From d014c2929db3b83413d29a25e47c3dc5bf3e3bbe Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Thu, 27 Oct 2022 17:20:09 -0700 Subject: [PATCH] Update libcurl --- Cargo.toml | 4 ++-- src/cargo/ops/registry.rs | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0b48283156d..e1f6687c7dd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,8 +21,8 @@ bytesize = "1.0" cargo-platform = { path = "crates/cargo-platform", version = "0.1.2" } cargo-util = { path = "crates/cargo-util", version = "0.2.1" } crates-io = { path = "crates/crates-io", version = "0.34.0" } -curl = { version = "0.4.43", features = ["http2"] } -curl-sys = "0.4.55" +curl = { version = "0.4.44", features = ["http2"] } +curl-sys = "0.4.58" env_logger = "0.9.0" pretty_env_logger = { version = "0.4", optional = true } anyhow = "1.0" diff --git a/src/cargo/ops/registry.rs b/src/cargo/ops/registry.rs index ab4300b4f64..30d7546cc84 100644 --- a/src/cargo/ops/registry.rs +++ b/src/cargo/ops/registry.rs @@ -678,6 +678,24 @@ pub fn configure_http_handle(config: &Config, handle: &mut Easy) -> CargoResult< handle.ssl_min_max_version(min_version, max_version)?; } } + } else if cfg!(windows) { + // This is a temporary workaround for some bugs with libcurl and + // schannel and TLS 1.3. + // + // Our libcurl on Windows is usually built with schannel. + // On Windows 11 (or Windows Server 2022), libcurl recently (late + // 2022) gained support for TLS 1.3 with schannel, and it now defaults + // to 1.3. Unfortunately there have been some bugs with this. + // https://github.com/curl/curl/issues/9431 is the most recent. Once + // that has been fixed, and some time has passed where we can be more + // confident that the 1.3 support won't cause issues, this can be + // removed. + // + // Windows 10 is unaffected. libcurl does not support TLS 1.3 on + // Windows 10. (Windows 10 sorta had support, but it required enabling + // an advanced option in the registry which was buggy, and libcurl + // does runtime checks to prevent it.) + handle.ssl_min_max_version(SslVersion::Default, SslVersion::Tlsv12)?; } if let Some(true) = http.debug {