From: Aleksey Kladov <aleksey.kladov@gmail.com>
Date: Fri, 23 Feb 2018 19:02:00 +0000 (+0300)
Subject: Warn Windows 7 users about old TLS
X-Git-Tag: archive/raspbian/0.35.0-2+rpi1~3^2^2^2^2^2^2^2~22^2~2^2~79^2~1
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=9de29ffd7ba26bfecfa659ed0fd3aae5aed49c10;p=cargo.git

Warn Windows 7 users about old TLS

An eyepatch for https://github.com/rust-lang/cargo/issues/5066.
---

diff --git a/src/cargo/util/network.rs b/src/cargo/util/network.rs
index 170805695..37fa69f58 100644
--- a/src/cargo/util/network.rs
+++ b/src/cargo/util/network.rs
@@ -33,6 +33,33 @@ fn maybe_spurious(err: &Error) -> bool {
     false
 }
 
+
+/// Suggest the user to update their windows 7 to support modern TLS versions.
+/// See https://github.com/rust-lang/cargo/issues/5066 for details.
+#[cfg(windows)]
+fn should_warn_about_old_tls_for_win7(err: &Error) -> bool {
+    err.causes()
+        .filter_map(|e| e.downcast_ref::<git2::Error>())
+        .find(|e| e.class() == git2::ErrorClass::Net && e.code() == git2::ErrorCode::Certificate)
+        .is_some()
+}
+
+#[cfg(not(windows))]
+fn should_warn_about_old_tls_for_win7(_err: &Error) -> bool {
+    false
+}
+
+const WIN7_TLS_WARNING: &str = "\
+Certificate check failure might be caused by outdated TLS on older versions of Windows.
+If you are using Windows 7, Windows Server 2008 R2 or Windows Server 2012,
+please follow these instructions to enable more secure TLS:
+
+    https://support.microsoft.com/en-us/help/3140245/
+
+See https://github.com/rust-lang/cargo/issues/5066 for details.
+";
+
+
 /// Wrapper method for network call retry logic.
 ///
 /// Retry counts provided by Config object `net.retry`. Config shell outputs
@@ -54,9 +81,14 @@ pub fn with_retry<T, F>(config: &Config, mut callback: F) -> CargoResult<T>
         match callback() {
             Ok(ret) => return Ok(ret),
             Err(ref e) if maybe_spurious(e) && remaining > 0 => {
-                let msg = format!("spurious network error ({} tries \
-                          remaining): {}", remaining, e);
-                config.shell().warn(msg)?;
+                config.shell().warn(
+                    format!("spurious network error ({} tries remaining): {}", remaining, e)
+                )?;
+
+                if should_warn_about_old_tls_for_win7(e) {
+                    config.shell().warn(WIN7_TLS_WARNING)?;
+                }
+
                 remaining -= 1;
             }
             //todo impl from