Handle secure websockets

Fixes #20816

components/net/connector.rs

@@ -8,7 +8,7 @@ use hyper::error::{Result as HyperResult, Error as HyperError};
 use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
 use hyper_openssl::OpensslClient;
 use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
-use openssl::ssl::{SslConnectorBuilder, SslMethod};
+use openssl::ssl::{SslConnector, SslConnectorBuilder, SslMethod};
 use openssl::x509;
 use std::io;
 use std::net::TcpStream;
@@ -50,7 +50,7 @@ impl NetworkConnector for HttpsConnector {
 
 pub type Connector = HttpsConnector;
 
-pub fn create_ssl_client(certs: &str) -> OpensslClient {
+pub fn create_ssl_connector(certs: &str) -> SslConnector {
     // certs include multiple certificates. We could add all of them at once,
     // but if any of them were already added, openssl would fail to insert all
     // of them.
@@ -79,7 +79,11 @@ pub fn create_ssl_client(certs: &str) -> OpensslClient {
     }
     ssl_connector_builder.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
     ssl_connector_builder.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
-    let ssl_connector = ssl_connector_builder.build();
+    ssl_connector_builder.build()
+}
+
+pub fn create_ssl_client(certs: &str) -> OpensslClient {
+    let ssl_connector = create_ssl_connector(certs);
     OpensslClient::from(ssl_connector)
 }
 

components/net/websocket_loader.rs

@@ -2,7 +2,9 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+use connector::create_ssl_connector;
 use cookie::Cookie;
+use embedder_traits::resources::{self, Resource};
 use fetch::methods::should_be_blocked_due_to_bad_port;
 use hosts::replace_host;
 use http_loader::HttpState;
@@ -11,13 +13,17 @@ use ipc_channel::ipc::{IpcReceiver, IpcSender};
 use net_traits::{CookieSource, MessageData};
 use net_traits::{WebSocketDomAction, WebSocketNetworkEvent};
 use net_traits::request::{RequestInit, RequestMode};
+use openssl::ssl::SslStream;
+use servo_config::opts;
 use servo_url::ServoUrl;
+use std::fs;
 use std::sync::Arc;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::thread;
 use url::Url;
 use ws::{CloseCode, Factory, Handler, Handshake, Message, Request, Response as WsResponse, Sender, WebSocket};
 use ws::{Error as WebSocketError, ErrorKind as WebSocketErrorKind, Result as WebSocketResult};
+use ws::util::TcpStream;
 
 /// A client for connecting to a websocket server
 #[derive(Clone)]
@@ -119,6 +125,29 @@ impl<'a> Handler for Client<'a> {
         debug!("Connection closing due to ({:?}) {}", code, reason);
         let _ = self.event_sender.send(WebSocketNetworkEvent::Close(Some(code.into()), reason.to_owned()));
     }
+
+    fn upgrade_ssl_client(
+        &mut self,
+        stream: TcpStream,
+        url: &Url,
+    ) -> WebSocketResult<SslStream<TcpStream>> {
+        let certs = match opts::get().certificate_path {
+            Some(ref path) => {
+                fs::read_to_string(path).expect("Couldn't not find certificate file")
+            }
+            None => {
+                resources::read_string(Resource::SSLCertificates)
+            },
+        };
+
+        let domain = self.resource_url.as_url().domain().ok_or(WebSocketError::new(
+            WebSocketErrorKind::Protocol,
+            format!("Unable to parse domain from {}. Needed for SSL.", url),
+        ))?;
+        let connector = create_ssl_connector(&certs);
+        connector.connect(domain, stream).map_err(WebSocketError::from)
+    }
+
 }
 
 pub fn init(