delegate resource reading to embedder

2025-08-03 04:30:10 +01:00 · 2018-04-11 16:04:07 +08:00 · 2018-04-11 16:04:07 +08:00 · 9fb5795f37
commit 9fb5795f37
parent 21517504cb
52 changed files with 472 additions and 396 deletions
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@ -9,9 +9,9 @@ use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
 use hyper_openssl::OpensslClient;
 use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
 use openssl::ssl::{SslConnectorBuilder, SslMethod};
+use openssl::x509;
 use std::io;
 use std::net::TcpStream;
-use std::path::PathBuf;

 pub struct HttpsConnector {
    ssl: OpensslClient,
@ -50,9 +50,33 @@ impl NetworkConnector for HttpsConnector {

 pub type Connector = HttpsConnector;

-pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
+pub fn create_ssl_client(certs: &str) -> OpensslClient {
+    // certs include multiple certificates. We could add all of them at once,
+    // but if any of them were already added, openssl would fail to insert all
+    // of them.
+    let mut certs = certs;
    let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    ssl_connector_builder.set_ca_file(ca_file).expect("could not set CA file");
+    loop {
+        let token = "-----END CERTIFICATE-----";
+        if let Some(index) = certs.find(token) {
+            let (cert, rest) = certs.split_at(index + token.len());
+            certs = rest;
+            let cert = x509::X509::from_pem(cert.as_bytes()).unwrap();
+            ssl_connector_builder.cert_store_mut().add_cert(cert).or_else(|e| {
+                let v: Option<Option<&str>> = e.errors().iter().nth(0).map(|e| e.reason());
+                if v == Some(Some("cert already in hash table")) {
+                    warn!("Cert already in hash table. Ignoring.");
+                    // Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
+                    // certificate is already in the store.
+                    Ok(())
+                } else {
+                    Err(e)
+                }
+            }).expect("could not set CA file");
+        } else {
+            break;
+        }
+    }
    ssl_connector_builder.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
    ssl_connector_builder.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
    let ssl_connector = ssl_connector_builder.build();