Replace hosts when making TCP connections, not when verifying SSL certs.

2025-08-03 12:40:06 +01:00 · 2017-04-05 16:42:37 -04:00 · 2017-04-05 16:42:37 -04:00 · e9fdc4c72a
commit e9fdc4c72a
parent dc99104f55
553 changed files with 252 additions and 2658 deletions
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@ -3,14 +3,53 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

 use hyper::client::Pool;
-use hyper::net::HttpsConnector;
+use hyper::error::{Result as HyperResult, Error as HyperError};
+use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
 use hyper_openssl::OpensslClient;
+use net_traits::hosts::replace_host;
 use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
 use openssl::ssl::{SslConnectorBuilder, SslMethod};
+use std::io;
+use std::net::TcpStream;
 use std::path::PathBuf;
 use std::sync::Arc;

-pub type Connector = HttpsConnector<OpensslClient>;
+pub struct HttpsConnector {
+    ssl: OpensslClient,
+}
+
+impl HttpsConnector {
+    fn new(ssl: OpensslClient) -> HttpsConnector {
+        HttpsConnector {
+            ssl: ssl,
+        }
+    }
+}
+
+impl NetworkConnector for HttpsConnector {
+    type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;
+
+    fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
+        if scheme != "http" && scheme != "https" {
+            return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
+                                                     "Invalid scheme for Http")));
+        }
+
+        // Perform host replacement when making the actual TCP connection.
+        let addr = &(&*replace_host(host), port);
+        let stream = HttpStream(try!(TcpStream::connect(addr)));
+
+        if scheme == "http" {
+            Ok(HttpsStream::Http(stream))
+        } else {
+            // Do not perform host replacement on the host that is used
+            // for verifying any SSL certificate encountered.
+            self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
+        }
+    }
+}
+
+pub type Connector = HttpsConnector;

 pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
    let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@ -34,7 +34,6 @@ use hyper_serde::Serde;
 use log;
 use msg::constellation_msg::PipelineId;
 use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
-use net_traits::hosts::replace_host;
 use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
 use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
 use net_traits::request::{ResponseTainting, Type};
@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
    type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;

    fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
-        self.connector.connect(&replace_host(host), port, scheme)
+        self.connector.connect(host, port, scheme)
    }
 }