caisin/typst
1
0
Fork 0
mirror of https://github.com/typst/typst synced 2025-05-14 04:56:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Configure ureq to use sytem-native TLS (#3258)

Browse Source
This commit is contained in:
Laurenz 2024-01-26 10:50:43 +01:00 committed by GitHub
parent b09d6ae31c
commit 6207b3d9b0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 150 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
Cargo.lock generated
View File

@ -398,6 +398,16 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "core-foundation"
version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "core-foundation-sys" name = "core-foundation-sys"
version = "0.8.6" version = "0.8.6"
@ -693,6 +703,21 @@ dependencies = [
"ttf-parser", "ttf-parser",
] ]
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]] [[package]]
name = "form_urlencoded" name = "form_urlencoded"
version = "1.2.1" version = "1.2.1"
@ -1169,6 +1194,12 @@ dependencies = [
"arrayvec", "arrayvec",
] ]
[[package]]
name = "lazy_static"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.151" version = "0.2.151"
@ -1334,6 +1365,24 @@ dependencies = [
"windows-sys 0.48.0", "windows-sys 0.48.0",
] ]
[[package]]
name = "native-tls"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
dependencies = [
"lazy_static",
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]] [[package]]
name = "notify" name = "notify"
version = "6.1.1" version = "6.1.1"
@ -1417,6 +1466,50 @@ dependencies = [
"pathdiff", "pathdiff",
] ]
[[package]]
name = "openssl"
version = "0.10.63"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "15c9d69dd87a29568d4d017cfe8ec518706046a05184e5aea92d0af890b803c8"
dependencies = [
"bitflags 2.4.1",
"cfg-if",
"foreign-types",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "openssl-probe"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.99"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22e1bf214306098e4832460f797824c05d25aacdf896f64a985fb0fd992454ae"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]] [[package]]
name = "option-ext" name = "option-ext"
version = "0.2.0" version = "0.2.0"
@ -1816,20 +1909,6 @@ dependencies = [
"bytemuck", "bytemuck",
] ]
[[package]]
name = "ring"
version = "0.17.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
dependencies = [
"cc",
"getrandom",
"libc",
"spin",
"untrusted",
"windows-sys 0.48.0",
]
[[package]] [[package]]
name = "roff" name = "roff"
version = "0.2.1" version = "0.2.1"
@ -1879,37 +1958,6 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "rustls"
version = "0.21.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
dependencies = [
"log",
"ring",
"rustls-webpki",
"sct",
]
[[package]]
name = "rustls-pemfile"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
dependencies = [
"base64",
]
[[package]]
name = "rustls-webpki"
version = "0.101.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
dependencies = [
"ring",
"untrusted",
]
[[package]] [[package]]
name = "rustversion" name = "rustversion"
version = "1.0.14" version = "1.0.14"
@ -1953,6 +2001,15 @@ dependencies = [
"winapi-util", "winapi-util",
] ]
[[package]]
name = "schannel"
version = "0.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534"
dependencies = [
"windows-sys 0.52.0",
]
[[package]] [[package]]
name = "scopeguard" name = "scopeguard"
version = "1.2.0" version = "1.2.0"
@ -1960,13 +2017,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
[[package]] [[package]]
name = "sct" name = "security-framework"
version = "0.7.1" version = "2.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de"
dependencies = [ dependencies = [
"ring", "bitflags 1.3.2",
"untrusted", "core-foundation",
"core-foundation-sys",
"libc",
"security-framework-sys",
]
[[package]]
name = "security-framework-sys"
version = "2.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a"
dependencies = [
"core-foundation-sys",
"libc",
] ]
[[package]] [[package]]
@ -2492,14 +2562,13 @@ dependencies = [
"env_proxy", "env_proxy",
"flate2", "flate2",
"fontdb", "fontdb",
"native-tls",
"notify", "notify",
"once_cell", "once_cell",
"open", "open",
"parking_lot", "parking_lot",
"pathdiff", "pathdiff",
"rayon", "rayon",
"rustls",
"rustls-pemfile",
"same-file", "same-file",
"self-replace", "self-replace",
"semver", "semver",
@ -2817,12 +2886,6 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e9df2af067a7953e9c3831320f35c1cc0600c30d44d9f7a12b01db1cd88d6b47" checksum = "e9df2af067a7953e9c3831320f35c1cc0600c30d44d9f7a12b01db1cd88d6b47"
[[package]]
name = "untrusted"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
[[package]] [[package]]
name = "ureq" name = "ureq"
version = "2.9.1" version = "2.9.1"
@ -2832,13 +2895,11 @@ dependencies = [
"base64", "base64",
"flate2", "flate2",
"log", "log",
"native-tls",
"once_cell", "once_cell",
"rustls",
"rustls-webpki",
"serde", "serde",
"serde_json", "serde_json",
"url", "url",
"webpki-roots",
] ]
[[package]] [[package]]
@ -2925,6 +2986,12 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]] [[package]]
name = "version_check" name = "version_check"
version = "0.9.4" version = "0.9.4"
@ -3041,12 +3108,6 @@ dependencies = [
"indexmap-nostd", "indexmap-nostd",
] ]
[[package]]
name = "webpki-roots"
version = "0.25.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
[[package]] [[package]]
name = "weezl" name = "weezl"
version = "0.1.7" version = "0.1.7"

5
Cargo.toml
View File

@ -62,6 +62,7 @@ libfuzzer-sys = "0.4"
lipsum = "0.9" lipsum = "0.9"
log = "0.4" log = "0.4"
miniz_oxide = "0.7" miniz_oxide = "0.7"
native-tls = "0.2"
notify = "6" notify = "6"
once_cell = "1" once_cell = "1"
open = "5.0.1" open = "5.0.1"
@ -78,8 +79,6 @@ rayon = "1.7.0"
regex = "1" regex = "1"
resvg = { version = "0.38.0", default-features = false, features = ["raster-images"] } resvg = { version = "0.38.0", default-features = false, features = ["raster-images"] }
roxmltree = "0.19" roxmltree = "0.19"
rustls = "0.21" # in sync with ureq
rustls-pemfile = "1" # in sync with rustls
rustybuzz = "0.12.1" rustybuzz = "0.12.1"
same-file = "1" same-file = "1"
self-replace = "1.3.7" self-replace = "1.3.7"
@ -110,7 +109,7 @@ unicode-properties = "0.1"
unicode-script = "0.5" unicode-script = "0.5"
unicode-segmentation = "1" unicode-segmentation = "1"
unscanny = "0.1" unscanny = "0.1"
ureq = "2" ureq = { version = "2", default-features = false, features = ["native-tls", "gzip"] }
usvg = { version = "0.38.0", default-features = false, features = ["text"] } usvg = { version = "0.38.0", default-features = false, features = ["text"] }
walkdir = "2" walkdir = "2"
wasmi = "0.31.0" wasmi = "0.31.0"

3
crates/typst-cli/Cargo.toml
View File

@ -35,14 +35,13 @@ ecow = { workspace = true }
env_proxy = { workspace = true } env_proxy = { workspace = true }
flate2 = { workspace = true } flate2 = { workspace = true }
fontdb = { workspace = true, features = ["memmap", "fontconfig"] } fontdb = { workspace = true, features = ["memmap", "fontconfig"] }
native-tls = { workspace = true }
notify = { workspace = true } notify = { workspace = true }
once_cell = { workspace = true } once_cell = { workspace = true }
open = { workspace = true } open = { workspace = true }
parking_lot = { workspace = true } parking_lot = { workspace = true }
pathdiff = { workspace = true } pathdiff = { workspace = true }
rayon = { workspace = true } rayon = { workspace = true }
rustls = { workspace = true }
rustls-pemfile = { workspace = true }
same-file = { workspace = true } same-file = { workspace = true }
self-replace = { workspace = true, optional = true } self-replace = { workspace = true, optional = true }
semver = { workspace = true } semver = { workspace = true }

43
crates/typst-cli/src/download.rs
View File

@ -7,6 +7,7 @@ use std::io::{self, ErrorKind, Read, Stderr, Write};
use std::sync::Arc; use std::sync::Arc;
use std::time::{Duration, Instant}; use std::time::{Duration, Instant};
use native_tls::{Certificate, TlsConnector};
use once_cell::sync::Lazy; use once_cell::sync::Lazy;
use ureq::Response; use ureq::Response;
@ -15,23 +16,10 @@ const SPEED_SAMPLES: usize = 5;
/// Lazily loads a custom CA certificate if present, but if there's an error /// Lazily loads a custom CA certificate if present, but if there's an error
/// loading certificate, it just uses the default configuration. /// loading certificate, it just uses the default configuration.
static TLS_CONFIG: Lazy<Option<Arc<rustls::ClientConfig>>> = Lazy::new(|| { static CERT: Lazy<Option<Certificate>> = Lazy::new(|| {
crate::ARGS let path = crate::ARGS.cert.as_ref()?;
.cert let pem = std::fs::read(path).ok()?;
.as_ref() Certificate::from_pem(&pem).ok()
.map(|path| {
let file = std::fs::OpenOptions::new().read(true).open(path)?;
let mut buffer = std::io::BufReader::new(file);
let certs = rustls_pemfile::certs(&mut buffer)?;
let mut store = rustls::RootCertStore::empty();
store.add_parsable_certificates(&certs);
let config = rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(store)
.with_no_client_auth();
Ok::<_, std::io::Error>(Arc::new(config))
})
.and_then(|x| x.ok())
}); });
/// Download binary data and display its progress. /// Download binary data and display its progress.
@ -44,10 +32,13 @@ pub fn download_with_progress(url: &str) -> Result<Vec<u8>, ureq::Error> {
/// Download from a URL. /// Download from a URL.
#[allow(clippy::result_large_err)] #[allow(clippy::result_large_err)]
pub fn download(url: &str) -> Result<ureq::Response, ureq::Error> { pub fn download(url: &str) -> Result<ureq::Response, ureq::Error> {
let mut builder = ureq::AgentBuilder::new() let mut builder = ureq::AgentBuilder::new();
.user_agent(concat!("typst/", env!("CARGO_PKG_VERSION"))); let mut tls = TlsConnector::builder();
// Get the network proxy config from the environment. // Set user agent.
builder = builder.user_agent(concat!("typst/", env!("CARGO_PKG_VERSION")));
// Get the network proxy config from the environment and apply it.
if let Some(proxy) = env_proxy::for_url_str(url) if let Some(proxy) = env_proxy::for_url_str(url)
.to_url() .to_url()
.and_then(|url| ureq::Proxy::new(url).ok()) .and_then(|url| ureq::Proxy::new(url).ok())
@ -56,12 +47,16 @@ pub fn download(url: &str) -> Result<ureq::Response, ureq::Error> {
} }
// Apply a custom CA certificate if present. // Apply a custom CA certificate if present.
if let Some(config) = &*TLS_CONFIG { if let Some(cert) = &*CERT {
builder = builder.tls_config(config.clone()); tls.add_root_certificate(cert.clone());
} }
let agent = builder.build(); // Configure native TLS.
agent.get(url).call() let connector =
tls.build().map_err(|err| io::Error::new(io::ErrorKind::Other, err))?;
builder = builder.tls_connector(Arc::new(connector));
builder.build().get(url).call()
} }
/// A wrapper around [`ureq::Response`] that reads the response body in chunks /// A wrapper around [`ureq::Response`] that reads the response body in chunks