Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 04:30:10 +01:00
Code Issues Projects Releases Packages Wiki Activity

Introduce create_ssl_context

Browse source
This commit is contained in:
Anthony Ramine 2017-03-28 00:37:25 +02:00
parent e2e2d42e38
commit 7a4632bfa2
3 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
components/net/connector.rs
View file

@ -27,15 +27,19 @@ const DEFAULT_CIPHERS: &'static str = concat!(
"AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA" "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
); );
pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> { pub fn create_ssl_context(certificate_file: &str) -> Arc<SslContext> {
let mut context = SslContext::new(SslMethod::Sslv23).unwrap(); let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
context.set_CA_file(&resources_dir_path() context.set_CA_file(&resources_dir_path()
.expect("Need certificate file to make network requests") .expect("Need certificate file to make network requests")
.join(certificate_file)).unwrap(); .join(certificate_file)).unwrap();
context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION); context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
Arc::new(context)
}
pub fn create_http_connector(ssl_context: Arc<SslContext>) -> Arc<Pool<Connector>> {
let connector = HttpsConnector::new(ServoSslClient { let connector = HttpsConnector::new(ServoSslClient {
context: Arc::new(context) context: ssl_context,
}); });
Arc::new(Pool::with_connector(Default::default(), connector)) Arc::new(Pool::with_connector(Default::default(), connector))

5
components/net/http_loader.rs
View file

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use brotli::Decompressor; use brotli::Decompressor;
use connector::{Connector, create_http_connector}; use connector::{Connector, create_http_connector, create_ssl_context};
use cookie; use cookie;
use cookie_storage::CookieStorage; use cookie_storage::CookieStorage;
use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest}; use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest};
@ -77,11 +77,12 @@ pub struct HttpState {
impl HttpState { impl HttpState {
pub fn new(certificate_path: &str) -> HttpState { pub fn new(certificate_path: &str) -> HttpState {
let ssl_context = create_ssl_context(certificate_path);
HttpState { HttpState {
hsts_list: Arc::new(RwLock::new(HstsList::new())), hsts_list: Arc::new(RwLock::new(HstsList::new())),
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))), cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())), auth_cache: Arc::new(RwLock::new(AuthCache::new())),
connector_pool: create_http_connector(certificate_path), connector_pool: create_http_connector(ssl_context),
} }
} }
} }

10
components/net/resource_thread.rs
View file

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//! A thread that takes a URL and streams back the binary data. //! A thread that takes a URL and streams back the binary data.
use connector::{Connector, create_http_connector}; use connector::{Connector, create_http_connector, create_ssl_context};
use cookie; use cookie;
use cookie_rs; use cookie_rs;
use cookie_storage::CookieStorage; use cookie_storage::CookieStorage;
@ -104,17 +104,18 @@ fn create_resource_groups(config_dir: Option<&Path>)
read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json"); read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json");
read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json"); read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json");
} }
let ssl_context = create_ssl_context("certs");
let resource_group = ResourceGroup { let resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(cookie_jar)), cookie_jar: Arc::new(RwLock::new(cookie_jar)),
auth_cache: Arc::new(RwLock::new(auth_cache)), auth_cache: Arc::new(RwLock::new(auth_cache)),
hsts_list: Arc::new(RwLock::new(hsts_list.clone())), hsts_list: Arc::new(RwLock::new(hsts_list.clone())),
connector: create_http_connector("certs"), connector: create_http_connector(ssl_context.clone()),
}; };
let private_resource_group = ResourceGroup { let private_resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))), cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())), auth_cache: Arc::new(RwLock::new(AuthCache::new())),
hsts_list: Arc::new(RwLock::new(HstsList::new())), hsts_list: Arc::new(RwLock::new(HstsList::new())),
connector: create_http_connector("certs"), connector: create_http_connector(ssl_context),
}; };
(resource_group, private_resource_group) (resource_group, private_resource_group)
} }
@ -319,12 +320,13 @@ impl CoreResourceManager {
init: RequestInit, init: RequestInit,
mut sender: IpcSender<FetchResponseMsg>, mut sender: IpcSender<FetchResponseMsg>,
group: &ResourceGroup) { group: &ResourceGroup) {
let ssl_context = create_ssl_context("certs");
let http_state = HttpState { let http_state = HttpState {
hsts_list: group.hsts_list.clone(), hsts_list: group.hsts_list.clone(),
cookie_jar: group.cookie_jar.clone(), cookie_jar: group.cookie_jar.clone(),
auth_cache: group.auth_cache.clone(), auth_cache: group.auth_cache.clone(),
// FIXME(#15694): use group.connector.clone() instead. // FIXME(#15694): use group.connector.clone() instead.
connector_pool: create_http_connector("certs"), connector_pool: create_http_connector(ssl_context),
}; };
let ua = self.user_agent.clone(); let ua = self.user_agent.clone();
let dc = self.devtools_chan.clone(); let dc = self.devtools_chan.clone();