aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--components/net/connector.rs46
-rw-r--r--components/net/http_loader.rs5
-rw-r--r--components/net/resource_thread.rs13
3 files changed, 36 insertions, 28 deletions
diff --git a/components/net/connector.rs b/components/net/connector.rs
index 4d9ddcdab11..3f0dc0e12a9 100644
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@@ -2,33 +2,17 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-use hyper;
use hyper::client::Pool;
-use hyper_openssl;
+use hyper::net::HttpsConnector;
+use hyper_openssl::OpensslClient;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use servo_config::resource_files::resources_dir_path;
use std::sync::Arc;
-pub type Connector = hyper::net::HttpsConnector<hyper_openssl::OpensslClient>;
+pub type Connector = HttpsConnector<OpensslClient>;
-// The basic logic here is to prefer ciphers with ECDSA certificates, Forward
-// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
-// A complete discussion of the issues involved in TLS configuration can be found here:
-// https://wiki.mozilla.org/Security/Server_Side_TLS
-const DEFAULT_CIPHERS: &'static str = concat!(
- "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:",
- "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:",
- "DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:",
- "ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:",
- "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:",
- "ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:",
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:",
- "ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:",
- "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
-);
-
-pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
+pub fn create_ssl_client(certificate_file: &str) -> OpensslClient {
let ca_file = &resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file);
@@ -41,8 +25,26 @@ pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
}
let ssl_connector = ssl_connector_builder.build();
- let ssl_client = hyper_openssl::OpensslClient::from(ssl_connector);
- let https_connector = hyper::net::HttpsConnector::new(ssl_client);
+ OpensslClient::from(ssl_connector)
+}
+pub fn create_http_connector(ssl_client: OpensslClient) -> Arc<Pool<Connector>> {
+ let https_connector = HttpsConnector::new(ssl_client);
Arc::new(Pool::with_connector(Default::default(), https_connector))
}
+
+// The basic logic here is to prefer ciphers with ECDSA certificates, Forward
+// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
+// A complete discussion of the issues involved in TLS configuration can be found here:
+// https://wiki.mozilla.org/Security/Server_Side_TLS
+const DEFAULT_CIPHERS: &'static str = concat!(
+ "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:",
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:",
+ "DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:",
+ "ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:",
+ "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:",
+ "ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:",
+ "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:",
+ "ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:",
+ "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
+);
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
index 3d61d741efc..f99e4306137 100644
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use brotli::Decompressor;
-use connector::{Connector, create_http_connector};
+use connector::{Connector, create_http_connector, create_ssl_client};
use cookie;
use cookie_storage::CookieStorage;
use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest};
@@ -75,11 +75,12 @@ pub struct HttpState {
impl HttpState {
pub fn new(certificate_path: &str) -> HttpState {
+ let ssl_client = create_ssl_client(certificate_path);
HttpState {
hsts_list: Arc::new(RwLock::new(HstsList::new())),
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
- connector_pool: create_http_connector(certificate_path),
+ connector_pool: create_http_connector(ssl_client),
}
}
}
diff --git a/components/net/resource_thread.rs b/components/net/resource_thread.rs
index 46f3c9d53a2..acf1d1e80da 100644
--- a/components/net/resource_thread.rs
+++ b/components/net/resource_thread.rs
@@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//! A thread that takes a URL and streams back the binary data.
-use connector::{Connector, create_http_connector};
+use connector::{Connector, create_http_connector, create_ssl_client};
use cookie;
use cookie_rs;
use cookie_storage::CookieStorage;
@@ -13,6 +13,7 @@ use filemanager_thread::{FileManager, TFDProvider};
use hsts::HstsList;
use http_loader::HttpState;
use hyper::client::pool::Pool;
+use hyper_openssl::OpensslClient;
use hyper_serde::Serde;
use ipc_channel::ipc::{self, IpcReceiver, IpcReceiverSet, IpcSender};
use net_traits::{CookieSource, CoreResourceThread};
@@ -46,6 +47,7 @@ pub struct ResourceGroup {
cookie_jar: Arc<RwLock<CookieStorage>>,
auth_cache: Arc<RwLock<AuthCache>>,
hsts_list: Arc<RwLock<HstsList>>,
+ ssl_client: OpensslClient,
connector: Arc<Pool<Connector>>,
}
@@ -104,17 +106,20 @@ fn create_resource_groups(config_dir: Option<&Path>)
read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json");
read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json");
}
+ let ssl_client = create_ssl_client("certs");
let resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(cookie_jar)),
auth_cache: Arc::new(RwLock::new(auth_cache)),
hsts_list: Arc::new(RwLock::new(hsts_list.clone())),
- connector: create_http_connector("certs"),
+ ssl_client: ssl_client.clone(),
+ connector: create_http_connector(ssl_client.clone()),
};
let private_resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
hsts_list: Arc::new(RwLock::new(HstsList::new())),
- connector: create_http_connector("certs"),
+ ssl_client: ssl_client.clone(),
+ connector: create_http_connector(ssl_client),
};
(resource_group, private_resource_group)
}
@@ -327,7 +332,7 @@ impl CoreResourceManager {
cookie_jar: group.cookie_jar.clone(),
auth_cache: group.auth_cache.clone(),
// FIXME(#15694): use group.connector.clone() instead.
- connector_pool: create_http_connector("certs"),
+ connector_pool: create_http_connector(group.ssl_client.clone()),
};
let ua = self.user_agent.clone();
let dc = self.devtools_chan.clone();
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-08 15:12:05 +0000