Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make SSL tests work #15784

Merged
merged 7 commits into from Apr 6, 2017

Replace hosts when making TCP connections, not when verifying SSL certs.

  • Loading branch information
jdm committed Apr 6, 2017
commit e9fdc4c72a1f93223dc22ae83d9c63271989505d
@@ -3,14 +3,53 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use hyper::client::Pool;
use hyper::net::HttpsConnector;
use hyper::error::{Result as HyperResult, Error as HyperError};
use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
use hyper_openssl::OpensslClient;
use net_traits::hosts::replace_host;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use std::io;
use std::net::TcpStream;
use std::path::PathBuf;
use std::sync::Arc;

pub type Connector = HttpsConnector<OpensslClient>;
pub struct HttpsConnector {
ssl: OpensslClient,
}

impl HttpsConnector {
fn new(ssl: OpensslClient) -> HttpsConnector {
HttpsConnector {
ssl: ssl,
}
}
}

impl NetworkConnector for HttpsConnector {
type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
if scheme != "http" && scheme != "https" {
return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
"Invalid scheme for Http")));
}

// Perform host replacement when making the actual TCP connection.
let addr = &(&*replace_host(host), port);
let stream = HttpStream(try!(TcpStream::connect(addr)));

if scheme == "http" {
Ok(HttpsStream::Http(stream))
} else {
// Do not perform host replacement on the host that is used
// for verifying any SSL certificate encountered.
self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
}
}
}

pub type Connector = HttpsConnector;

pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
@@ -34,7 +34,6 @@ use hyper_serde::Serde;
use log;
use msg::constellation_msg::PipelineId;
use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
use net_traits::hosts::replace_host;
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
use net_traits::request::{ResponseTainting, Type};
@@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
self.connector.connect(&replace_host(host), port, scheme)
self.connector.connect(host, port, scheme)

This comment has been minimized.

Copy link
@nox

nox Apr 6, 2017

Member

This implementation exists only to do that replace_host call, now that it is gone you can pass &self.connector again to HyperRequest::with_connector in NetworkHttpRequestFactory::create and remove this impl altogether.

Hah, you killed the whole wrapper in next commit, nice!

}
}

This file was deleted.

@@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

@@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

@@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

@@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

This file was deleted.

This file was deleted.

@@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

@@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

@@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

@@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

@@ -1,3 +1,23 @@
[messageevent-constructor.https.html]
type: testharness
expected: TIMEOUT
[Default event values]
expected: FAIL

[MessageEventInit dictionary]
expected: FAIL

[Passing null for ports member]
expected: FAIL

[ports attribute should be a FrozenArray]
expected: FAIL

[initMessageEvent operation]
expected: FAIL

[All parameters to initMessageEvent should be mandatory]
expected: FAIL

[Passing ServiceWorker for source member]
expected: FAIL

@@ -1,3 +1,5 @@
[promise-rejection-events.serviceworker.https.html]
type: testharness
expected: TIMEOUT
[Service worker setup]
expected: FAIL

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.