Commit graph

33 commits

Author SHA1 Message Date
Jan Andre Ikenmeyer
b811be764c
Add ALPN and signature algorithms to OpenSSL config 2019-11-30 05:18:00 +01:00
Jan Andre Ikenmeyer
25333b6451
Disable TLS 1.0 and 1.1 2019-05-10 14:53:32 +02:00
Josh Matthews
6404a0ef53 Redesign network response decoding to avoid creating decoders before some content is present. 2019-01-15 16:04:45 -05:00
Jan Andre Ikenmeyer
027154ecf0
Cleanup of default ciphersuite list
* don't offer DHE ciphersuites like Chrome
* don't offer AES-CBC-SHA2 like Firefox and Chrome
* don't offer AES-GCM for plain RSA like Firefox
* don't offer ECDSA with AES-CBC like Chrome
* don't offer weak DES-CBC3-SHA
* prefer AES256 over AES128 like Mozilla Modern, Safari and Edge
2018-11-21 22:04:30 +01:00
Jan Andre Ikenmeyer
1d6fe65401
Update MPL license to https (part 4) 2018-11-19 14:47:27 +01:00
bors-servo
dd5e5e9294
Auto merge of #22144 - Eijebong:hyperfix, r=jdm
Fix downloading huge files (broken since hyperup)

<!-- Reviewable:start -->
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/22144)
<!-- Reviewable:end -->
2018-11-08 08:47:10 -05:00
Bastien Orivel
85c6eff94a Use chunk.as_ref() instead of &chunk.into_bytes() 2018-11-08 12:37:50 +01:00
Simon Sapin
2012be4a8b cargo fix --edition-idioms 2018-11-08 09:28:00 +01:00
Bastien Orivel
dcbe7d36ae Continue decompressing chunks even after hyper is done downloading the body
If hyper reads compressed enough data, we were decompressing 32k by 32k
but we were throwing away the end of the body because we would end up
having lots of backed up data in the cursor when hyper was done.
2018-11-08 02:40:22 +01:00
Bastien Orivel
e30440c9cc Don't reset the buffers for each chunk we download
Sometimes hyper sends data that can't completely decompressed, resetting
the buffer means we're losing some data and thus breaking the body
2018-11-08 02:40:21 +01:00
Pyfisch
9e92eb205a Reorder imports 2018-11-06 22:35:07 +01:00
Simon Sapin
45f7199eee cargo fix --edition 2018-11-06 15:26:02 +01:00
Pyfisch
2481ad25f8 Rustfmt net crate 2018-11-03 15:29:01 +01:00
Bastien Orivel
024b40b39d Update hyper to 0.12 2018-11-01 19:17:36 +01:00
Bastien Orivel
73ef02ff17 Handle secure websockets
Fixes #20816
2018-08-16 00:24:19 +02:00
Paul Rouget
9fb5795f37 delegate resource reading to embedder 2018-04-27 15:34:52 +08:00
Bastien Orivel
6c6a4159cf Dedupe lazy_static
🎉 🎉 🎉
2018-03-23 18:14:20 +01:00
Simon Sapin
316cd35767 Untry 2017-06-18 13:21:51 +02:00
Anthony Ramine
16863017a9 Move the HTTP connector in HttpState 2017-04-06 19:35:11 +02:00
Josh Matthews
6f590a87bf Move hosts module into net crate. Remove obsolete functions. 2017-04-06 19:25:47 +09:00
Josh Matthews
e9fdc4c72a Replace hosts when making TCP connections, not when verifying SSL certs. 2017-04-06 19:25:37 +09:00
Josh Matthews
dc99104f55 Add command-line argument to use a custom SSL certificate database. 2017-04-06 19:25:34 +09:00
Anthony Ramine
20e0b6cd56 Introduce create_ssl_client
This lets us reuse the same SSL context for all HTTPS requests.
2017-04-02 15:27:40 +02:00
Anthony Ramine
ecd9ac9b68 Reorder and reorganise imports in net::connector 2017-04-02 14:57:19 +02:00
ddh
e527c9a991 Update Hyper and OpenSSL 2017-03-31 16:32:21 +02:00
Anthony Ramine
f66cae3f96 Revert "Introduce create_ssl_context"
This reverts commit 7a4632bfa2.
2017-03-31 16:19:00 +02:00
Anthony Ramine
7a4632bfa2 Introduce create_ssl_context 2017-03-28 00:37:25 +02:00
Raghav
6020b4c15c Implement HSTS fetch step
Implemented step nine of the main fetch. If current URL scheme is 'HTTP'
and current URL's host is domain and if current URL's host matched with
Known
HSTS Host Domain Name Matching results in either a superdomain match with
an asserted includeSubDomains directive or a congruent match then we
change request scheme to 'https'. This change has been made in method.rs

A test case to validate this has been added in fetch.rs. For asserting
https scheme, a https localhost was required. For this purpose I have
created a self-signed certificate and refactored fetch-context and
connector.rs to programmatically trust this certificate for running this
test case.
2016-12-29 12:55:31 +05:30
Alan Jeffrey
9be4fd56ce Removed util. 2016-12-14 18:04:37 -06:00
Manish Goregaokar
ceb85795b1
Use Result instead of panicking when the resource dir can't be found 2016-07-21 12:07:25 +05:30
Alex Gaynor
a0f03dcfac Disable TLS compression
This prevents the CRIME attack.
2016-07-01 07:19:46 -04:00
Matt Brubeck
5695da0c38 Use openssl-verify to check certificate + hostname
Fixes #4954.
2016-05-10 11:30:11 -07:00
Matt Brubeck
c344461017 Move http_loader::Connector to a separate module 2016-05-10 11:20:32 -07:00