Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 13:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

servo: Merge #16230 - Introduce create_ssl_client (from nox:ssl); r=jdm

Browse Source 
Source-Repo: https://github.com/servo/servo
Source-Revision: 2df6e26fd726cded0e4f91ebd92e47669ffcc940

--HG--
extra : subtree_source : https%3A//hg.mozilla.org/projects/converted-servo-linear
extra : subtree_revision : 4c567dfd74183d32b6756834470805a2839a5617
This commit is contained in:
Anthony Ramine 2017-04-02 09:12:44 -05:00
parent 08d2db05b2
commit b6e22d3c65
3 changed files with 36 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
servo/components/net/connector.rs
View File

@ -2,15 +2,36 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use hyper;
use hyper::client::Pool;
use hyper_openssl;
use hyper::net::HttpsConnector;
use hyper_openssl::OpensslClient;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use servo_config::resource_files::resources_dir_path;
use std::sync::Arc;
pub type Connector = hyper::net::HttpsConnector<hyper_openssl::OpensslClient>;
pub type Connector = HttpsConnector<OpensslClient>;
pub fn create_ssl_client(certificate_file: &str) -> OpensslClient {
let ca_file = &resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file);
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
{
let context = ssl_connector_builder.builder_mut();
context.set_ca_file(ca_file).expect("could not set CA file");
context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
}
let ssl_connector = ssl_connector_builder.build();
OpensslClient::from(ssl_connector)
}
pub fn create_http_connector(ssl_client: OpensslClient) -> Arc<Pool<Connector>> {
let https_connector = HttpsConnector::new(ssl_client);
Arc::new(Pool::with_connector(Default::default(), https_connector))
}
// The basic logic here is to prefer ciphers with ECDSA certificates, Forward
// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
@ -27,22 +48,3 @@ const DEFAULT_CIPHERS: &'static str = concat!(
"ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:",
"AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
);
pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
let ca_file = &resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file);
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
{
let context = ssl_connector_builder.builder_mut();
context.set_ca_file(ca_file).expect("could not set CA file");
context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers");
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
}
let ssl_connector = ssl_connector_builder.build();
let ssl_client = hyper_openssl::OpensslClient::from(ssl_connector);
let https_connector = hyper::net::HttpsConnector::new(ssl_client);
Arc::new(Pool::with_connector(Default::default(), https_connector))
}

5
servo/components/net/http_loader.rs
View File

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use brotli::Decompressor;
use connector::{Connector, create_http_connector};
use connector::{Connector, create_http_connector, create_ssl_client};
use cookie;
use cookie_storage::CookieStorage;
use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest};
@ -75,11 +75,12 @@ pub struct HttpState {
impl HttpState {
pub fn new(certificate_path: &str) -> HttpState {
let ssl_client = create_ssl_client(certificate_path);
HttpState {
hsts_list: Arc::new(RwLock::new(HstsList::new())),
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
connector_pool: create_http_connector(certificate_path),
connector_pool: create_http_connector(ssl_client),
}
}
}

13
servo/components/net/resource_thread.rs
View File

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//! A thread that takes a URL and streams back the binary data.
use connector::{Connector, create_http_connector};
use connector::{Connector, create_http_connector, create_ssl_client};
use cookie;
use cookie_rs;
use cookie_storage::CookieStorage;
@ -13,6 +13,7 @@ use filemanager_thread::{FileManager, TFDProvider};
use hsts::HstsList;
use http_loader::HttpState;
use hyper::client::pool::Pool;
use hyper_openssl::OpensslClient;
use hyper_serde::Serde;
use ipc_channel::ipc::{self, IpcReceiver, IpcReceiverSet, IpcSender};
use net_traits::{CookieSource, CoreResourceThread};
@ -46,6 +47,7 @@ pub struct ResourceGroup {
cookie_jar: Arc<RwLock<CookieStorage>>,
auth_cache: Arc<RwLock<AuthCache>>,
hsts_list: Arc<RwLock<HstsList>>,
ssl_client: OpensslClient,
connector: Arc<Pool<Connector>>,
}
@ -104,17 +106,20 @@ fn create_resource_groups(config_dir: Option<&Path>)
read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json");
read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json");
}
let ssl_client = create_ssl_client("certs");
let resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(cookie_jar)),
auth_cache: Arc::new(RwLock::new(auth_cache)),
hsts_list: Arc::new(RwLock::new(hsts_list.clone())),
connector: create_http_connector("certs"),
ssl_client: ssl_client.clone(),
connector: create_http_connector(ssl_client.clone()),
};
let private_resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
hsts_list: Arc::new(RwLock::new(HstsList::new())),
connector: create_http_connector("certs"),
ssl_client: ssl_client.clone(),
connector: create_http_connector(ssl_client),
};
(resource_group, private_resource_group)
}
@ -327,7 +332,7 @@ impl CoreResourceManager {
cookie_jar: group.cookie_jar.clone(),
auth_cache: group.auth_cache.clone(),
// FIXME(#15694): use group.connector.clone() instead.
connector_pool: create_http_connector("certs"),
connector_pool: create_http_connector(group.ssl_client.clone()),
};
let ua = self.user_agent.clone();
let dc = self.devtools_chan.clone();