azure)",
"core_foundation 0.1.0 (git+https://github.com/servo/rust-core-foundation)",
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"io_surface 0.1.0 (git+https://github.com/servo/rust-io-surface)",
"layers 0.1.0 (git+https://github.com/servo/rust-layers)",
"style 0.0.1",
@ -551,7 +551,8 @@ name = "net"
version = "0.0.1"
dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"png 0.1.0 (git+https://github.com/servo/rust-png)",
"stb_image 0.1.0 (git+https://github.com/servo/rust-stb-image)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
@ -561,7 +562,7 @@ dependencies = [
[[package]]
name = "openssl"
version = "0.2.16"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl-sys 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -569,7 +570,7 @@ dependencies = [
[[package]]
name = "openssl-sys"
version = "0.2.16"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libressl-pnacl-sys 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
@ -646,7 +647,7 @@ dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"gfx 0.0.1",
"html5ever 0.0.0 (git+https://github.com/servo/html5ever)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"js 0.1.0 (git+https://github.com/servo/rust-mozjs)",
"msg 0.0.1",
"net 0.0.1",

19
ports/gonk/Cargo.lock generated
View file

@ -72,7 +72,7 @@ name = "cookie"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"url 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -319,14 +319,14 @@ source = "git+https://github.com/servo/html5ever#d35dfaaf0d85007057a299afc370d07
[[package]]
name = "hyper"
version = "0.1.0"
source = "git+https://github.com/servo/hyper?branch=servo#248a6f29086baa841eb30c88540dca3196accae4"
version = "0.1.1"
source = "git+https://github.com/servo/hyper?branch=servo#7f48a7e945180a4f762dc75236210d20a69b4a6a"
dependencies = [
"cookie 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
"mime 0.0.6 (registry+https://github.com/rust-lang/crates.io-index)",
"mucell 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"unicase 0.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
@ -452,7 +452,7 @@ dependencies = [
"azure 0.1.0 (git+https://github.com/servo/rust-azure)",
"core_foundation 0.1.0 (git+https://github.com/servo/rust-core-foundation)",
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"io_surface 0.1.0 (git+https://github.com/servo/rust-io-surface)",
"layers 0.1.0 (git+https://github.com/servo/rust-layers)",
"style 0.0.1",
@ -470,7 +470,8 @@ name = "net"
version = "0.0.1"
dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"openssl 0.2.15 (registry+https://github.com/rust-lang/crates.io-index)",
"png 0.1.0 (git+https://github.com/servo/rust-png)",
"stb_image 0.1.0 (git+https://github.com/servo/rust-stb-image)",
"time 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
@ -480,7 +481,7 @@ dependencies = [
[[package]]
name = "openssl"
version = "0.2.16"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"openssl-sys 0.2.16 (registry+https://github.com/rust-lang/crates.io-index)",
@ -488,7 +489,7 @@ dependencies = [
[[package]]
name = "openssl-sys"
version = "0.2.16"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libressl-pnacl-sys 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
@ -565,7 +566,7 @@ dependencies = [
"geom 0.1.0 (git+https://github.com/servo/rust-geom)",
"gfx 0.0.1",
"html5ever 0.0.0 (git+https://github.com/servo/html5ever)",
"hyper 0.1.0 (git+https://github.com/servo/hyper?branch=servo)",
"hyper 0.1.1 (git+https://github.com/servo/hyper?branch=servo)",
"js 0.1.0 (git+https://github.com/servo/rust-mozjs)",
"msg 0.0.1",
"net 0.0.1",

8
resources/badcert.html Normal file
View file

@ -0,0 +1,8 @@
<html>
<head>
<title>Certificate error</title>
</head>
<body>
<img src="badcert.jpg">
</body>
</html>

BIN
resources/badcert.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 62 KiB

View file

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

3974
resources/certs Normal file

File diff suppressed because it is too large Load diff