diff options
Diffstat (limited to 'components/net/connector.rs')
| -rw-r--r-- | components/net/connector.rs | 52 |
1 files changed, 20 insertions, 32 deletions
diff --git a/components/net/connector.rs b/components/net/connector.rs index 8211e415f34..4d9ddcdab11 100644 --- a/components/net/connector.rs +++ b/components/net/connector.rs @@ -2,14 +2,15 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +use hyper; use hyper::client::Pool; -use hyper::net::{HttpStream, HttpsConnector, SslClient}; -use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER}; -use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream}; +use hyper_openssl; +use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3}; +use openssl::ssl::{SslConnectorBuilder, SslMethod}; use servo_config::resource_files::resources_dir_path; use std::sync::Arc; -pub type Connector = HttpsConnector<ServoSslClient>; +pub type Connector = hyper::net::HttpsConnector<hyper_openssl::OpensslClient>; // The basic logic here is to prefer ciphers with ECDSA certificates, Forward // Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers. @@ -28,33 +29,20 @@ const DEFAULT_CIPHERS: &'static str = concat!( ); pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> { - let mut context = SslContext::new(SslMethod::Sslv23).unwrap(); - context.set_CA_file(&resources_dir_path() - .expect("Need certificate file to make network requests") - .join(certificate_file)).unwrap(); - context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); - context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION); - let connector = HttpsConnector::new(ServoSslClient { - context: Arc::new(context) - }); - - Arc::new(Pool::with_connector(Default::default(), connector)) -} - -pub struct ServoSslClient { - context: Arc<SslContext>, -} - -impl SslClient for ServoSslClient { - type Stream = SslStream<HttpStream>; - - fn wrap_client(&self, stream: HttpStream, host: &str) -> Result<Self::Stream, ::hyper::Error> { - let mut ssl = try!(Ssl::new(&self.context)); - try!(ssl.set_hostname(host)); - let host = host.to_owned(); - ssl.set_verify_callback(SSL_VERIFY_PEER, move |p, x| { - ::openssl_verify::verify_callback(&host, p, x) - }); - SslStream::connect(ssl, stream).map_err(From::from) + let ca_file = &resources_dir_path() + .expect("Need certificate file to make network requests") + .join(certificate_file); + + let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); + { + let context = ssl_connector_builder.builder_mut(); + context.set_ca_file(ca_file).expect("could not set CA file"); + context.set_cipher_list(DEFAULT_CIPHERS).expect("could not set ciphers"); + context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION); } + let ssl_connector = ssl_connector_builder.build(); + let ssl_client = hyper_openssl::OpensslClient::from(ssl_connector); + let https_connector = hyper::net::HttpsConnector::new(ssl_client); + + Arc::new(Pool::with_connector(Default::default(), https_connector)) } |