net: Allow SSL websockets to use dynamic list of certs as well.

2025-08-03 04:30:10 +01:00 · 2020-05-29 13:34:55 -04:00 · 2020-05-29 13:34:55 -04:00 · 433c154595
commit 433c154595
parent 0ce2aa917a
3 changed files with 19 additions and 6 deletions
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@ -184,12 +184,13 @@ pub(crate) fn create_tls_config(
            Err(_) => return false,
        };

-        // Ensure there's an entry stored in the set of known connection certs for this connection.
-        let host = ssl.ex_data(*HOST_INDEX).unwrap();
        let ssl_context = ssl.ssl_context();
-        let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();

-        connection_certs.store((*host).0.clone(), pem.clone());
+        // Ensure there's an entry stored in the set of known connection certs for this connection.
+        if let Some(host) = ssl.ex_data(*HOST_INDEX) {
+            let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();
+            connection_certs.store((*host).0.clone(), pem.clone());
+        }

        // Fall back to the dynamic set of allowed certs.
        let extra_certs = ssl_context.ex_data(*EXTRA_INDEX).unwrap();
--- a/components/net/resource_thread.rs
+++ b/components/net/resource_thread.rs
@ -727,6 +727,8 @@ impl CoreResourceManager {
            action_receiver,
            http_state.clone(),
            self.certificate_path.clone(),
+            http_state.extra_certs.clone(),
+            http_state.connection_certs.clone(),
        );
    }
 }
--- a/components/net/websocket_loader.rs
+++ b/components/net/websocket_loader.rs
@ -38,6 +38,8 @@ struct Client<'a> {
    event_sender: &'a IpcSender<WebSocketNetworkEvent>,
    protocol_in_use: Option<String>,
    certificate_path: Option<String>,
+    extra_certs: ExtraCerts,
+    connection_certs: ConnectionCerts,
 }

 impl<'a> Factory for Client<'a> {
@ -167,8 +169,12 @@ impl<'a> Handler for Client<'a> {
                WebSocketErrorKind::Protocol,
                format!("Unable to parse domain from {}. Needed for SSL.", url),
            ))?;
-        let tls_config =
-            create_tls_config(&certs, ALPN_H1, ExtraCerts::new(), ConnectionCerts::new());
+        let tls_config = create_tls_config(
+            &certs,
+            ALPN_H1,
+            self.extra_certs.clone(),
+            self.connection_certs.clone(),
+        );
        tls_config
            .build()
            .connect(domain, stream)
@ -182,6 +188,8 @@ pub fn init(
    dom_action_receiver: IpcReceiver<WebSocketDomAction>,
    http_state: Arc<HttpState>,
    certificate_path: Option<String>,
+    extra_certs: ExtraCerts,
+    connection_certs: ConnectionCerts,
 ) {
    thread::Builder::new()
        .name(format!("WebSocket connection to {}", req_builder.url))
@ -230,6 +238,8 @@ pub fn init(
                event_sender: &resource_event_sender,
                protocol_in_use: None,
                certificate_path,
+                extra_certs,
+                connection_certs,
            };
            let mut ws = WebSocket::new(client).unwrap();