Replace hosts when making TCP connections, not when verifying SSL certs.

This commit is contained in:
Josh Matthews 2017-04-05 16:42:37 -04:00
parent dc99104f55
commit e9fdc4c72a
553 changed files with 252 additions and 2658 deletions

View file

@ -3,14 +3,53 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use hyper::client::Pool;
use hyper::net::HttpsConnector;
use hyper::error::{Result as HyperResult, Error as HyperError};
use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
use hyper_openssl::OpensslClient;
use net_traits::hosts::replace_host;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use std::io;
use std::net::TcpStream;
use std::path::PathBuf;
use std::sync::Arc;
pub type Connector = HttpsConnector<OpensslClient>;
pub struct HttpsConnector {
ssl: OpensslClient,
}
impl HttpsConnector {
fn new(ssl: OpensslClient) -> HttpsConnector {
HttpsConnector {
ssl: ssl,
}
}
}
impl NetworkConnector for HttpsConnector {
type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;
fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
if scheme != "http" && scheme != "https" {
return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
"Invalid scheme for Http")));
}
// Perform host replacement when making the actual TCP connection.
let addr = &(&*replace_host(host), port);
let stream = HttpStream(try!(TcpStream::connect(addr)));
if scheme == "http" {
Ok(HttpsStream::Http(stream))
} else {
// Do not perform host replacement on the host that is used
// for verifying any SSL certificate encountered.
self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
}
}
}
pub type Connector = HttpsConnector;
pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();

View file

@ -34,7 +34,6 @@ use hyper_serde::Serde;
use log;
use msg::constellation_msg::PipelineId;
use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
use net_traits::hosts::replace_host;
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
use net_traits::request::{ResponseTainting, Type};
@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;
fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
self.connector.connect(&replace_host(host), port, scheme)
self.connector.connect(host, port, scheme)
}
}