mirror of
https://github.com/rust-lang/cargo
synced 2024-09-13 21:11:44 +00:00
Auto merge of #7308 - guanqun:add-ssl-version, r=alexcrichton
add an option to specify ssl version Fixes #6684
This commit is contained in:
commit
8ae8b5ea98
|
@ -25,8 +25,8 @@ cargo-platform = { path = "crates/cargo-platform", version = "0.1" }
|
|||
crates-io = { path = "crates/crates-io", version = "0.29" }
|
||||
crossbeam-utils = "0.6"
|
||||
crypto-hash = "0.3.1"
|
||||
curl = { version = "0.4.21", features = ['http2'] }
|
||||
curl-sys = "0.4.18"
|
||||
curl = { version = "0.4.23", features = ['http2'] }
|
||||
curl-sys = "0.4.21"
|
||||
env_logger = "0.7.0"
|
||||
pretty_env_logger = { version = "0.3", optional = true }
|
||||
failure = "0.1.5"
|
||||
|
|
|
@ -7,7 +7,7 @@ use std::time::Duration;
|
|||
use std::{cmp, env};
|
||||
|
||||
use crates_io::{NewCrate, NewCrateDependency, Registry};
|
||||
use curl::easy::{Easy, InfoType, SslOpt};
|
||||
use curl::easy::{Easy, InfoType, SslOpt, SslVersion};
|
||||
use failure::{bail, format_err};
|
||||
use log::{log, Level};
|
||||
use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
|
||||
|
@ -18,7 +18,7 @@ use crate::core::source::Source;
|
|||
use crate::core::{Package, SourceId, Workspace};
|
||||
use crate::ops;
|
||||
use crate::sources::{RegistrySource, SourceConfigMap, CRATES_IO_REGISTRY};
|
||||
use crate::util::config::{self, Config};
|
||||
use crate::util::config::{self, Config, SslVersionConfig, SslVersionConfigRange};
|
||||
use crate::util::errors::{CargoResult, CargoResultExt};
|
||||
use crate::util::important_paths::find_root_manifest_for_wd;
|
||||
use crate::util::IntoUrl;
|
||||
|
@ -413,12 +413,14 @@ pub fn needs_custom_http_transport(config: &Config) -> CargoResult<bool> {
|
|||
let cainfo = config.get_path("http.cainfo")?;
|
||||
let check_revoke = config.get_bool("http.check-revoke")?;
|
||||
let user_agent = config.get_string("http.user-agent")?;
|
||||
let ssl_version = config.get::<Option<SslVersionConfig>>("http.ssl-version")?;
|
||||
|
||||
Ok(proxy_exists
|
||||
|| timeout
|
||||
|| cainfo.is_some()
|
||||
|| check_revoke.is_some()
|
||||
|| user_agent.is_some())
|
||||
|| user_agent.is_some()
|
||||
|| ssl_version.is_some())
|
||||
}
|
||||
|
||||
/// Configure a libcurl http handle with the defaults options for Cargo
|
||||
|
@ -438,6 +440,38 @@ pub fn configure_http_handle(config: &Config, handle: &mut Easy) -> CargoResult<
|
|||
handle.useragent(&version().to_string())?;
|
||||
}
|
||||
|
||||
fn to_ssl_version(s: &str) -> CargoResult<SslVersion> {
|
||||
let version = match s {
|
||||
"default" => SslVersion::Default,
|
||||
"tlsv1" => SslVersion::Tlsv1,
|
||||
"tlsv1.0" => SslVersion::Tlsv10,
|
||||
"tlsv1.1" => SslVersion::Tlsv11,
|
||||
"tlsv1.2" => SslVersion::Tlsv12,
|
||||
"tlsv1.3" => SslVersion::Tlsv13,
|
||||
_ => bail!(
|
||||
"Invalid ssl version `{}`,\
|
||||
choose from 'default', 'tlsv1', 'tlsv1.0', 'tlsv1.1', 'tlsv1.2', 'tlsv1.3'.",
|
||||
s
|
||||
),
|
||||
};
|
||||
Ok(version)
|
||||
}
|
||||
if let Some(ssl_version) = config.get::<Option<SslVersionConfig>>("http.ssl-version")? {
|
||||
match ssl_version {
|
||||
SslVersionConfig::Single(s) => {
|
||||
let version = to_ssl_version(s.as_str())?;
|
||||
handle.ssl_version(version)?;
|
||||
}
|
||||
SslVersionConfig::Range(SslVersionConfigRange { min, max }) => {
|
||||
let min_version =
|
||||
min.map_or(Ok(SslVersion::Default), |s| to_ssl_version(s.as_str()))?;
|
||||
let max_version =
|
||||
max.map_or(Ok(SslVersion::Default), |s| to_ssl_version(s.as_str()))?;
|
||||
handle.ssl_min_max_version(min_version, max_version)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(true) = config.get::<Option<bool>>("http.debug")? {
|
||||
handle.verbose(true)?;
|
||||
handle.debug_function(|kind, data| {
|
||||
|
|
|
@ -1854,3 +1854,29 @@ pub fn clippy_driver() -> PathBuf {
|
|||
.unwrap_or_else(|_| "clippy-driver".into())
|
||||
.into()
|
||||
}
|
||||
|
||||
/// Configuration for `ssl-version` in `http` section
|
||||
/// There are two ways to configure:
|
||||
///
|
||||
/// ```text
|
||||
/// [http]
|
||||
/// ssl-version = "tlsv1.3"
|
||||
/// ```
|
||||
///
|
||||
/// ```text
|
||||
/// [http]
|
||||
/// ssl-version.min = "tlsv1.2"
|
||||
/// ssl-version.max = "tlsv1.3"
|
||||
/// ```
|
||||
#[derive(Clone, Debug, Deserialize)]
|
||||
#[serde(untagged)]
|
||||
pub enum SslVersionConfig {
|
||||
Single(String),
|
||||
Range(SslVersionConfigRange),
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, Deserialize)]
|
||||
pub struct SslVersionConfigRange {
|
||||
pub min: Option<String>,
|
||||
pub max: Option<String>,
|
||||
}
|
||||
|
|
|
@ -107,6 +107,13 @@ proxy = "host:port" # HTTP proxy to use for HTTP requests (defaults to none)
|
|||
timeout = 30 # Timeout for each HTTP request, in seconds
|
||||
cainfo = "cert.pem" # Path to Certificate Authority (CA) bundle (optional)
|
||||
check-revoke = true # Indicates whether SSL certs are checked for revocation
|
||||
ssl-version = "tlsv1.3" # Indicates which SSL version or above to use (options are
|
||||
# "default", "tlsv1", "tlsv1.0", "tlsv1.1", "tlsv1.2", "tlsv1.3")
|
||||
# To better control SSL version, we can even use
|
||||
# `ssl-version.min = "..."` and `ssl-version.max = "..."`
|
||||
# where "..." is one of the above options. But note these two forms
|
||||
# ("setting `ssl-version`" and "setting both `min`/`max`)
|
||||
# can't co-exist.
|
||||
low-speed-limit = 5 # Lower threshold for bytes/sec (10 = default, 0 = disabled)
|
||||
multiplexing = true # whether or not to use HTTP/2 multiplexing where possible
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ use std::os;
|
|||
use std::path::Path;
|
||||
|
||||
use cargo::core::{enable_nightly_features, Shell};
|
||||
use cargo::util::config::{self, Config};
|
||||
use cargo::util::config::{self, Config, SslVersionConfig};
|
||||
use cargo::util::toml::{self, VecStringOrBool as VSOB};
|
||||
use cargo_test_support::{paths, project, t};
|
||||
use serde::Deserialize;
|
||||
|
@ -833,3 +833,87 @@ i64max = 9223372036854775807
|
|||
invalid value: integer `123456789`, expected i8",
|
||||
);
|
||||
}
|
||||
|
||||
#[cargo_test]
|
||||
fn config_get_ssl_version_missing() {
|
||||
write_config(
|
||||
"\
|
||||
[http]
|
||||
hello = 'world'
|
||||
",
|
||||
);
|
||||
|
||||
let config = new_config(&[]);
|
||||
|
||||
assert!(config
|
||||
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||
.unwrap()
|
||||
.is_none());
|
||||
}
|
||||
|
||||
#[cargo_test]
|
||||
fn config_get_ssl_version_single() {
|
||||
write_config(
|
||||
"\
|
||||
[http]
|
||||
ssl-version = 'tlsv1.2'
|
||||
",
|
||||
);
|
||||
|
||||
let config = new_config(&[]);
|
||||
|
||||
let a = config
|
||||
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||
.unwrap()
|
||||
.unwrap();
|
||||
match a {
|
||||
SslVersionConfig::Single(v) => assert_eq!(&v, "tlsv1.2"),
|
||||
SslVersionConfig::Range(_) => panic!("Did not expect ssl version min/max."),
|
||||
};
|
||||
}
|
||||
|
||||
#[cargo_test]
|
||||
fn config_get_ssl_version_min_max() {
|
||||
write_config(
|
||||
"\
|
||||
[http]
|
||||
ssl-version.min = 'tlsv1.2'
|
||||
ssl-version.max = 'tlsv1.3'
|
||||
",
|
||||
);
|
||||
|
||||
let config = new_config(&[]);
|
||||
|
||||
let a = config
|
||||
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||
.unwrap()
|
||||
.unwrap();
|
||||
match a {
|
||||
SslVersionConfig::Single(_) => panic!("Did not expect exact ssl version."),
|
||||
SslVersionConfig::Range(range) => {
|
||||
assert_eq!(range.min, Some(String::from("tlsv1.2")));
|
||||
assert_eq!(range.max, Some(String::from("tlsv1.3")));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
#[cargo_test]
|
||||
fn config_get_ssl_version_both_forms_configured() {
|
||||
// this is not allowed
|
||||
write_config(
|
||||
"\
|
||||
[http]
|
||||
ssl-version = 'tlsv1.1'
|
||||
ssl-version.min = 'tlsv1.2'
|
||||
ssl-version.max = 'tlsv1.3'
|
||||
",
|
||||
);
|
||||
|
||||
let config = new_config(&[]);
|
||||
|
||||
assert!(config.get::<SslVersionConfig>("http.ssl-version").is_err());
|
||||
assert!(config
|
||||
.get::<Option<SslVersionConfig>>("http.ssl-version")
|
||||
.unwrap()
|
||||
.is_none());
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue