mirror of
https://github.com/rust-lang/cargo
synced 2024-10-31 07:46:57 +00:00
152 lines
4.8 KiB
Rust
152 lines
4.8 KiB
Rust
//! Network tests for https transport.
|
|
//!
|
|
//! Note that these tests will generally require setting CARGO_CONTAINER_TESTS
|
|
//! or CARGO_PUBLIC_NETWORK_TESTS.
|
|
|
|
use cargo_test_support::containers::Container;
|
|
use cargo_test_support::project;
|
|
|
|
#[cargo_test(container_test)]
|
|
fn self_signed_should_fail() {
|
|
// Cargo should not allow a connection to a self-signed certificate.
|
|
let apache = Container::new("apache").launch();
|
|
let port = apache.port_mappings[&443];
|
|
let url = format!("https://127.0.0.1:{port}/repos/bar.git");
|
|
let p = project()
|
|
.file(
|
|
"Cargo.toml",
|
|
&format!(
|
|
r#"
|
|
[package]
|
|
name = "foo"
|
|
version = "0.1.0"
|
|
|
|
[dependencies]
|
|
bar = {{ git = "{url}" }}
|
|
"#
|
|
),
|
|
)
|
|
.file("src/lib.rs", "")
|
|
.build();
|
|
// I think the text here depends on the curl backend.
|
|
let err_msg = if cfg!(target_os = "macos") {
|
|
"untrusted connection error; class=Ssl (16); code=Certificate (-17)"
|
|
} else if cfg!(unix) {
|
|
"the SSL certificate is invalid; class=Ssl (16); code=Certificate (-17)"
|
|
} else if cfg!(windows) {
|
|
"user cancelled certificate check; class=Http (34); code=Certificate (-17)"
|
|
} else {
|
|
panic!("target not supported");
|
|
};
|
|
p.cargo("fetch")
|
|
.with_status(101)
|
|
.with_stderr(&format!(
|
|
"\
|
|
[UPDATING] git repository `https://127.0.0.1:[..]/repos/bar.git`
|
|
error: failed to get `bar` as a dependency of package `foo v0.1.0 ([ROOT]/foo)`
|
|
|
|
Caused by:
|
|
failed to load source for dependency `bar`
|
|
|
|
Caused by:
|
|
Unable to update https://127.0.0.1:[..]/repos/bar.git
|
|
|
|
Caused by:
|
|
failed to clone into: [ROOT]/home/.cargo/git/db/bar-[..]
|
|
|
|
Caused by:
|
|
network failure seems to have happened
|
|
if a proxy or similar is necessary `net.git-fetch-with-cli` may help here
|
|
https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
|
|
|
|
Caused by:
|
|
{err_msg}
|
|
"
|
|
))
|
|
.run();
|
|
}
|
|
|
|
#[cargo_test(container_test)]
|
|
fn self_signed_with_cacert() {
|
|
// When using cainfo, that should allow a connection to a self-signed cert.
|
|
|
|
if cfg!(target_os = "macos") {
|
|
// This test only seems to work with the
|
|
// curl-sys/force-system-lib-on-osx feature enabled. For some reason
|
|
// SecureTransport doesn't seem to like the self-signed certificate.
|
|
// It works if the certificate is manually approved via Keychain
|
|
// Access. The system libcurl is built with a LibreSSL fallback which
|
|
// is used when CAINFO is set, which seems to work correctly. This
|
|
// could use some more investigation. The official Rust binaries use
|
|
// curl-sys/force-system-lib-on-osx so it is mostly an issue for local
|
|
// testing.
|
|
//
|
|
// The error is:
|
|
// [60] SSL peer certificate or SSH remote key was not OK (SSL:
|
|
// certificate verification failed (result: 5)); class=Net (12)
|
|
let curl_v = curl::Version::get();
|
|
if curl_v.vendored() {
|
|
eprintln!(
|
|
"vendored curl not supported on macOS, \
|
|
set curl-sys/force-system-lib-on-osx to enable"
|
|
);
|
|
return;
|
|
}
|
|
}
|
|
|
|
let apache = Container::new("apache").launch();
|
|
let port = apache.port_mappings[&443];
|
|
let url = format!("https://127.0.0.1:{port}/repos/bar.git");
|
|
let server_crt = apache.read_file("/usr/local/apache2/conf/server.crt");
|
|
let p = project()
|
|
.file(
|
|
"Cargo.toml",
|
|
&format!(
|
|
r#"
|
|
[package]
|
|
name = "foo"
|
|
version = "0.1.0"
|
|
|
|
[dependencies]
|
|
bar = {{ git = "{url}" }}
|
|
"#
|
|
),
|
|
)
|
|
.file("src/lib.rs", "")
|
|
.file(
|
|
".cargo/config.toml",
|
|
&format!(
|
|
r#"
|
|
[http]
|
|
cainfo = "server.crt"
|
|
"#
|
|
),
|
|
)
|
|
.file("server.crt", &server_crt)
|
|
.build();
|
|
p.cargo("fetch")
|
|
.with_stderr("[UPDATING] git repository `https://127.0.0.1:[..]/repos/bar.git`")
|
|
.run();
|
|
}
|
|
|
|
#[cargo_test(public_network_test)]
|
|
fn github_works() {
|
|
// Check that an https connection to github.com works.
|
|
let p = project()
|
|
.file(
|
|
"Cargo.toml",
|
|
r#"
|
|
[package]
|
|
name = "foo"
|
|
version = "0.1.0"
|
|
|
|
[dependencies]
|
|
bitflags = { git = "https://github.com/rust-lang/bitflags.git", tag="1.3.2" }
|
|
"#,
|
|
)
|
|
.file("src/lib.rs", "")
|
|
.build();
|
|
p.cargo("fetch")
|
|
.with_stderr("[UPDATING] git repository `https://github.com/rust-lang/bitflags.git`")
|
|
.run();
|
|
}
|