net: Allow SSL websockets to use dynamic list of certs as well.

3 files changed, 19 insertions, 6 deletions

diff --git a/components/net/connector.rs b/components/net/connector.rs
index 20d58fee65e..41ab42e2184 100644
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@@ -184,12 +184,13 @@ pub(crate) fn create_tls_config(
             Err(_) => return false,
         };
 
-        // Ensure there's an entry stored in the set of known connection certs for this connection.
-        let host = ssl.ex_data(*HOST_INDEX).unwrap();
         let ssl_context = ssl.ssl_context();
-        let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();
 
-        connection_certs.store((*host).0.clone(), pem.clone());
+        // Ensure there's an entry stored in the set of known connection certs for this connection.
+        if let Some(host) = ssl.ex_data(*HOST_INDEX) {
+            let connection_certs = ssl_context.ex_data(*CONNECTION_INDEX).unwrap();
+            connection_certs.store((*host).0.clone(), pem.clone());
+        }
 
         // Fall back to the dynamic set of allowed certs.
         let extra_certs = ssl_context.ex_data(*EXTRA_INDEX).unwrap();
diff --git a/components/net/resource_thread.rs b/components/net/resource_thread.rs
index eaea61da7c5..94184c3a046 100644
--- a/components/net/resource_thread.rs
+++ b/components/net/resource_thread.rs
@@ -727,6 +727,8 @@ impl CoreResourceManager {
             action_receiver,
             http_state.clone(),
             self.certificate_path.clone(),
+            http_state.extra_certs.clone(),
+            http_state.connection_certs.clone(),
         );
     }
 }
diff --git a/components/net/websocket_loader.rs b/components/net/websocket_loader.rs
index 17e06705709..bece51173bb 100644
--- a/components/net/websocket_loader.rs
+++ b/components/net/websocket_loader.rs
@@ -38,6 +38,8 @@ struct Client<'a> {
     event_sender: &'a IpcSender<WebSocketNetworkEvent>,
     protocol_in_use: Option<String>,
     certificate_path: Option<String>,
+    extra_certs: ExtraCerts,
+    connection_certs: ConnectionCerts,
 }
 
 impl<'a> Factory for Client<'a> {
@@ -167,8 +169,12 @@ impl<'a> Handler for Client<'a> {
                 WebSocketErrorKind::Protocol,
                 format!("Unable to parse domain from {}. Needed for SSL.", url),
             ))?;
-        let tls_config =
-            create_tls_config(&certs, ALPN_H1, ExtraCerts::new(), ConnectionCerts::new());
+        let tls_config = create_tls_config(
+            &certs,
+            ALPN_H1,
+            self.extra_certs.clone(),
+            self.connection_certs.clone(),
+        );
         tls_config
             .build()
             .connect(domain, stream)
@@ -182,6 +188,8 @@ pub fn init(
     dom_action_receiver: IpcReceiver<WebSocketDomAction>,
     http_state: Arc<HttpState>,
     certificate_path: Option<String>,
+    extra_certs: ExtraCerts,
+    connection_certs: ConnectionCerts,
 ) {
     thread::Builder::new()
         .name(format!("WebSocket connection to {}", req_builder.url))
@@ -230,6 +238,8 @@ pub fn init(
                 event_sender: &resource_event_sender,
                 protocol_in_use: None,
                 certificate_path,
+                extra_certs,
+                connection_certs,
             };
             let mut ws = WebSocket::new(client).unwrap();