mirror of
https://github.com/servo/servo.git
synced 2025-08-03 20:50:07 +01:00
net: Allow SSL websockets to use dynamic list of certs as well.
This commit is contained in:
Josh Matthews
parent
0ce2aa917a
commit
433c154595
3 changed files with 19 additions and 6 deletions
|
|
@ -184,12 +184,13 @@ pub(crate) fn create_tls_config(
|
||||||
Err(_) => return false,
|
Err(_) => return false,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Ensure there's an entry stored in the set of known connection certs for this connection.
|
|
||||||
let host = ssl.ex_data(*HOST_INDEX).unwrap();
|
|
||||||
let ssl_context = ssl.ssl_context();
|
let ssl_context = ssl.ssl_context();
|
||||||
let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();
|
|
||||||
|
|
||||||
connection_certs.store((*host).0.clone(), pem.clone());
|
// Ensure there's an entry stored in the set of known connection certs for this connection.
|
||||||
|
if let Some(host) = ssl.ex_data(*HOST_INDEX) {
|
||||||
|
let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();
|
||||||
|
connection_certs.store((*host).0.clone(), pem.clone());
|
||||||
|
}
|
||||||
|
|
||||||
// Fall back to the dynamic set of allowed certs.
|
// Fall back to the dynamic set of allowed certs.
|
||||||
let extra_certs = ssl_context.ex_data(*EXTRA_INDEX).unwrap();
|
let extra_certs = ssl_context.ex_data(*EXTRA_INDEX).unwrap();
|
||||||
|
|
|
||||||
|
|
@ -727,6 +727,8 @@ impl CoreResourceManager {
|
||||||
action_receiver,
|
action_receiver,
|
||||||
http_state.clone(),
|
http_state.clone(),
|
||||||
self.certificate_path.clone(),
|
self.certificate_path.clone(),
|
||||||
|
http_state.extra_certs.clone(),
|
||||||
|
http_state.connection_certs.clone(),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,8 @@ struct Client<'a> {
|
||||||
event_sender: &'a IpcSender<WebSocketNetworkEvent>,
|
event_sender: &'a IpcSender<WebSocketNetworkEvent>,
|
||||||
protocol_in_use: Option<String>,
|
protocol_in_use: Option<String>,
|
||||||
certificate_path: Option<String>,
|
certificate_path: Option<String>,
|
||||||
|
extra_certs: ExtraCerts,
|
||||||
|
connection_certs: ConnectionCerts,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> Factory for Client<'a> {
|
impl<'a> Factory for Client<'a> {
|
||||||
|
|
@ -167,8 +169,12 @@ impl<'a> Handler for Client<'a> {
|
||||||
WebSocketErrorKind::Protocol,
|
WebSocketErrorKind::Protocol,
|
||||||
format!("Unable to parse domain from {}. Needed for SSL.", url),
|
format!("Unable to parse domain from {}. Needed for SSL.", url),
|
||||||
))?;
|
))?;
|
||||||
let tls_config =
|
let tls_config = create_tls_config(
|
||||||
create_tls_config(&certs, ALPN_H1, ExtraCerts::new(), ConnectionCerts::new());
|
&certs,
|
||||||
|
ALPN_H1,
|
||||||
|
self.extra_certs.clone(),
|
||||||
|
self.connection_certs.clone(),
|
||||||
|
);
|
||||||
tls_config
|
tls_config
|
||||||
.build()
|
.build()
|
||||||
.connect(domain, stream)
|
.connect(domain, stream)
|
||||||
|
|
@ -182,6 +188,8 @@ pub fn init(
|
||||||
dom_action_receiver: IpcReceiver<WebSocketDomAction>,
|
dom_action_receiver: IpcReceiver<WebSocketDomAction>,
|
||||||
http_state: Arc<HttpState>,
|
http_state: Arc<HttpState>,
|
||||||
certificate_path: Option<String>,
|
certificate_path: Option<String>,
|
||||||
|
extra_certs: ExtraCerts,
|
||||||
|
connection_certs: ConnectionCerts,
|
||||||
) {
|
) {
|
||||||
thread::Builder::new()
|
thread::Builder::new()
|
||||||
.name(format!("WebSocket connection to {}", req_builder.url))
|
.name(format!("WebSocket connection to {}", req_builder.url))
|
||||||
|
|
@ -230,6 +238,8 @@ pub fn init(
|
||||||
event_sender: &resource_event_sender,
|
event_sender: &resource_event_sender,
|
||||||
protocol_in_use: None,
|
protocol_in_use: None,
|
||||||
certificate_path,
|
certificate_path,
|
||||||
|
extra_certs,
|
||||||
|
connection_certs,
|
||||||
};
|
};
|
||||||
let mut ws = WebSocket::new(client).unwrap();
|
let mut ws = WebSocket::new(client).unwrap();
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue