mirror of
https://github.com/rust-lang/cargo
synced 2024-09-13 21:11:44 +00:00
Auto merge of #7308 - guanqun:add-ssl-version, r=alexcrichton
add an option to specify ssl version Fixes #6684
This commit is contained in:
commit
8ae8b5ea98
|
@ -25,8 +25,8 @@ cargo-platform = { path = "crates/cargo-platform", version = "0.1" }
|
||||||
crates-io = { path = "crates/crates-io", version = "0.29" }
|
crates-io = { path = "crates/crates-io", version = "0.29" }
|
||||||
crossbeam-utils = "0.6"
|
crossbeam-utils = "0.6"
|
||||||
crypto-hash = "0.3.1"
|
crypto-hash = "0.3.1"
|
||||||
curl = { version = "0.4.21", features = ['http2'] }
|
curl = { version = "0.4.23", features = ['http2'] }
|
||||||
curl-sys = "0.4.18"
|
curl-sys = "0.4.21"
|
||||||
env_logger = "0.7.0"
|
env_logger = "0.7.0"
|
||||||
pretty_env_logger = { version = "0.3", optional = true }
|
pretty_env_logger = { version = "0.3", optional = true }
|
||||||
failure = "0.1.5"
|
failure = "0.1.5"
|
||||||
|
|
|
@ -7,7 +7,7 @@ use std::time::Duration;
|
||||||
use std::{cmp, env};
|
use std::{cmp, env};
|
||||||
|
|
||||||
use crates_io::{NewCrate, NewCrateDependency, Registry};
|
use crates_io::{NewCrate, NewCrateDependency, Registry};
|
||||||
use curl::easy::{Easy, InfoType, SslOpt};
|
use curl::easy::{Easy, InfoType, SslOpt, SslVersion};
|
||||||
use failure::{bail, format_err};
|
use failure::{bail, format_err};
|
||||||
use log::{log, Level};
|
use log::{log, Level};
|
||||||
use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
|
use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
|
||||||
|
@ -18,7 +18,7 @@ use crate::core::source::Source;
|
||||||
use crate::core::{Package, SourceId, Workspace};
|
use crate::core::{Package, SourceId, Workspace};
|
||||||
use crate::ops;
|
use crate::ops;
|
||||||
use crate::sources::{RegistrySource, SourceConfigMap, CRATES_IO_REGISTRY};
|
use crate::sources::{RegistrySource, SourceConfigMap, CRATES_IO_REGISTRY};
|
||||||
use crate::util::config::{self, Config};
|
use crate::util::config::{self, Config, SslVersionConfig, SslVersionConfigRange};
|
||||||
use crate::util::errors::{CargoResult, CargoResultExt};
|
use crate::util::errors::{CargoResult, CargoResultExt};
|
||||||
use crate::util::important_paths::find_root_manifest_for_wd;
|
use crate::util::important_paths::find_root_manifest_for_wd;
|
||||||
use crate::util::IntoUrl;
|
use crate::util::IntoUrl;
|
||||||
|
@ -413,12 +413,14 @@ pub fn needs_custom_http_transport(config: &Config) -> CargoResult<bool> {
|
||||||
let cainfo = config.get_path("http.cainfo")?;
|
let cainfo = config.get_path("http.cainfo")?;
|
||||||
let check_revoke = config.get_bool("http.check-revoke")?;
|
let check_revoke = config.get_bool("http.check-revoke")?;
|
||||||
let user_agent = config.get_string("http.user-agent")?;
|
let user_agent = config.get_string("http.user-agent")?;
|
||||||
|
let ssl_version = config.get::<Option<SslVersionConfig>>("http.ssl-version")?;
|
||||||
|
|
||||||
Ok(proxy_exists
|
Ok(proxy_exists
|
||||||
|| timeout
|
|| timeout
|
||||||
|| cainfo.is_some()
|
|| cainfo.is_some()
|
||||||
|| check_revoke.is_some()
|
|| check_revoke.is_some()
|
||||||
|| user_agent.is_some())
|
|| user_agent.is_some()
|
||||||
|
|| ssl_version.is_some())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Configure a libcurl http handle with the defaults options for Cargo
|
/// Configure a libcurl http handle with the defaults options for Cargo
|
||||||
|
@ -438,6 +440,38 @@ pub fn configure_http_handle(config: &Config, handle: &mut Easy) -> CargoResult<
|
||||||
handle.useragent(&version().to_string())?;
|
handle.useragent(&version().to_string())?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn to_ssl_version(s: &str) -> CargoResult<SslVersion> {
|
||||||
|
let version = match s {
|
||||||
|
"default" => SslVersion::Default,
|
||||||
|
"tlsv1" => SslVersion::Tlsv1,
|
||||||
|
"tlsv1.0" => SslVersion::Tlsv10,
|
||||||
|
"tlsv1.1" => SslVersion::Tlsv11,
|
||||||
|
"tlsv1.2" => SslVersion::Tlsv12,
|
||||||
|
"tlsv1.3" => SslVersion::Tlsv13,
|
||||||
|
_ => bail!(
|
||||||
|
"Invalid ssl version `{}`,\
|
||||||
|
choose from 'default', 'tlsv1', 'tlsv1.0', 'tlsv1.1', 'tlsv1.2', 'tlsv1.3'.",
|
||||||
|
s
|
||||||
|
),
|
||||||
|
};
|
||||||
|
Ok(version)
|
||||||
|
}
|
||||||
|
if let Some(ssl_version) = config.get::<Option<SslVersionConfig>>("http.ssl-version")? {
|
||||||
|
match ssl_version {
|
||||||
|
SslVersionConfig::Single(s) => {
|
||||||
|
let version = to_ssl_version(s.as_str())?;
|
||||||
|
handle.ssl_version(version)?;
|
||||||
|
}
|
||||||
|
SslVersionConfig::Range(SslVersionConfigRange { min, max }) => {
|
||||||
|
let min_version =
|
||||||
|
min.map_or(Ok(SslVersion::Default), |s| to_ssl_version(s.as_str()))?;
|
||||||
|
let max_version =
|
||||||
|
max.map_or(Ok(SslVersion::Default), |s| to_ssl_version(s.as_str()))?;
|
||||||
|
handle.ssl_min_max_version(min_version, max_version)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if let Some(true) = config.get::<Option<bool>>("http.debug")? {
|
if let Some(true) = config.get::<Option<bool>>("http.debug")? {
|
||||||
handle.verbose(true)?;
|
handle.verbose(true)?;
|
||||||
handle.debug_function(|kind, data| {
|
handle.debug_function(|kind, data| {
|
||||||
|
|
|
@ -1854,3 +1854,29 @@ pub fn clippy_driver() -> PathBuf {
|
||||||
.unwrap_or_else(|_| "clippy-driver".into())
|
.unwrap_or_else(|_| "clippy-driver".into())
|
||||||
.into()
|
.into()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Configuration for `ssl-version` in `http` section
|
||||||
|
/// There are two ways to configure:
|
||||||
|
///
|
||||||
|
/// ```text
|
||||||
|
/// [http]
|
||||||
|
/// ssl-version = "tlsv1.3"
|
||||||
|
/// ```
|
||||||
|
///
|
||||||
|
/// ```text
|
||||||
|
/// [http]
|
||||||
|
/// ssl-version.min = "tlsv1.2"
|
||||||
|
/// ssl-version.max = "tlsv1.3"
|
||||||
|
/// ```
|
||||||
|
#[derive(Clone, Debug, Deserialize)]
|
||||||
|
#[serde(untagged)]
|
||||||
|
pub enum SslVersionConfig {
|
||||||
|
Single(String),
|
||||||
|
Range(SslVersionConfigRange),
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Deserialize)]
|
||||||
|
pub struct SslVersionConfigRange {
|
||||||
|
pub min: Option<String>,
|
||||||
|
pub max: Option<String>,
|
||||||
|
}
|
||||||
|
|
|
@ -107,6 +107,13 @@ proxy = "host:port" # HTTP proxy to use for HTTP requests (defaults to none)
|
||||||
timeout = 30 # Timeout for each HTTP request, in seconds
|
timeout = 30 # Timeout for each HTTP request, in seconds
|
||||||
cainfo = "cert.pem" # Path to Certificate Authority (CA) bundle (optional)
|
cainfo = "cert.pem" # Path to Certificate Authority (CA) bundle (optional)
|
||||||
check-revoke = true # Indicates whether SSL certs are checked for revocation
|
check-revoke = true # Indicates whether SSL certs are checked for revocation
|
||||||
|
ssl-version = "tlsv1.3" # Indicates which SSL version or above to use (options are
|
||||||
|
# "default", "tlsv1", "tlsv1.0", "tlsv1.1", "tlsv1.2", "tlsv1.3")
|
||||||
|
# To better control SSL version, we can even use
|
||||||
|
# `ssl-version.min = "..."` and `ssl-version.max = "..."`
|
||||||
|
# where "..." is one of the above options. But note these two forms
|
||||||
|
# ("setting `ssl-version`" and "setting both `min`/`max`)
|
||||||
|
# can't co-exist.
|
||||||
low-speed-limit = 5 # Lower threshold for bytes/sec (10 = default, 0 = disabled)
|
low-speed-limit = 5 # Lower threshold for bytes/sec (10 = default, 0 = disabled)
|
||||||
multiplexing = true # whether or not to use HTTP/2 multiplexing where possible
|
multiplexing = true # whether or not to use HTTP/2 multiplexing where possible
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ use std::os;
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
|
||||||
use cargo::core::{enable_nightly_features, Shell};
|
use cargo::core::{enable_nightly_features, Shell};
|
||||||
use cargo::util::config::{self, Config};
|
use cargo::util::config::{self, Config, SslVersionConfig};
|
||||||
use cargo::util::toml::{self, VecStringOrBool as VSOB};
|
use cargo::util::toml::{self, VecStringOrBool as VSOB};
|
||||||
use cargo_test_support::{paths, project, t};
|
use cargo_test_support::{paths, project, t};
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
|
@ -833,3 +833,87 @@ i64max = 9223372036854775807
|
||||||
invalid value: integer `123456789`, expected i8",
|
invalid value: integer `123456789`, expected i8",
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cargo_test]
|
||||||
|
fn config_get_ssl_version_missing() {
|
||||||
|
write_config(
|
||||||
|
"\
|
||||||
|
[http]
|
||||||
|
hello = 'world'
|
||||||
|
",
|
||||||
|
);
|
||||||
|
|
||||||
|
let config = new_config(&[]);
|
||||||
|
|
||||||
|
assert!(config
|
||||||
|
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||||
|
.unwrap()
|
||||||
|
.is_none());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cargo_test]
|
||||||
|
fn config_get_ssl_version_single() {
|
||||||
|
write_config(
|
||||||
|
"\
|
||||||
|
[http]
|
||||||
|
ssl-version = 'tlsv1.2'
|
||||||
|
",
|
||||||
|
);
|
||||||
|
|
||||||
|
let config = new_config(&[]);
|
||||||
|
|
||||||
|
let a = config
|
||||||
|
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||||
|
.unwrap()
|
||||||
|
.unwrap();
|
||||||
|
match a {
|
||||||
|
SslVersionConfig::Single(v) => assert_eq!(&v, "tlsv1.2"),
|
||||||
|
SslVersionConfig::Range(_) => panic!("Did not expect ssl version min/max."),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cargo_test]
|
||||||
|
fn config_get_ssl_version_min_max() {
|
||||||
|
write_config(
|
||||||
|
"\
|
||||||
|
[http]
|
||||||
|
ssl-version.min = 'tlsv1.2'
|
||||||
|
ssl-version.max = 'tlsv1.3'
|
||||||
|
",
|
||||||
|
);
|
||||||
|
|
||||||
|
let config = new_config(&[]);
|
||||||
|
|
||||||
|
let a = config
|
||||||
|
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||||
|
.unwrap()
|
||||||
|
.unwrap();
|
||||||
|
match a {
|
||||||
|
SslVersionConfig::Single(_) => panic!("Did not expect exact ssl version."),
|
||||||
|
SslVersionConfig::Range(range) => {
|
||||||
|
assert_eq!(range.min, Some(String::from("tlsv1.2")));
|
||||||
|
assert_eq!(range.max, Some(String::from("tlsv1.3")));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cargo_test]
|
||||||
|
fn config_get_ssl_version_both_forms_configured() {
|
||||||
|
// this is not allowed
|
||||||
|
write_config(
|
||||||
|
"\
|
||||||
|
[http]
|
||||||
|
ssl-version = 'tlsv1.1'
|
||||||
|
ssl-version.min = 'tlsv1.2'
|
||||||
|
ssl-version.max = 'tlsv1.3'
|
||||||
|
",
|
||||||
|
);
|
||||||
|
|
||||||
|
let config = new_config(&[]);
|
||||||
|
|
||||||
|
assert!(config.get::<SslVersionConfig>("http.ssl-version").is_err());
|
||||||
|
assert!(config
|
||||||
|
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||||
|
.unwrap()
|
||||||
|
.is_none());
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue