mirror of
https://github.com/servo/servo.git
synced 2025-08-03 12:40:06 +01:00
Replace hosts when making TCP connections, not when verifying SSL certs.
This commit is contained in:
parent
dc99104f55
commit
e9fdc4c72a
553 changed files with 252 additions and 2658 deletions
|
@ -3,14 +3,53 @@
|
|||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use hyper::client::Pool;
|
||||
use hyper::net::HttpsConnector;
|
||||
use hyper::error::{Result as HyperResult, Error as HyperError};
|
||||
use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
|
||||
use hyper_openssl::OpensslClient;
|
||||
use net_traits::hosts::replace_host;
|
||||
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
|
||||
use openssl::ssl::{SslConnectorBuilder, SslMethod};
|
||||
use std::io;
|
||||
use std::net::TcpStream;
|
||||
use std::path::PathBuf;
|
||||
use std::sync::Arc;
|
||||
|
||||
pub type Connector = HttpsConnector<OpensslClient>;
|
||||
pub struct HttpsConnector {
|
||||
ssl: OpensslClient,
|
||||
}
|
||||
|
||||
impl HttpsConnector {
|
||||
fn new(ssl: OpensslClient) -> HttpsConnector {
|
||||
HttpsConnector {
|
||||
ssl: ssl,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl NetworkConnector for HttpsConnector {
|
||||
type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;
|
||||
|
||||
fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
|
||||
if scheme != "http" && scheme != "https" {
|
||||
return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
|
||||
"Invalid scheme for Http")));
|
||||
}
|
||||
|
||||
// Perform host replacement when making the actual TCP connection.
|
||||
let addr = &(&*replace_host(host), port);
|
||||
let stream = HttpStream(try!(TcpStream::connect(addr)));
|
||||
|
||||
if scheme == "http" {
|
||||
Ok(HttpsStream::Http(stream))
|
||||
} else {
|
||||
// Do not perform host replacement on the host that is used
|
||||
// for verifying any SSL certificate encountered.
|
||||
self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub type Connector = HttpsConnector;
|
||||
|
||||
pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
|
||||
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
|
||||
|
|
|
@ -34,7 +34,6 @@ use hyper_serde::Serde;
|
|||
use log;
|
||||
use msg::constellation_msg::PipelineId;
|
||||
use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
|
||||
use net_traits::hosts::replace_host;
|
||||
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
|
||||
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
|
||||
use net_traits::request::{ResponseTainting, Type};
|
||||
|
@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
|
|||
type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;
|
||||
|
||||
fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
|
||||
self.connector.connect(&replace_host(host), port, scheme)
|
||||
self.connector.connect(host, port, scheme)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue