Skip to content

wip: ssl-verify #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 5, 2014
Merged

wip: ssl-verify #168

merged 1 commit into from
Dec 5, 2014

Conversation

seanmonstar
Copy link
Member

Instead, you can use an instance of a NetworkConnector with
Request::with_connector. This allows overloading of the NetworkStream
constructors, so that it is easy to modify how an HttpStream is
created, while still relying on the rest of the stream implementation.

reem
reem reviewed Dec 4, 2014
View reviewed changes
src/http.rs

/// Access the inner Writer mutably.
///
/// Warning: You should not write to this directly, as you can corrupt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsafe maybe?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was following suite to std::io::BufferedReader, which hasn't marked it as unsafe.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. I think the warning should probably be enough.

@reem
Copy link
Contributor

reem commented Dec 4, 2014

Why don't we instead just add another method to NetworkConnector called verify or something, and just have people who want to use this use Request::with_stream::<MyVerificationStream>? It's slightly more of a pain to use, but doesn't use huge type signatures and callbacks.

@seanmonstar
Copy link
Member Author

That would be much easier for us, but much harder for anyone who wants ssl cert checking.

I'd hope for:

pub struct Client {
    pub ssl_verifier: Option<SslVerifier>,
    pub redirect_policy: RedirectPolicy,
    // ...
}

@reem
Copy link
Contributor

reem commented Dec 4, 2014

What if we changed our trait stack to separate NetworkConnector and NetworkStream so that NetworkConnector::connect is (&self, host, port) -> S where S: NetworkStream (right now that S would be a parameter to NetworkConnector but could be an associated type in the future), then have Request::with_stream actually take an instance of NetworkConnector.

Then, a verification connector could take an SslVerifier as an argument in its constructor, and we could provide a simpler connector that stores the SslVerifier for use during connect.

@seanmonstar
Copy link
Member Author

I was thinking that would be nice, so then people could continue to use HttpStream, and just provide new constructors.

So, I would then use 2 different connectors for the Client? Not sure how I could pass the SslVerifier to the different implementation, if it stays a static method.

@reem
Copy link
Contributor

reem commented Dec 4, 2014

connect would no longer be a static method, instead it would be a method on self and you'd pass a connector instance to with_stream (which would probably be renamed to with_connector).

@seanmonstar
Copy link
Member Author

@reem updated with the newer design.

@seanmonstar
Copy link
Member Author

and its green!

reem
reem reviewed Dec 5, 2014
View reviewed changes
benches/client_mock_tcp.rs
struct MockConnector;

impl net::NetworkConnector<MockStream> for MockConnector {
fn connect<To: ToSocketAddr>(&mut self, _addr: To, _scheme: &str) -> IoResult<MockStream> {
Ok(MockStream::new())
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra newline here

@reem
Copy link
Contributor

reem commented Dec 5, 2014

This looks good with those nits addressed.

@seanmonstar
refactor(net): NetworkConnecter no longer is for static usage
36429ab 
Instead, you can use an instance of a NetworkConnector with
`Request::with_connector`. This allows overloading of the NetworkStream
constructors, so that it is easy to modify how an `HttpStream` is
created, while still relying on the rest of the stream implementation.

BREAKING CHANGE
seanmonstar added a commit that referenced this pull request Dec 5, 2014
@seanmonstar
Merge pull request #168 from hyperium/ssl-verify
ae88092 
r=reem
@seanmonstar seanmonstar merged commit ae88092 into master Dec 5, 2014
@seanmonstar seanmonstar deleted the ssl-verify branch December 5, 2014 01:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seanmonstar @reem