Skip to content

Commit

Permalink
WIP implementation of TLS min version see lycheeverse#1232
Browse files Browse the repository at this point in the history
  • Loading branch information
@HU90m
HU90m committed Sep 4, 2023
1 parent 7fe5ce2 commit 84a7d5c
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 2 deletions.
1 change: 1 addition & 0 deletions lychee-bin/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ pub(crate) fn create(cfg: &Config, cookie_jar: Option<&Arc<CookieStoreMutex>>) -
.accepted(accepted)
.require_https(cfg.require_https)
.cookie_jar(cookie_jar.cloned())
.min_tls_version(cfg.min_tls)
.include_fragments(cfg.include_fragments)
.build()
.client()
Expand Down
31 changes: 30 additions & 1 deletion lychee-bin/src/options.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ use crate::archive::Archive;
use crate::parse::{parse_base, parse_statuscodes};
use crate::verbosity::Verbosity;
use anyhow::{anyhow, Context, Error, Result};
use clap::{arg, builder::TypedValueParser, Parser};
use clap::{arg, Parser, builder::{TypedValueParser, PossibleValuesParser}};

use const_format::{concatcp, formatcp};
use lychee_lib::{
Base, BasicAuthSelector, Input, DEFAULT_MAX_REDIRECTS, DEFAULT_MAX_RETRIES,
DEFAULT_RETRY_WAIT_TIME_SECS, DEFAULT_TIMEOUT_SECS, DEFAULT_USER_AGENT,
};
use reqwest::tls;
use secrecy::{ExposeSecret, SecretString};
use serde::Deserialize;
use std::path::Path;
Expand Down Expand Up @@ -44,6 +46,22 @@ const HELP_MSG_CONFIG_FILE: &str = formatcp!(
const TIMEOUT_STR: &str = concatcp!(DEFAULT_TIMEOUT_SECS);
const RETRY_WAIT_TIME_STR: &str = concatcp!(DEFAULT_RETRY_WAIT_TIME_SECS);

const TLS_VERSIONS: [&'static str; 4] = [
"TLSv1_0",
"TLSv1_1",
"TLSv1_2",
"TLSv1_3",
];
fn tls_from_str(ver: impl AsRef<str>) -> Option<tls::Version> {
match ver.as_ref() {
"TLSv1_0" => Some(tls::Version::TLS_1_0),
"TLSv1_1" => Some(tls::Version::TLS_1_1),
"TLSv1_2" => Some(tls::Version::TLS_1_2),
"TLSv1_3" => Some(tls::Version::TLS_1_3),
_ => None,
}
}

#[derive(Debug, Deserialize, Default, Clone)]
pub(crate) enum Format {
#[default]
Expand Down Expand Up @@ -209,6 +227,17 @@ pub(crate) struct Config {
#[serde(default = "max_retries")]
pub(crate) max_retries: u64,

// Minimum TLS Version
#[arg(
long,
default_value = "TLSv1_0",
value_parser=PossibleValuesParser::new(TLS_VERSIONS).map(tls_from_str),
)]
#[serde(
skip,
)]
pub(crate) min_tls: tls::Version,

/// Maximum number of concurrent network requests
#[arg(long, default_value = &MAX_CONCURRENCY_STR)]
#[serde(default = "max_concurrency")]
Expand Down
8 changes: 7 additions & 1 deletion lychee-lib/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use http::{
use log::{debug, warn};
use octocrab::Octocrab;
use regex::RegexSet;
use reqwest::{header, redirect, Url};
use reqwest::{header, redirect, tls, Url};
use reqwest_cookie_store::CookieStoreMutex;
use secrecy::{ExposeSecret, SecretString};
use typed_builder::TypedBuilder;
Expand Down Expand Up @@ -195,6 +195,9 @@ pub struct ClientBuilder {
#[builder(default = DEFAULT_MAX_RETRIES)]
max_retries: u64,

/// Minimum accepted TLS version.
min_tls_version: Option<tls::Version>,

/// User-agent used for checking links.
///
/// Defaults to [`DEFAULT_USER_AGENT`].
Expand Down Expand Up @@ -342,6 +345,9 @@ impl ClientBuilder {
if let Some(cookie_jar) = self.cookie_jar {
builder = builder.cookie_provider(cookie_jar);
}
if let Some(min_tls) = self.min_tls_version {
builder = builder.min_tls_version(min_tls);
}

let reqwest_client = match self.timeout {
Some(t) => builder.timeout(t),
Expand Down

0 comments on commit 84a7d5c

Please sign in to comment.