Auto merge of #16230 - nox:ssl, r=jdm

Introduce create_ssl_client  This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16230)
2025-08-05 21:50:18 +01:00 · 2017-04-02 09:12:44 -05:00 · 2017-04-02 09:12:44 -05:00 · 2df6e26fd7
commit 2df6e26fd7
parent dc3765e231 20e0b6cd56
3 changed files with 36 additions and 28 deletions
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@ -2,15 +2,36 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 use hyper;
 use hyper::client::Pool;
-use hyper_openssl;
+use hyper::net::HttpsConnector;
 use hyper_openssl::OpensslClient;
 use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
 use openssl::ssl::{SslConnectorBuilder, SslMethod};
 use servo_config::resource_files::resources_dir_path;
 use std::sync::Arc;
-pub type Connector = hyper::net::HttpsConnector<hyper_openssl::OpensslClient>;
+pub type Connector = HttpsConnector<OpensslClient>;
 pub fn create_ssl_client(certificate_file: &str) -> OpensslClient {
    let ca_file = &resources_dir_path()
        .expect("Need certificate file to make network requests")
        .join(certificate_file);
    let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
    {
        let context = ssl_connector_builder.builder_mut();
        context.set_ca_file(ca_file).expect("could not set CA file");
        context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
        context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
    }
    let ssl_connector = ssl_connector_builder.build();
    OpensslClient::from(ssl_connector)
 }
 pub fn create_http_connector(ssl_client: OpensslClient) -> Arc<Pool<Connector>> {
    let https_connector = HttpsConnector::new(ssl_client);
    Arc::new(Pool::with_connector(Default::default(), https_connector))
 }
 // The basic logic here is to prefer ciphers with ECDSA certificates, Forward
 // Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
@ -27,22 +48,3 @@ const DEFAULT_CIPHERS: &'static str = concat!(
    "ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:",
    "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
 );
 pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
    let ca_file = &resources_dir_path()
        .expect("Need certificate file to make network requests")
        .join(certificate_file);
    let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
    {
        let context = ssl_connector_builder.builder_mut();
        context.set_ca_file(ca_file).expect("could not set CA file");
        context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
        context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
    }
    let ssl_connector = ssl_connector_builder.build();
    let ssl_client = hyper_openssl::OpensslClient::from(ssl_connector);
    let https_connector = hyper::net::HttpsConnector::new(ssl_client);
    Arc::new(Pool::with_connector(Default::default(), https_connector))
 }
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@ -3,7 +3,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 use brotli::Decompressor;
-use connector::{Connector, create_http_connector};
+use connector::{Connector, create_http_connector, create_ssl_client};
 use cookie;
 use cookie_storage::CookieStorage;
 use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest};
@ -75,11 +75,12 @@ pub struct HttpState {
 impl HttpState {
    pub fn new(certificate_path: &str) -> HttpState {
        let ssl_client = create_ssl_client(certificate_path);
        HttpState {
            hsts_list: Arc::new(RwLock::new(HstsList::new())),
            cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
            auth_cache: Arc::new(RwLock::new(AuthCache::new())),
-            connector_pool: create_http_connector(certificate_path),
+            connector_pool: create_http_connector(ssl_client),
        }
    }
 }
--- a/components/net/resource_thread.rs
+++ b/components/net/resource_thread.rs
@ -3,7 +3,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 //! A thread that takes a URL and streams back the binary data.
-use connector::{Connector, create_http_connector};
+use connector::{Connector, create_http_connector, create_ssl_client};
 use cookie;
 use cookie_rs;
 use cookie_storage::CookieStorage;
@ -13,6 +13,7 @@ use filemanager_thread::{FileManager, TFDProvider};
 use hsts::HstsList;
 use http_loader::HttpState;
 use hyper::client::pool::Pool;
 use hyper_openssl::OpensslClient;
 use hyper_serde::Serde;
 use ipc_channel::ipc::{self, IpcReceiver, IpcReceiverSet, IpcSender};
 use net_traits::{CookieSource, CoreResourceThread};
@ -46,6 +47,7 @@ pub struct ResourceGroup {
    cookie_jar: Arc<RwLock<CookieStorage>>,
    auth_cache: Arc<RwLock<AuthCache>>,
    hsts_list: Arc<RwLock<HstsList>>,
    ssl_client: OpensslClient,
    connector: Arc<Pool<Connector>>,
 }
@ -104,17 +106,20 @@ fn create_resource_groups(config_dir: Option<&Path>)
        read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json");
        read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json");
    }
    let ssl_client = create_ssl_client("certs");
    let resource_group = ResourceGroup {
        cookie_jar: Arc::new(RwLock::new(cookie_jar)),
        auth_cache: Arc::new(RwLock::new(auth_cache)),
        hsts_list: Arc::new(RwLock::new(hsts_list.clone())),
-        connector: create_http_connector("certs"),
+        ssl_client: ssl_client.clone(),
        connector: create_http_connector(ssl_client.clone()),
    };
    let private_resource_group = ResourceGroup {
        cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
        auth_cache: Arc::new(RwLock::new(AuthCache::new())),
        hsts_list: Arc::new(RwLock::new(HstsList::new())),
-        connector: create_http_connector("certs"),
+        ssl_client: ssl_client.clone(),
        connector: create_http_connector(ssl_client),
    };
    (resource_group, private_resource_group)
 }
@ -327,7 +332,7 @@ impl CoreResourceManager {
            cookie_jar: group.cookie_jar.clone(),
            auth_cache: group.auth_cache.clone(),
            // FIXME(#15694): use group.connector.clone() instead.
-            connector_pool: create_http_connector("certs"),
+            connector_pool: create_http_connector(group.ssl_client.clone()),
        };
        let ua = self.user_agent.clone();
        let dc = self.devtools_chan.clone();