mirror of
https://github.com/servo/servo.git
synced 2025-06-14 19:34:29 +00:00
bce7622cde
This change replaces OpenSSL with rustls and also the manually curated CA certs file with webpki-roots (effectively the same thing, but as a crate). Generally speaking the design of the network stack is the same. Changes: - Code around certificate overrides needed to be refactored to work with rustls so the various thread-safe list of certificates is refactored into `CertificateErrorOverrideManager` - hyper-rustls takes care of setting ALPN protocols for HTTP requests, so for WebSockets this is moved to the WebSocket code. - The safe set of cypher suites is chosen, which seem to correspond to the "Modern" configuration from [1]. This can be adjusted later. - Instead of passing a string of PEM CA certificates around, an enum is used that includes parsed Certificates (or the default which reads them from webpki-roots). - Code for starting up an SSL server for testing is cleaned up a little, due to the fact that the certificates need to be overriden explicitly now. This is due to the fact that the `webpki` crate is more stringent with self-signed certificates than SSL (CA certificates cannot used as end-entity certificates). [2] 1. https://wiki.mozilla.org/Security/Server_Side_TLS 2. https://github.com/briansmith/webpki/issues/114 Fixes #7888. Fixes #13749. Fixes #26835. Fixes #29291. |
||
|---|---|---|
| .. | ||
| mach | ||
| servo | ||
| tidy | ||
| wpt | ||
| mach_bootstrap.py | ||
| README.md | ||
| requirements.txt | ||
| tox.ini | ||
This directory contains various Python modules used to support servo development.
servo
servo-specific python code e.g. implementations of mach commands. This is the canonical repository for this code.
tidy
servo-tidy is used to check licenses, line lengths, whitespace, flake8 on Python files, lock file versions, and more.
wpt
servo-wpt is a module with support scripts for running, importing, exporting, updating manifests, and updating expectations for WPT tests.