Auto merge of #16180 - nox:tungstenite, r=jdm

Make the WebSocket handshake ourselves 🍷 HYPE  --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16180)
servo · Mar 29, 2017 · 76a2c97 · 76a2c97
2 parents a54e4f3 + d022535
commit 76a2c97
Show file tree

Hide file tree

Showing 7 changed files with 632 additions and 131 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
@@ -527,7 +527,7 @@ fn is_null_body_status(status: &Option<StatusCode>) -> bool {
 }
 
 /// https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?
-fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &Headers) -> bool {
+pub fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &Headers) -> bool {
     /// https://fetch.spec.whatwg.org/#x-content-type-options-header
     /// This is needed to parse `X-Content-Type-Options` according to spec,
     /// which requires that we inspect only the first value.

diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
@@ -35,9 +35,7 @@ use net_traits::hosts::replace_host;
 use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
 use net_traits::request::{RedirectMode, Referrer, Request, RequestMode, ResponseTainting};
 use net_traits::response::{HttpsState, Response, ResponseBody, ResponseType};
-use openssl;
 use openssl::ssl::SslStream;
-use openssl::ssl::error::{OpensslError, SslError};
 use resource_thread::AuthCache;
 use servo_url::{ImmutableOrigin, ServoUrl};
 use std::collections::HashSet;
@@ -140,34 +138,7 @@ impl NetworkHttpRequestFactory {
     fn create(&self, url: ServoUrl, method: Method, headers: Headers)
               -> Result<HyperRequest<Fresh>, NetworkError> {
         let connection = HyperRequest::with_connector(method, url.clone().into_url(), self);
-
-        if let Err(HttpError::Ssl(ref error)) = connection {
-            let error: &(Error + Send + 'static) = &**error;
-            if let Some(&SslError::OpenSslErrors(ref errors)) = error.downcast_ref::<SslError>() {
-                if errors.iter().any(is_cert_verify_error) {
-                    let mut error_report = vec![format!("ssl error ({}):", openssl::version::version())];
-                    let mut suggestion = None;
-                    for err in errors {
-                        if is_unknown_message_digest_err(err) {
-                            suggestion = Some("<b>Servo recommends upgrading to a newer OpenSSL version.</b>");
-                        }
-                        error_report.push(format_ssl_error(err));
-                    }
-
-                    if let Some(suggestion) = suggestion {
-                        error_report.push(suggestion.to_owned());
-                    }
-
-                    let error_report = error_report.join("<br>\n");
-                    return Err(NetworkError::SslValidation(url, error_report));
-                }
-            }
-        }
-
-        let mut request = match connection {
-            Ok(req) => req,
-            Err(e) => return Err(NetworkError::Internal(e.description().to_owned())),
-        };
+        let mut request = connection.map_err(|e| NetworkError::from_hyper_error(&url, e))?;
         *request.headers_mut() = headers;
 
         Ok(request)
@@ -505,35 +476,6 @@ fn obtain_response(request_factory: &NetworkHttpRequestFactory,
     }
 }
 
-// FIXME: This incredibly hacky. Make it more robust, and at least test it.
-fn is_cert_verify_error(error: &OpensslError) -> bool {
-    match error {
-        &OpensslError::UnknownError { ref library, ref function, ref reason } => {
-            library == "SSL routines" &&
-            function.to_uppercase() == "SSL3_GET_SERVER_CERTIFICATE" &&
-            reason == "certificate verify failed"
-        }
-    }
-}
-
-fn is_unknown_message_digest_err(error: &OpensslError) -> bool {
-    match error {
-        &OpensslError::UnknownError { ref library, ref function, ref reason } => {
-            library == "asn1 encoding routines" &&
-            function == "ASN1_item_verify" &&
-            reason == "unknown message digest algorithm"
-        }
-    }
-}
-
-fn format_ssl_error(error: &OpensslError) -> String {
-    match error {
-        &OpensslError::UnknownError { ref library, ref function, ref reason } => {
-            format!("{}: {} - {}", library, function, reason)
-        }
-    }
-}
-
 /// [HTTP fetch](https://fetch.spec.whatwg.org#http-fetch)
 pub fn http_fetch(request: Rc<Request>,
                   cache: &mut CorsCache,
@@ -1417,7 +1359,7 @@ fn response_needs_revalidation(_response: &Response) -> bool {
 }
 
 /// https://fetch.spec.whatwg.org/#redirect-status
-fn is_redirect_status(status: StatusCode) -> bool {
+pub fn is_redirect_status(status: StatusCode) -> bool {
     match status {
         StatusCode::MovedPermanently |
         StatusCode::Found |

diff --git a/components/net/resource_thread.rs b/components/net/resource_thread.rs
@@ -355,6 +355,9 @@ impl CoreResourceManager {
                          connect: WebSocketCommunicate,
                          connect_data: WebSocketConnectData,
                          resource_grp: &ResourceGroup) {
-        websocket_loader::init(connect, connect_data, resource_grp.cookie_jar.clone());
+        websocket_loader::init(connect,
+                               connect_data,
+                               resource_grp.cookie_jar.clone(),
+                               resource_grp.ssl_context.clone());
     }
 }