Commit graph

47 commits

Author SHA1 Message Date
tannal
5c0199b568
Net: fold websocket and http tokio runtime into one (#31771)
* net: use the same tokio runtime in websocket loader

#31648

* readability

* license
2024-03-21 06:13:03 +00:00
eri
67b277c992
clippy: fix warnings in components/net (#31564)
* clippy: fix some warnings in components/net

* fix: review comments

* fix: tidy
2024-03-10 15:34:16 +00:00
Martin Robinson
5c1723c983
rustdoc: Fix many rustdoc errors (#31147)
This fixes many rustdoc errors that occur due to raw URLs in rustdoc
comments as well as unescaped Rust code that should be in backticks.
2024-01-22 13:13:48 +00:00
Martin Robinson
a53271d31e
Update network stack dependencies (#30612)
- webpki-roots
- webpki
- async-tungstenite
- rustls
- rustls-webpki
- ring
2023-11-02 18:41:25 +00:00
Samson
aad2dccc9c
Strict import formatting (grouping and granularity) (#30325)
* strict imports formatting

* Reformat all imports
2023-09-11 19:16:54 +00:00
Samson
711dbbd4af
remove extern crate (#30311)
* remove extern crate

* Update components/script_plugins/lib.rs

Co-authored-by: Martin Robinson <mrobinson@igalia.com>

---------

Co-authored-by: Martin Robinson <mrobinson@igalia.com>
2023-09-08 12:11:31 +00:00
Martin Robinson
bce7622cde
Switch to rustls and webpki-roots (#30025)
This change replaces OpenSSL with rustls and also the manually curated
CA certs file with webpki-roots (effectively the same thing, but as a
crate).

Generally speaking the design of the network stack is the same. Changes:

- Code around certificate overrides needed to be refactored to work with
  rustls so the various thread-safe list of certificates is refactored
  into `CertificateErrorOverrideManager`
- hyper-rustls takes care of setting ALPN protocols for HTTP requests,
  so for WebSockets this is moved to the WebSocket code.
- The safe set of cypher suites is chosen, which seem to correspond to
  the "Modern" configuration from [1]. This can be adjusted later.
- Instead of passing a string of PEM CA certificates around, an enum is
  used that includes parsed Certificates (or the default which reads
  them from webpki-roots).
- Code for starting up an SSL server for testing is cleaned up a little,
  due to the fact that the certificates need to be overriden explicitly
  now. This is due to the fact that the `webpki` crate is more stringent
  with self-signed certificates than SSL (CA certificates cannot used as
  end-entity certificates). [2]

1. https://wiki.mozilla.org/Security/Server_Side_TLS
2. https://github.com/briansmith/webpki/issues/114

Fixes #7888.
Fixes #13749.
Fixes #26835.
Fixes #29291.
2023-08-08 14:00:10 +00:00
Naveen Gattu
a48a111cee Upgrade Hyper 2022-01-16 09:34:17 -08:00
Josh Matthews
c8692d83ab net: Add unit test for accepting a self-signed cert. 2020-06-09 18:29:39 -04:00
Josh Matthews
6a6662195e net: Add option to temporarily accept certs that failed the handshake. 2020-06-09 15:03:18 -04:00
Josh Matthews
433c154595 net: Allow SSL websockets to use dynamic list of certs as well. 2020-06-09 15:03:18 -04:00
Josh Matthews
0ce2aa917a net: Pass certs that fail the SSL handshake out of the network layer. 2020-06-09 15:03:18 -04:00
Josh Matthews
1cdaf40eb2 net: Add an SSL verification callback to support checking a dynamic list of certs. 2020-06-09 15:03:18 -04:00
Jan Andre Ikenmeyer
21112a1b84
Configure OpenSSL SECLEVEL=2 2020-02-12 01:40:07 +01:00
Jan Andre Ikenmeyer
b811be764c
Add ALPN and signature algorithms to OpenSSL config 2019-11-30 05:18:00 +01:00
Jan Andre Ikenmeyer
25333b6451
Disable TLS 1.0 and 1.1 2019-05-10 14:53:32 +02:00
Josh Matthews
6404a0ef53 Redesign network response decoding to avoid creating decoders before some content is present. 2019-01-15 16:04:45 -05:00
Jan Andre Ikenmeyer
027154ecf0
Cleanup of default ciphersuite list
* don't offer DHE ciphersuites like Chrome
* don't offer AES-CBC-SHA2 like Firefox and Chrome
* don't offer AES-GCM for plain RSA like Firefox
* don't offer ECDSA with AES-CBC like Chrome
* don't offer weak DES-CBC3-SHA
* prefer AES256 over AES128 like Mozilla Modern, Safari and Edge
2018-11-21 22:04:30 +01:00
Jan Andre Ikenmeyer
1d6fe65401
Update MPL license to https (part 4) 2018-11-19 14:47:27 +01:00
bors-servo
dd5e5e9294
Auto merge of #22144 - Eijebong:hyperfix, r=jdm
Fix downloading huge files (broken since hyperup)

<!-- Reviewable:start -->
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/22144)
<!-- Reviewable:end -->
2018-11-08 08:47:10 -05:00
Bastien Orivel
85c6eff94a Use chunk.as_ref() instead of &chunk.into_bytes() 2018-11-08 12:37:50 +01:00
Simon Sapin
2012be4a8b cargo fix --edition-idioms 2018-11-08 09:28:00 +01:00
Bastien Orivel
dcbe7d36ae Continue decompressing chunks even after hyper is done downloading the body
If hyper reads compressed enough data, we were decompressing 32k by 32k
but we were throwing away the end of the body because we would end up
having lots of backed up data in the cursor when hyper was done.
2018-11-08 02:40:22 +01:00
Bastien Orivel
e30440c9cc Don't reset the buffers for each chunk we download
Sometimes hyper sends data that can't completely decompressed, resetting
the buffer means we're losing some data and thus breaking the body
2018-11-08 02:40:21 +01:00
Pyfisch
9e92eb205a Reorder imports 2018-11-06 22:35:07 +01:00
Simon Sapin
45f7199eee cargo fix --edition 2018-11-06 15:26:02 +01:00
Pyfisch
2481ad25f8 Rustfmt net crate 2018-11-03 15:29:01 +01:00
Bastien Orivel
024b40b39d Update hyper to 0.12 2018-11-01 19:17:36 +01:00
Bastien Orivel
73ef02ff17 Handle secure websockets
Fixes #20816
2018-08-16 00:24:19 +02:00
Paul Rouget
9fb5795f37 delegate resource reading to embedder 2018-04-27 15:34:52 +08:00
Bastien Orivel
6c6a4159cf Dedupe lazy_static
🎉 🎉 🎉
2018-03-23 18:14:20 +01:00
Simon Sapin
316cd35767 Untry 2017-06-18 13:21:51 +02:00
Anthony Ramine
16863017a9 Move the HTTP connector in HttpState 2017-04-06 19:35:11 +02:00
Josh Matthews
6f590a87bf Move hosts module into net crate. Remove obsolete functions. 2017-04-06 19:25:47 +09:00
Josh Matthews
e9fdc4c72a Replace hosts when making TCP connections, not when verifying SSL certs. 2017-04-06 19:25:37 +09:00
Josh Matthews
dc99104f55 Add command-line argument to use a custom SSL certificate database. 2017-04-06 19:25:34 +09:00
Anthony Ramine
20e0b6cd56 Introduce create_ssl_client
This lets us reuse the same SSL context for all HTTPS requests.
2017-04-02 15:27:40 +02:00
Anthony Ramine
ecd9ac9b68 Reorder and reorganise imports in net::connector 2017-04-02 14:57:19 +02:00
ddh
e527c9a991 Update Hyper and OpenSSL 2017-03-31 16:32:21 +02:00
Anthony Ramine
f66cae3f96 Revert "Introduce create_ssl_context"
This reverts commit 7a4632bfa2.
2017-03-31 16:19:00 +02:00
Anthony Ramine
7a4632bfa2 Introduce create_ssl_context 2017-03-28 00:37:25 +02:00
Raghav
6020b4c15c Implement HSTS fetch step
Implemented step nine of the main fetch. If current URL scheme is 'HTTP'
and current URL's host is domain and if current URL's host matched with
Known
HSTS Host Domain Name Matching results in either a superdomain match with
an asserted includeSubDomains directive or a congruent match then we
change request scheme to 'https'. This change has been made in method.rs

A test case to validate this has been added in fetch.rs. For asserting
https scheme, a https localhost was required. For this purpose I have
created a self-signed certificate and refactored fetch-context and
connector.rs to programmatically trust this certificate for running this
test case.
2016-12-29 12:55:31 +05:30
Alan Jeffrey
9be4fd56ce Removed util. 2016-12-14 18:04:37 -06:00
Manish Goregaokar
ceb85795b1
Use Result instead of panicking when the resource dir can't be found 2016-07-21 12:07:25 +05:30
Alex Gaynor
a0f03dcfac Disable TLS compression
This prevents the CRIME attack.
2016-07-01 07:19:46 -04:00
Matt Brubeck
5695da0c38 Use openssl-verify to check certificate + hostname
Fixes #4954.
2016-05-10 11:30:11 -07:00
Matt Brubeck
c344461017 Move http_loader::Connector to a separate module 2016-05-10 11:20:32 -07:00