mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
delegate resource reading to embedder
This commit is contained in:
parent
21517504cb
commit
9fb5795f37
52 changed files with 472 additions and 396 deletions
|
@ -9,9 +9,9 @@ use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
|
|||
use hyper_openssl::OpensslClient;
|
||||
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
|
||||
use openssl::ssl::{SslConnectorBuilder, SslMethod};
|
||||
use openssl::x509;
|
||||
use std::io;
|
||||
use std::net::TcpStream;
|
||||
use std::path::PathBuf;
|
||||
|
||||
pub struct HttpsConnector {
|
||||
ssl: OpensslClient,
|
||||
|
@ -50,9 +50,33 @@ impl NetworkConnector for HttpsConnector {
|
|||
|
||||
pub type Connector = HttpsConnector;
|
||||
|
||||
pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
|
||||
pub fn create_ssl_client(certs: &str) -> OpensslClient {
|
||||
// certs include multiple certificates. We could add all of them at once,
|
||||
// but if any of them were already added, openssl would fail to insert all
|
||||
// of them.
|
||||
let mut certs = certs;
|
||||
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
|
||||
ssl_connector_builder.set_ca_file(ca_file).expect("could not set CA file");
|
||||
loop {
|
||||
let token = "-----END CERTIFICATE-----";
|
||||
if let Some(index) = certs.find(token) {
|
||||
let (cert, rest) = certs.split_at(index + token.len());
|
||||
certs = rest;
|
||||
let cert = x509::X509::from_pem(cert.as_bytes()).unwrap();
|
||||
ssl_connector_builder.cert_store_mut().add_cert(cert).or_else(|e| {
|
||||
let v: Option<Option<&str>> = e.errors().iter().nth(0).map(|e| e.reason());
|
||||
if v == Some(Some("cert already in hash table")) {
|
||||
warn!("Cert already in hash table. Ignoring.");
|
||||
// Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
|
||||
// certificate is already in the store.
|
||||
Ok(())
|
||||
} else {
|
||||
Err(e)
|
||||
}
|
||||
}).expect("could not set CA file");
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
ssl_connector_builder.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
|
||||
ssl_connector_builder.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
|
||||
let ssl_connector = ssl_connector_builder.build();
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue