Skip to content

Commit

Permalink
Replace hosts when making TCP connections, not when verifying SSL certs.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdm
jdm committed Apr 6, 2017
1 parent dc99104 commit e9fdc4c
Show file tree
Hide file tree
Showing 553 changed files with 252 additions and 2,658 deletions.
43 changes: 41 additions & 2 deletions components/net/connector.rs
View file
Expand Up @@ -3,14 +3,53 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use hyper::client::Pool;
use hyper::net::HttpsConnector;
use hyper::error::{Result as HyperResult, Error as HyperError};
use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
use hyper_openssl::OpensslClient;
use net_traits::hosts::replace_host;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use std::io;
use std::net::TcpStream;
use std::path::PathBuf;
use std::sync::Arc;

pub type Connector = HttpsConnector<OpensslClient>;
pub struct HttpsConnector {
ssl: OpensslClient,
}

impl HttpsConnector {
fn new(ssl: OpensslClient) -> HttpsConnector {
HttpsConnector {
ssl: ssl,
}
}
}

impl NetworkConnector for HttpsConnector {
type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
if scheme != "http" && scheme != "https" {
return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
"Invalid scheme for Http")));
}

// Perform host replacement when making the actual TCP connection.
let addr = &(&*replace_host(host), port);
let stream = HttpStream(try!(TcpStream::connect(addr)));

if scheme == "http" {
Ok(HttpsStream::Http(stream))
} else {
// Do not perform host replacement on the host that is used
// for verifying any SSL certificate encountered.
self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
}
}
}

pub type Connector = HttpsConnector;

pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
Expand Down
3 changes: 1 addition & 2 deletions components/net/http_loader.rs
View file
Expand Up @@ -34,7 +34,6 @@ use hyper_serde::Serde;
use log;
use msg::constellation_msg::PipelineId;
use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
use net_traits::hosts::replace_host;
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
use net_traits::request::{ResponseTainting, Type};
Expand Down Expand Up @@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
self.connector.connect(&replace_host(host), port, scheme)
self.connector.connect(host, port, scheme)
}
}

Expand Down
8 changes: 0 additions & 8 deletions tests/wpt/metadata/cors/basic.htm.ini
View file

This file was deleted.

3 changes: 3 additions & 0 deletions tests/wpt/metadata/fetch/api/basic/mode-same-origin-worker.html.ini
View file
Expand Up @@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

3 changes: 3 additions & 0 deletions tests/wpt/metadata/fetch/api/basic/mode-same-origin.html.ini
View file
Expand Up @@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

6 changes: 6 additions & 0 deletions tests/wpt/metadata/fetch/api/cors/cors-basic-worker.html.ini
View file
Expand Up @@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

6 changes: 6 additions & 0 deletions tests/wpt/metadata/fetch/api/cors/cors-basic.html.ini
View file
Expand Up @@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

8 changes: 0 additions & 8 deletions tests/wpt/metadata/fetch/api/cors/cors-no-preflight-worker.html.ini
View file

This file was deleted.

8 changes: 0 additions & 8 deletions tests/wpt/metadata/fetch/api/cors/cors-no-preflight.html.ini
View file

This file was deleted.

12 changes: 6 additions & 6 deletions tests/wpt/metadata/fetch/api/cors/cors-origin-worker.html.ini
View file
Expand Up @@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

Expand All @@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

12 changes: 6 additions & 6 deletions tests/wpt/metadata/fetch/api/cors/cors-origin.html.ini
View file
Expand Up @@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

Expand All @@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

22 changes: 21 additions & 1 deletion tests/wpt/metadata/html/webappapis/scripting/events/messageevent-constructor.https.html.ini
View file
@@ -1,3 +1,23 @@
[messageevent-constructor.https.html]
type: testharness
expected: TIMEOUT
[Default event values]
expected: FAIL

[MessageEventInit dictionary]
expected: FAIL

[Passing null for ports member]
expected: FAIL

[ports attribute should be a FrozenArray]
expected: FAIL

[initMessageEvent operation]
expected: FAIL

[All parameters to initMessageEvent should be mandatory]
expected: FAIL

[Passing ServiceWorker for source member]
expected: FAIL

4 changes: 3 additions & 1 deletion ...odel-2/unhandled-promise-rejections/promise-rejection-events.serviceworker.https.html.ini
View file
@@ -1,3 +1,5 @@
[promise-rejection-events.serviceworker.https.html]
type: testharness
expected: TIMEOUT
[Service worker setup]
expected: FAIL

6 changes: 0 additions & 6 deletions ...eferrer/cross-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...de/attr-referrer/cross-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...eferrer/cross-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...er/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...tr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...er/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rrer/cross-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...attr-referrer/cross-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rrer/cross-origin/http-https/link-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...referrer/same-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...ade/attr-referrer/same-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...referrer/same-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...ttr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...errer/same-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions .../attr-referrer/same-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...errer/same-origin/http-https/link-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...http-rp/cross-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...owngrade/http-rp/cross-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...http-rp/cross-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...ade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...p-rp/cross-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file

This file was deleted.

6 changes: 0 additions & 6 deletions ...grade/http-rp/cross-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file

This file was deleted.

0 comments on commit e9fdc4c

Please sign in to comment.