From b0a0009ff4f6cbaf9045806cf8f2515a6eef7a2a Mon Sep 17 00:00:00 2001 From: ruslandoga Date: Mon, 24 Mar 2025 22:05:25 +0300 Subject: [PATCH 1/3] disable middlebox_comp_mode in mix httpc --- lib/mix/lib/mix/utils.ex | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/mix/lib/mix/utils.ex b/lib/mix/lib/mix/utils.ex index f7739dc195e..2ef60fea6a0 100644 --- a/lib/mix/lib/mix/utils.ex +++ b/lib/mix/lib/mix/utils.ex @@ -738,11 +738,21 @@ defmodule Mix.Utils do file -> {:cacertfile, file} end - # Use the system certificates + # disable middlebox compatibility mode by default + # but allow it to be enabled via an environment variable + # see https://github.com/elixir-lang/elixir/issues/14356 + middlebox_comp_mode = + case System.get_env("HEX_MIDDLEBOX_COMP_MODE") do + t when t in ["true", "t", "yes", "y", "1"] -> true + _ -> false + end + + # Use the system certificates and set the middlebox compatibility mode ssl_options = [ cacert_opt, verify: :verify_peer, - customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)] + customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)], + middlebox_comp_mode: middlebox_comp_mode ] # We are using relaxed: true because some servers is returning a Location From ef582cb76c1b2cac40f589fed2074c107c89524b Mon Sep 17 00:00:00 2001 From: ruslandoga Date: Mon, 24 Mar 2025 22:32:47 +0300 Subject: [PATCH 2/3] disable middlebox_comp_mode on failed connect --- lib/mix/lib/mix/utils.ex | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/lib/mix/lib/mix/utils.ex b/lib/mix/lib/mix/utils.ex index 2ef60fea6a0..6a91d9071bc 100644 --- a/lib/mix/lib/mix/utils.ex +++ b/lib/mix/lib/mix/utils.ex @@ -738,21 +738,11 @@ defmodule Mix.Utils do file -> {:cacertfile, file} end - # disable middlebox compatibility mode by default - # but allow it to be enabled via an environment variable - # see https://github.com/elixir-lang/elixir/issues/14356 - middlebox_comp_mode = - case System.get_env("HEX_MIDDLEBOX_COMP_MODE") do - t when t in ["true", "t", "yes", "y", "1"] -> true - _ -> false - end - - # Use the system certificates and set the middlebox compatibility mode + # Use the system certificates ssl_options = [ cacert_opt, verify: :verify_peer, - customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)], - middlebox_comp_mode: middlebox_comp_mode + customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)] ] # We are using relaxed: true because some servers is returning a Location @@ -775,6 +765,11 @@ defmodule Mix.Utils do :httpc.set_options([ipfamily: fallback(inet)], :mix) request |> httpc_request(http_options) |> httpc_response() + {:error, {:failed_connect, [{:to_address, _}, {inet, _, {:tls_alert, _}}]}} + when inet in [:inet, :inet6] -> + http_options = put_in(http_options, [:ssl, :middlebox_comp_mode], false) + request |> httpc_request(http_options) |> httpc_response() + response -> httpc_response(response) end From 1ad7872aab0d13d2bec95ca830597862f058cb7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 24 Mar 2025 21:56:41 +0100 Subject: [PATCH 3/3] Update lib/mix/lib/mix/utils.ex --- lib/mix/lib/mix/utils.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/mix/lib/mix/utils.ex b/lib/mix/lib/mix/utils.ex index 6a91d9071bc..18be3e9e3ab 100644 --- a/lib/mix/lib/mix/utils.ex +++ b/lib/mix/lib/mix/utils.ex @@ -765,8 +765,8 @@ defmodule Mix.Utils do :httpc.set_options([ipfamily: fallback(inet)], :mix) request |> httpc_request(http_options) |> httpc_response() - {:error, {:failed_connect, [{:to_address, _}, {inet, _, {:tls_alert, _}}]}} - when inet in [:inet, :inet6] -> + {:error, {:failed_connect, [{:to_address, _}, {inet, _, reason}]}} + when inet in [:inet, :inet6] and elem(reason, 0) == :tls_alert -> http_options = put_in(http_options, [:ssl, :middlebox_comp_mode], false) request |> httpc_request(http_options) |> httpc_response()