Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-06 14:10:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update Hyper and OpenSSL

Browse source
This commit is contained in:
ddh 2017-01-11 12:07:36 +00:00 committed by Anthony Ramine
parent f66cae3f96
commit e527c9a991
32 changed files with 298 additions and 396 deletions
Download patch file Download diff file Expand all files Collapse all files

12
components/net/Cargo.toml
View file

@ -12,11 +12,12 @@ path = "lib.rs"
[dependencies]
base64 = "0.4.1"
brotli = "1.0.6"
cookie = "0.2.5"
cookie = "0.6"
devtools_traits = {path = "../devtools_traits"}
flate2 = "0.2.0"
hyper = "0.9.9"
hyper_serde = "0.5"
hyper = "0.10"
hyper_serde = "0.6"
hyper-openssl = "0.2.2"
immeta = "0.3.1"
ipc-channel = "0.7"
log = "0.3.5"
@ -25,15 +26,14 @@ mime = "0.2.1"
mime_guess = "1.8.0"
msg = {path = "../msg"}
net_traits = {path = "../net_traits"}
openssl = "0.7.6"
openssl-verify = "0.1"
openssl = "0.9"
profile_traits = {path = "../profile_traits"}
serde = "0.9"
serde_derive = "0.9"
serde_json = "0.9"
servo_config = {path = "../config"}
servo_url = {path = "../url"}
servo-websocket = "0.18"
servo-websocket = "0.19"
threadpool = "1.0"
time = "0.1.17"
unicase = "1.4.0"

50
components/net/connector.rs
View file

@ -2,14 +2,15 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use hyper;
use hyper::client::Pool;
use hyper::net::{HttpStream, HttpsConnector, SslClient};
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER};
use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream};
use hyper_openssl;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use servo_config::resource_files::resources_dir_path;
use std::sync::Arc;
pub type Connector = HttpsConnector<ServoSslClient>;
pub type Connector = hyper::net::HttpsConnector<hyper_openssl::OpensslClient>;
// The basic logic here is to prefer ciphers with ECDSA certificates, Forward
// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
@ -28,33 +29,20 @@ const DEFAULT_CIPHERS: &'static str = concat!(
);
pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
context.set_CA_file(&resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file)).unwrap();
context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
let connector = HttpsConnector::new(ServoSslClient {
context: Arc::new(context)
});
let ca_file = &resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file);
Arc::new(Pool::with_connector(Default::default(), connector))
}
pub struct ServoSslClient {
context: Arc<SslContext>,
}
impl SslClient for ServoSslClient {
type Stream = SslStream<HttpStream>;
fn wrap_client(&self, stream: HttpStream, host: &str) -> Result<Self::Stream, ::hyper::Error> {
let mut ssl = try!(Ssl::new(&self.context));
try!(ssl.set_hostname(host));
let host = host.to_owned();
ssl.set_verify_callback(SSL_VERIFY_PEER, move |p, x| {
::openssl_verify::verify_callback(&host, p, x)
});
SslStream::connect(ssl, stream).map_err(From::from)
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
{
let context = ssl_connector_builder.builder_mut();
context.set_ca_file(ca_file).expect("could not set CA file");
context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
}
let ssl_connector = ssl_connector_builder.build();
let ssl_client = hyper_openssl::OpensslClient::from(ssl_connector);
let https_connector = hyper::net::HttpsConnector::new(ssl_client);
Arc::new(Pool::with_connector(Default::default(), https_connector))
}

51
components/net/cookie.rs
View file

@ -21,7 +21,7 @@ use time::{Tm, now, at, Duration};
pub struct Cookie {
#[serde(deserialize_with = "hyper_serde::deserialize",
serialize_with = "hyper_serde::serialize")]
pub cookie: cookie_rs::Cookie,
pub cookie: cookie_rs::Cookie<'static>,
pub host_only: bool,
pub persistent: bool,
#[serde(deserialize_with = "hyper_serde::deserialize",
@ -34,27 +34,35 @@ pub struct Cookie {
}
impl Cookie {
pub fn from_cookie_string(cookie_str: String, request: &ServoUrl,
source: CookieSource) -> Option<Cookie> {
cookie_rs::Cookie::parse(cookie_str)
.ok()
.map(|cookie| Cookie::new_wrapped(cookie, request, source))
.unwrap_or(None)
}
/// http://tools.ietf.org/html/rfc6265#section-5.3
pub fn new_wrapped(mut cookie: cookie_rs::Cookie, request: &ServoUrl, source: CookieSource)
pub fn new_wrapped(mut cookie: cookie_rs::Cookie<'static>, request: &ServoUrl, source: CookieSource)
-> Option<Cookie> {
// Step 3
let (persistent, expiry_time) = match (&cookie.max_age, &cookie.expires) {
(&Some(max_age), _) => {
(true, Some(at(now().to_timespec() + Duration::seconds(max_age as i64))))
let (persistent, expiry_time) = match (cookie.max_age(), cookie.expires()) {
(Some(max_age), _) => {
(true, Some(at(now().to_timespec() + Duration::seconds(max_age.num_seconds()))))
}
(_, &Some(expires)) => (true, Some(expires)),
(_, Some(expires)) => (true, Some(expires)),
_ => (false, None)
};
let url_host = request.host_str().unwrap_or("").to_owned();
// Step 4
let mut domain = cookie.domain.clone().unwrap_or("".to_owned());
let mut domain = cookie.domain().unwrap_or("").to_owned();
// Step 5
if is_pub_domain(&domain) {
if domain == url_host {
domain = "".to_owned();
domain = "".to_string();
} else {
return None
}
@ -65,24 +73,24 @@ impl Cookie {
if !Cookie::domain_match(&url_host, &domain) {
return None;
} else {
cookie.domain = Some(domain);
cookie.set_domain(domain);
false
}
} else {
cookie.domain = Some(url_host);
cookie.set_domain(url_host);
true
};
// Step 7
let mut path = cookie.path.unwrap_or("".to_owned());
let mut path = cookie.path().unwrap_or("").to_owned();
if path.chars().next() != Some('/') {
path = Cookie::default_path(request.path()).to_owned();
path = Cookie::default_path(&request.path().to_owned()).to_string();
}
cookie.path = Some(path);
cookie.set_path(path);
// Step 10
if cookie.httponly && source == CookieSource::NonHTTP {
if cookie.http_only() && source == CookieSource::NonHTTP {
return None;
}
@ -139,8 +147,9 @@ impl Cookie {
// http://tools.ietf.org/html/rfc6265#section-5.1.3
pub fn domain_match(string: &str, domain_string: &str) -> bool {
debug_assert!(string.to_lowercase() == string);
debug_assert!(domain_string.to_lowercase() == domain_string);
let string = &string.to_lowercase();
let domain_string = &domain_string.to_lowercase();
string == domain_string ||
(string.ends_with(domain_string) &&
string.as_bytes()[string.len()-domain_string.len()-1] == b'.' &&
@ -152,27 +161,27 @@ impl Cookie {
pub fn appropriate_for_url(&self, url: &ServoUrl, source: CookieSource) -> bool {
let domain = url.host_str();
if self.host_only {
if self.cookie.domain.as_ref().map(String::as_str) != domain {
if self.cookie.domain() != domain {
return false;
}
} else {
if let (Some(domain), &Some(ref cookie_domain)) = (domain, &self.cookie.domain) {
if let (Some(domain), &Some(ref cookie_domain)) = (domain, &self.cookie.domain()) {
if !Cookie::domain_match(domain, cookie_domain) {
return false;
}
}
}
if let Some(ref cookie_path) = self.cookie.path {
if let Some(ref cookie_path) = self.cookie.path() {
if !Cookie::path_match(url.path(), cookie_path) {
return false;
}
}
if self.cookie.secure && !url.is_secure_scheme() {
if self.cookie.secure() && !url.is_secure_scheme() {
return false;
}
if self.cookie.httponly && source == CookieSource::NonHTTP {
if self.cookie.http_only() && source == CookieSource::NonHTTP {
return false;
}

50
components/net/cookie_storage.rs
View file

@ -34,20 +34,20 @@ impl CookieStorage {
// http://tools.ietf.org/html/rfc6265#section-5.3
pub fn remove(&mut self, cookie: &Cookie, url: &ServoUrl, source: CookieSource) -> Result<Option<Cookie>, ()> {
let domain = reg_host(cookie.cookie.domain.as_ref().unwrap_or(&"".to_string()));
let domain = reg_host(cookie.cookie.domain().as_ref().unwrap_or(&""));
let cookies = self.cookies_map.entry(domain).or_insert(vec![]);
// https://www.ietf.org/id/draft-ietf-httpbis-cookie-alone-01.txt Step 2
if !cookie.cookie.secure && !url.is_secure_scheme() {
let new_domain = cookie.cookie.domain.as_ref().unwrap();
let new_path = cookie.cookie.path.as_ref().unwrap();
if !cookie.cookie.secure() && !url.is_secure_scheme() {
let new_domain = cookie.cookie.domain().as_ref().unwrap().to_owned();
let new_path = cookie.cookie.path().as_ref().unwrap().to_owned();
let any_overlapping = cookies.iter().any(|c| {
let existing_domain = c.cookie.domain.as_ref().unwrap();
let existing_path = c.cookie.path.as_ref().unwrap();
let existing_domain = c.cookie.domain().as_ref().unwrap().to_owned();
let existing_path = c.cookie.path().as_ref().unwrap().to_owned();
c.cookie.name == cookie.cookie.name &&
c.cookie.secure &&
c.cookie.name() == cookie.cookie.name() &&
c.cookie.secure() &&
(Cookie::domain_match(new_domain, existing_domain) ||
Cookie::domain_match(existing_domain, new_domain)) &&
Cookie::path_match(new_path, existing_path)
@ -60,9 +60,9 @@ impl CookieStorage {
// Step 11.1
let position = cookies.iter().position(|c| {
c.cookie.domain == cookie.cookie.domain &&
c.cookie.path == cookie.cookie.path &&
c.cookie.name == cookie.cookie.name
c.cookie.domain() == cookie.cookie.domain() &&
c.cookie.path() == cookie.cookie.path() &&
c.cookie.name() == cookie.cookie.name()
});
if let Some(ind) = position {
@ -70,7 +70,7 @@ impl CookieStorage {
let c = cookies.remove(ind);
// http://tools.ietf.org/html/rfc6265#section-5.3 step 11.2
if c.cookie.httponly && source == CookieSource::NonHTTP {
if c.cookie.http_only() && source == CookieSource::NonHTTP {
// Undo the removal.
cookies.push(c);
Err(())
@ -85,7 +85,7 @@ impl CookieStorage {
// http://tools.ietf.org/html/rfc6265#section-5.3
pub fn push(&mut self, mut cookie: Cookie, url: &ServoUrl, source: CookieSource) {
// https://www.ietf.org/id/draft-ietf-httpbis-cookie-alone-01.txt Step 1
if cookie.cookie.secure && !url.is_secure_scheme() {
if cookie.cookie.secure() && !url.is_secure_scheme() {
return;
}
@ -102,7 +102,7 @@ impl CookieStorage {
}
// Step 12
let domain = reg_host(&cookie.cookie.domain.as_ref().unwrap_or(&"".to_string()));
let domain = reg_host(&cookie.cookie.domain().as_ref().unwrap_or(&""));
let mut cookies = self.cookies_map.entry(domain).or_insert(vec![]);
if cookies.len() == self.max_per_host {
@ -111,7 +111,7 @@ impl CookieStorage {
let new_len = cookies.len();
// https://www.ietf.org/id/draft-ietf-httpbis-cookie-alone-01.txt
if new_len == old_len && !evict_one_cookie(cookie.cookie.secure, cookies) {
if new_len == old_len && !evict_one_cookie(cookie.cookie.secure(), cookies) {
return;
}
}
@ -119,8 +119,8 @@ impl CookieStorage {
}
pub fn cookie_comparator(a: &Cookie, b: &Cookie) -> Ordering {
let a_path_len = a.cookie.path.as_ref().map_or(0, |p| p.len());
let b_path_len = b.cookie.path.as_ref().map_or(0, |p| p.len());
let a_path_len = a.cookie.path().as_ref().map_or(0, |p| p.len());
let b_path_len = b.cookie.path().as_ref().map_or(0, |p| p.len());
match a_path_len.cmp(&b_path_len) {
Ordering::Equal => {
let a_creation_time = a.creation_time.to_timespec();
@ -137,10 +137,10 @@ impl CookieStorage {
pub fn cookies_for_url(&mut self, url: &ServoUrl, source: CookieSource) -> Option<String> {
let filterer = |c: &&mut Cookie| -> bool {
info!(" === SENT COOKIE : {} {} {:?} {:?}",
c.cookie.name,
c.cookie.value,
c.cookie.domain,
c.cookie.path);
c.cookie.name(),
c.cookie.value(),
c.cookie.domain(),
c.cookie.path());
info!(" === SENT COOKIE RESULT {}",
c.appropriate_for_url(url, source));
// Step 1
@ -161,7 +161,7 @@ impl CookieStorage {
(match acc.len() {
0 => acc,
_ => acc + "; ",
}) + &c.cookie.name + "=" + &c.cookie.value
}) + &c.cookie.name() + "=" + &c.cookie.value()
};
let result = url_cookies.iter_mut().fold("".to_owned(), reducer);
@ -175,7 +175,7 @@ impl CookieStorage {
pub fn cookies_data_for_url<'a>(&'a mut self,
url: &'a ServoUrl,
source: CookieSource)
-> Box<Iterator<Item = cookie_rs::Cookie> + 'a> {
-> Box<Iterator<Item = cookie_rs::Cookie<'static>> + 'a> {
let domain = reg_host(url.host_str().unwrap_or(""));
let cookies = self.cookies_map.entry(domain).or_insert(vec![]);
@ -187,7 +187,7 @@ impl CookieStorage {
}
fn reg_host<'a>(url: &'a str) -> String {
reg_suffix(url).to_string()
reg_suffix(url).to_lowercase()
}
fn is_cookie_expired(cookie: &Cookie) -> bool {
@ -219,7 +219,7 @@ fn evict_one_cookie(is_secure_cookie: bool, cookies: &mut Vec<Cookie>) -> bool {
fn get_oldest_accessed(is_secure_cookie: bool, cookies: &mut Vec<Cookie>) -> Option<(usize, Tm)> {
let mut oldest_accessed: Option<(usize, Tm)> = None;
for (i, c) in cookies.iter().enumerate() {
if (c.cookie.secure == is_secure_cookie) &&
if (c.cookie.secure() == is_secure_cookie) &&
oldest_accessed.as_ref().map_or(true, |a| c.last_access < a.1) {
oldest_accessed = Some((i, c.last_access));
}

6
components/net/http_loader.rs
View file

@ -27,6 +27,7 @@ use hyper::header::Origin as HyperOrigin;
use hyper::method::Method;
use hyper::net::{Fresh, HttpStream, HttpsStream, NetworkConnector};
use hyper::status::StatusCode;
use hyper_openssl::SslStream;
use hyper_serde::Serde;
use log;
use msg::constellation_msg::PipelineId;
@ -35,7 +36,6 @@ use net_traits::hosts::replace_host;
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode, ResponseTainting};
use net_traits::response::{HttpsState, Response, ResponseBody, ResponseType};
use openssl::ssl::SslStream;
use resource_thread::AuthCache;
use servo_url::{ImmutableOrigin, ServoUrl};
use std::collections::HashSet;
@ -257,8 +257,8 @@ fn set_cookie_for_url(cookie_jar: &Arc<RwLock<CookieStorage>>,
let header = Header::parse_header(&[cookie_val.into_bytes()]);
if let Ok(SetCookie(cookies)) = header {
for bare_cookie in cookies {
if let Some(cookie) = cookie::Cookie::new_wrapped(bare_cookie, request, source) {
for cookie in cookies {
if let Some(cookie) = cookie::Cookie::from_cookie_string(cookie, request, source) {
cookie_jar.push(cookie, request, source);
}
}

2
components/net/lib.rs
View file

@ -12,6 +12,7 @@ extern crate cookie as cookie_rs;
extern crate devtools_traits;
extern crate flate2;
extern crate hyper;
extern crate hyper_openssl;
extern crate hyper_serde;
extern crate immeta;
extern crate ipc_channel;
@ -23,7 +24,6 @@ extern crate mime_guess;
extern crate msg;
extern crate net_traits;
extern crate openssl;
extern crate openssl_verify;
extern crate profile_traits;
extern crate serde;
#[macro_use]

11
components/net/resource_thread.rs
View file

@ -148,6 +148,7 @@ impl ResourceChannelManager {
}
}
/// Returns false if the thread should exit.
fn process_msg(&mut self,
msg: CoreResourceMsg,
@ -158,10 +159,10 @@ impl ResourceChannelManager {
CoreResourceMsg::WebsocketConnect(connect, connect_data) =>
self.resource_manager.websocket_connect(connect, connect_data, group),
CoreResourceMsg::SetCookieForUrl(request, cookie, source) =>
self.resource_manager.set_cookie_for_url(&request, cookie, source, group),
self.resource_manager.set_cookie_for_url(&request, cookie.into_inner(), source, group),
CoreResourceMsg::SetCookiesForUrl(request, cookies, source) => {
for cookie in cookies {
self.resource_manager.set_cookie_for_url(&request, cookie.0, source, group);
self.resource_manager.set_cookie_for_url(&request, cookie.into_inner(), source, group);
}
}
CoreResourceMsg::GetCookiesForUrl(url, consumer, source) => {
@ -307,9 +308,11 @@ impl CoreResourceManager {
}
}
fn set_cookie_for_url(&mut self, request: &ServoUrl, cookie: cookie_rs::Cookie, source: CookieSource,
fn set_cookie_for_url(&mut self, request: &ServoUrl,
cookie: cookie_rs::Cookie<'static>,
source: CookieSource,
resource_group: &ResourceGroup) {
if let Some(cookie) = cookie::Cookie::new_wrapped(cookie, &request, source) {
if let Some(cookie) = cookie::Cookie::new_wrapped(cookie, request, source) {
let mut cookie_jar = resource_group.cookie_jar.write().unwrap();
cookie_jar.push(cookie, request, source)
}

10
components/net/subresource_integrity.rs
View file

@ -4,7 +4,7 @@
use base64;
use net_traits::response::{Response, ResponseBody, ResponseType};
use openssl::crypto::hash::{hash, Type as MessageDigest};
use openssl::hash::{MessageDigest, hash};
use std::iter::Filter;
use std::str::Split;
use std::sync::MutexGuard;
@ -119,7 +119,7 @@ fn apply_algorithm_to_response(body: MutexGuard<ResponseBody>,
message_digest: MessageDigest)
-> String {
if let ResponseBody::Done(ref vec) = *body {
let response_digest = hash(message_digest, vec);
let response_digest = hash(message_digest, vec).unwrap();
base64::encode(&response_digest)
} else {
unreachable!("Tried to calculate digest of incomplete response body")
@ -156,9 +156,9 @@ pub fn is_response_integrity_valid(integrity_metadata: &str, response: &Response
let digest = item.val;
let message_digest = match &*algorithm {
"sha256" => MessageDigest::SHA256,
"sha384" => MessageDigest::SHA384,
"sha512" => MessageDigest::SHA512,
"sha256" => MessageDigest::sha256(),
"sha384" => MessageDigest::sha384(),
"sha512" => MessageDigest::sha512(),
_ => continue,
};

7
components/net/websocket_loader.rs
View file

@ -3,6 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use cookie::Cookie;
use cookie_rs;
use cookie_storage::CookieStorage;
use fetch::methods::{should_be_blocked_due_to_bad_port, should_be_blocked_due_to_nosniff};
use http_loader::{is_redirect_status, set_request_cookies};
@ -596,8 +597,10 @@ fn http_network_fetch(url: &ServoUrl,
if let Some(cookies) = response.headers.get::<SetCookie>() {
let mut jar = cookie_jar.write().unwrap();
for cookie in &**cookies {
if let Some(cookie) = Cookie::new_wrapped(cookie.clone(), url, CookieSource::HTTP) {
jar.push(cookie, url, CookieSource::HTTP);
if let Ok(cookie) = cookie_rs::Cookie::parse(&**cookie) {
if let Some(cookie) = Cookie::new_wrapped(cookie.into_owned(), url, CookieSource::HTTP) {
jar.push(cookie, url, CookieSource::HTTP);
}
}
}
}