From c3444610173ae980fb60903f592b93808bb9a705 Mon Sep 17 00:00:00 2001 From: Matt Brubeck Date: Tue, 10 May 2016 11:10:09 -0700 Subject: [PATCH] Move http_loader::Connector to a separate module --- components/net/connector.rs | 40 +++++++++++++++++++++++++++++++ components/net/fetch/methods.rs | 3 ++- components/net/http_loader.rs | 36 ++-------------------------- components/net/lib.rs | 1 + components/net/resource_thread.rs | 3 ++- 5 files changed, 47 insertions(+), 36 deletions(-) create mode 100644 components/net/connector.rs diff --git a/components/net/connector.rs b/components/net/connector.rs new file mode 100644 index 00000000000..d64248acbb9 --- /dev/null +++ b/components/net/connector.rs @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +use hyper::client::Pool; +use hyper::net::{HttpsConnector, Openssl}; +use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod}; +use std::sync::Arc; +use util::resource_files::resources_dir_path; + +pub type Connector = HttpsConnector; + +// The basic logic here is to prefer ciphers with ECDSA certificates, Forward +// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers. +// A complete discussion of the issues involved in TLS configuration can be found here: +// https://wiki.mozilla.org/Security/Server_Side_TLS +const DEFAULT_CIPHERS: &'static str = concat!( + "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:", + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:", + "DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:", + "ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:", + "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:", + "ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:", + "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:", + "ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:", + "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA" +); + +pub fn create_http_connector() -> Arc> { + let mut context = SslContext::new(SslMethod::Sslv23).unwrap(); + context.set_verify(SSL_VERIFY_PEER, None); + context.set_CA_file(&resources_dir_path().join("certs")).unwrap(); + context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); + context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3); + let connector = HttpsConnector::new(Openssl { + context: Arc::new(context) + }); + + Arc::new(Pool::with_connector(Default::default(), connector)) +} diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index df5eae0a892..95f1f8e4094 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -2,9 +2,10 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +use connector::create_http_connector; use data_loader::decode; use fetch::cors_cache::CORSCache; -use http_loader::{NetworkHttpRequestFactory, create_http_connector, obtain_response}; +use http_loader::{NetworkHttpRequestFactory, obtain_response}; use hyper::header::{Accept, AcceptLanguage, Authorization, AccessControlAllowCredentials}; use hyper::header::{AccessControlAllowOrigin, AccessControlAllowHeaders, AccessControlAllowMethods}; use hyper::header::{AccessControlRequestHeaders, AccessControlMaxAge, AccessControlRequestMethod, Basic}; diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 6e96f1a8864..41fb9027945 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -4,6 +4,7 @@ use brotli::Decompressor; +use connector::Connector; use cookie; use cookie_storage::CookieStorage; use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest}; @@ -19,7 +20,7 @@ use hyper::header::{Location, SetCookie, StrictTransportSecurity, UserAgent, qit use hyper::http::RawStatus; use hyper::method::Method; use hyper::mime::{Mime, SubLevel, TopLevel}; -use hyper::net::{Fresh, HttpsConnector, Openssl}; +use hyper::net::Fresh; use hyper::status::{StatusClass, StatusCode}; use log; use mime_classifier::MIMEClassifier; @@ -30,7 +31,6 @@ use net_traits::response::HttpsState; use net_traits::{CookieSource, IncludeSubdomains, LoadConsumer, LoadContext, LoadData}; use net_traits::{Metadata, NetworkError}; use openssl::ssl::error::{SslError, OpensslError}; -use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod}; use resource_thread::{CancellationListener, send_error, start_sending_sniffed_opt, AuthCache, AuthCacheEntry}; use std::borrow::ToOwned; use std::boxed::FnBox; @@ -46,41 +46,9 @@ use time::Tm; use tinyfiledialogs; use url::{Url, Position}; use util::prefs; -use util::resource_files::resources_dir_path; use util::thread::spawn_named; use uuid; -pub type Connector = HttpsConnector; - -// The basic logic here is to prefer ciphers with ECDSA certificates, Forward -// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers. -// A complete discussion of the issues involved in TLS configuration can be found here: -// https://wiki.mozilla.org/Security/Server_Side_TLS -const DEFAULT_CIPHERS: &'static str = concat!( - "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:", - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:", - "DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:", - "ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:", - "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:", - "ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:", - "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:", - "ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:", - "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA" -); - -pub fn create_http_connector() -> Arc> { - let mut context = SslContext::new(SslMethod::Sslv23).unwrap(); - context.set_verify(SSL_VERIFY_PEER, None); - context.set_CA_file(&resources_dir_path().join("certs")).unwrap(); - context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); - context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3); - let connector = HttpsConnector::new(Openssl { - context: Arc::new(context) - }); - - Arc::new(Pool::with_connector(Default::default(), connector)) -} - pub fn factory(user_agent: String, http_state: HttpState, devtools_chan: Option>, diff --git a/components/net/lib.rs b/components/net/lib.rs index 27b9d8f4dae..c489d42d4e3 100644 --- a/components/net/lib.rs +++ b/components/net/lib.rs @@ -44,6 +44,7 @@ extern crate websocket; pub mod about_loader; pub mod bluetooth_thread; pub mod chrome_loader; +pub mod connector; pub mod cookie; pub mod cookie_storage; pub mod data_loader; diff --git a/components/net/resource_thread.rs b/components/net/resource_thread.rs index 622ac054085..ad7238e2ea3 100644 --- a/components/net/resource_thread.rs +++ b/components/net/resource_thread.rs @@ -5,13 +5,14 @@ //! A thread that takes a URL and streams back the binary data. use about_loader; use chrome_loader; +use connector::{Connector, create_http_connector}; use cookie; use cookie_storage::CookieStorage; use data_loader; use devtools_traits::{DevtoolsControlMsg}; use file_loader; use hsts::HstsList; -use http_loader::{self, Connector, create_http_connector, HttpState}; +use http_loader::{self, HttpState}; use hyper::client::pool::Pool; use hyper::header::{ContentType, Header, SetCookie}; use hyper::mime::{Mime, SubLevel, TopLevel};