Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make SSL tests work #15784

Merged
merged 7 commits into from Apr 6, 2017
+586 −3,747
Merged

Make SSL tests work #15784

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
dc99104
Add command-line argument to use a custom SSL certificate database.
jdm Apr 5, 2017
e9fdc4c
Replace hosts when making TCP connections, not when verifying SSL certs.
jdm Apr 5, 2017
ba132e0
Remove unnecessary NetworkHttpRequestFactory abstraction.
jdm Apr 5, 2017
f12bb9d
Add a test verifying that HTTPS WPT tests work.
jdm Apr 5, 2017
e218935
Remove invalid cert test that can no longer test anything useful.
jdm Apr 5, 2017
e772086
Enable the WPT referrer-policy tests that use HTTPS.
jdm Apr 5, 2017
6f590a8
Move hosts module into net crate. Remove obsolete functions.
jdm Apr 5, 2017
File filter...
Filter file types
Clear filters
Jump to…
The table of contents is too big for display.

Always

Just for now

Prev Next

Replace hosts when making TCP connections, not when verifying SSL certs.

  • Loading branch information
@jdm
jdm committed Apr 6, 2017
commit e9fdc4c72a1f93223dc22ae83d9c63271989505d
43 components/net/connector.rs
View file
Open in desktop
@@ -3,14 +3,53 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use hyper::client::Pool;
use hyper::net::HttpsConnector;
use hyper::error::{Result as HyperResult, Error as HyperError};
use hyper::net::{NetworkConnector, HttpsStream, HttpStream, SslClient};
use hyper_openssl::OpensslClient;
use net_traits::hosts::replace_host;
use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3};
use openssl::ssl::{SslConnectorBuilder, SslMethod};
use std::io;
use std::net::TcpStream;
use std::path::PathBuf;
use std::sync::Arc;

pub type Connector = HttpsConnector<OpensslClient>;
pub struct HttpsConnector {
ssl: OpensslClient,
}

impl HttpsConnector {
fn new(ssl: OpensslClient) -> HttpsConnector {
HttpsConnector {
ssl: ssl,
}
}
}

impl NetworkConnector for HttpsConnector {
type Stream = HttpsStream<<OpensslClient as SslClient>::Stream>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> HyperResult<Self::Stream> {
if scheme != "http" && scheme != "https" {
return Err(HyperError::Io(io::Error::new(io::ErrorKind::InvalidInput,
"Invalid scheme for Http")));
}

// Perform host replacement when making the actual TCP connection.
let addr = &(&*replace_host(host), port);
let stream = HttpStream(try!(TcpStream::connect(addr)));

if scheme == "http" {
Ok(HttpsStream::Http(stream))
} else {
// Do not perform host replacement on the host that is used
// for verifying any SSL certificate encountered.
self.ssl.wrap_client(stream, host).map(HttpsStream::Https)
}
}
}

pub type Connector = HttpsConnector;

pub fn create_ssl_client(ca_file: &PathBuf) -> OpensslClient {
let mut ssl_connector_builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
3 components/net/http_loader.rs
View file
Open in desktop
@@ -34,7 +34,6 @@ use hyper_serde::Serde;
use log;
use msg::constellation_msg::PipelineId;
use net_traits::{CookieSource, FetchMetadata, NetworkError, ReferrerPolicy};
use net_traits::hosts::replace_host;
use net_traits::request::{CacheMode, CredentialsMode, Destination, Origin};
use net_traits::request::{RedirectMode, Referrer, Request, RequestMode};
use net_traits::request::{ResponseTainting, Type};
@@ -129,7 +128,7 @@ impl NetworkConnector for NetworkHttpRequestFactory {
type Stream = PooledStream<HttpsStream<SslStream<HttpStream>>>;

fn connect(&self, host: &str, port: u16, scheme: &str) -> Result<Self::Stream, HttpError> {
self.connector.connect(&replace_host(host), port, scheme)
self.connector.connect(host, port, scheme)

This comment has been minimized.

Sign in to view
Copy link
@nox

nox Apr 6, 2017

Member

This implementation exists only to do that replace_host call, now that it is gone you can pass &self.connector again to HyperRequest::with_connector in NetworkHttpRequestFactory::create and remove this impl altogether.

Hah, you killed the whole wrapper in next commit, nice!
}
}

8 tests/wpt/metadata/cors/basic.htm.ini
View file
Open in desktop

This file was deleted.

3 tests/wpt/metadata/fetch/api/basic/mode-same-origin-worker.html.ini
View file
Open in desktop
@@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

3 tests/wpt/metadata/fetch/api/basic/mode-same-origin.html.ini
View file
Open in desktop
@@ -3,3 +3,6 @@
[Fetch http://www1.web-platform.test:8000/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

[Fetch https://web-platform.test:8443/fetch/api/resources/top.txt with same-origin mode]
expected: FAIL

6 tests/wpt/metadata/fetch/api/cors/cors-basic-worker.html.ini
View file
Open in desktop
@@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

6 tests/wpt/metadata/fetch/api/cors/cors-basic.html.ini
View file
Open in desktop
@@ -39,3 +39,9 @@
[Cross domain different protocol [cors mode\]]
expected: FAIL

[Same domain different protocol different port [server forbid CORS\]]
expected: FAIL

[Cross domain different protocol [server forbid CORS\]]
expected: FAIL

8 tests/wpt/metadata/fetch/api/cors/cors-no-preflight-worker.html.ini
View file
Open in desktop

This file was deleted.

8 tests/wpt/metadata/fetch/api/cors/cors-no-preflight.html.ini
View file
Open in desktop

This file was deleted.

12 tests/wpt/metadata/fetch/api/cors/cors-origin-worker.html.ini
View file
Open in desktop
@@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

@@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

12 tests/wpt/metadata/fetch/api/cors/cors-origin.html.ini
View file
Open in desktop
@@ -9,12 +9,6 @@
[Cross domain different port [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin OK\]]
expected: FAIL

[Same domain different protocol different port [origin OK\]]
expected: FAIL

[Cross domain [POST\] [origin KO\]]
expected: FAIL

@@ -27,3 +21,9 @@
[Allowed origin: "" [origin KO\]]
expected: FAIL

[Cross domain different protocol [origin KO\]]
expected: FAIL

[Same domain different protocol different port [origin KO\]]
expected: FAIL

22 tests/wpt/metadata/html/webappapis/scripting/events/messageevent-constructor.https.html.ini
View file
Open in desktop
@@ -1,3 +1,23 @@
[messageevent-constructor.https.html]
type: testharness
expected: TIMEOUT
[Default event values]
expected: FAIL

[MessageEventInit dictionary]
expected: FAIL

[Passing null for ports member]
expected: FAIL

[ports attribute should be a FrozenArray]
expected: FAIL

[initMessageEvent operation]
expected: FAIL

[All parameters to initMessageEvent should be mandatory]
expected: FAIL

[Passing ServiceWorker for source member]
expected: FAIL

4 ...odel-2/unhandled-promise-rejections/promise-rejection-events.serviceworker.https.html.ini
View file
Open in desktop
@@ -1,3 +1,5 @@
[promise-rejection-events.serviceworker.https.html]
type: testharness
expected: TIMEOUT
[Service worker setup]
expected: FAIL

6 ...eferrer/cross-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...de/attr-referrer/cross-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...eferrer/cross-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...er/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...tr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...er/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rrer/cross-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...attr-referrer/cross-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rrer/cross-origin/http-https/link-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...referrer/same-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...ade/attr-referrer/same-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...referrer/same-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...ttr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...errer/same-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 .../attr-referrer/same-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...errer/same-origin/http-https/link-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...http-rp/cross-origin/http-https/a-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...owngrade/http-rp/cross-origin/http-https/a-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...http-rp/cross-origin/http-https/a-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...ade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...p-rp/cross-origin/http-https/link-tag/upgrade-protocol.keep-origin-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

6 ...grade/http-rp/cross-origin/http-https/link-tag/upgrade-protocol.no-redirect.http.html.ini
View file
Open in desktop

This file was deleted.

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.