Minor fixes after PR review

orthoxerox · orthoxerox · commit 3baded255ef6 · 2019-02-06T22:16:21.000+03:00
diff --git a/README.md b/README.md
@@ -581,10 +581,11 @@ Command | Description
   Sets the root URL for downloading self-updates.
 
 - `RUSTUP_USE_UNSAFE_SSL` (default: none)
-  If set, rustup will not validate the SSL certificate when downloading
-  files. This parameter should be used only in exceptional circumstances
-  when youre computer is behind a corporate proxy that injects its own
-  certificates into HTTPS connections.
+  If set to "ACCEPT_RISKS", rustup will not validate the SSL certificate 
+  when downloading files. This parameter should be used only in exceptional
+  circumstances when your computer is behind a corporate proxy that injects
+  its own certificates into HTTPS connections and you're unable to add these 
+  certificates to your root set.
 
 ## Other installation methods
 
diff --git a/rustup-init.sh b/rustup-init.sh
@@ -386,7 +386,7 @@ downloader() {
         _dld='curl or wget' # to be used in error message of need_cmd
     fi
 	
-	if [ -n "$RUSTUP_USE_UNSAFE_SSL" ]; then
+	if [ "$RUSTUP_USE_UNSAFE_SSL" = "ACCEPT_RISKS" ]; then
 		_curl_unsafe = "--insecure"
 		_wget_unsafe = "--no-check-certificate"
 	else
diff --git a/src/download/Cargo.toml b/src/download/Cargo.toml
@@ -28,4 +28,4 @@ hyper = "0.12"
 tempdir = "0.3.4"
 tokio = "0.1.11"
 tokio-tls = "0.2.1"
-native-tls = "0.2.1"
+native-tls = "0.2.1"
diff --git a/src/download/src/lib.rs b/src/download/src/lib.rs
@@ -130,7 +130,7 @@ pub fn download_to_path_with_backend(
 }
 
 fn use_unsafe_ssl() -> bool {
-    env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some()
+    env::var_os("RUSTUP_USE_UNSAFE_SSL").unwrap_or("NO".into()) == "ACCEPT_RISKS"
 }
 
 /// Download via libcurl; encrypt with the native (or OpenSSl) TLS
@@ -181,9 +181,11 @@ pub mod curl {
                 .connect_timeout(Duration::new(30, 0))
                 .chain_err(|| "failed to set connect timeout")?;
 
-            handle
-                .ssl_verify_peer(!use_unsafe_ssl())
-                .chain_err(|| "failed to configure unsafe SSL mode")?;
+            if use_unsafe_ssl() {
+                handle
+                    .ssl_verify_peer(false)
+                    .chain_err(|| "failed to configure unsafe SSL mode")?;
+            }
 
             {
                 let cberr = RefCell::new(None);
diff --git a/src/download/tests/download-curl-safe.rs b/src/download/tests/download-curl-safe.rs
@@ -5,8 +5,9 @@ use download::*;
 mod support;
 use crate::support::{file_contents, serve_file, tmp_dir};
 
-/// There are two separate files because this crate caches curl handles
-/// and all tests in one file use either the safe or the unsafe handle
+// There are two separate files because this crate caches curl handles
+// and all tests in one file use either the safe or the unsafe handle.
+// See download-curl-unsafe.rs for the complementary test case.
 
 #[test]
 fn downloading_with_no_certificate() {
@@ -40,3 +41,22 @@ fn downloading_with_bad_certificate() {
 
     assert_eq!(file_contents(&target_path), "12345");
 }
+
+#[test]
+#[should_panic]
+fn downloading_with_bad_certificate_using_wrong_env_value() {
+    let tmpdir = tmp_dir();
+    let target_path = tmpdir.path().join("downloaded");
+
+    let addr = serve_file(b"12345".to_vec(), true);
+    let from_url = format!("https://{}", addr).parse().unwrap();
+
+    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "FOOBAR");
+
+    assert_eq!(std::env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some(), true);
+
+    download_to_path_with_backend(Backend::Curl, &from_url, &target_path, false, None)
+        .expect("Test download failed");
+
+    assert_eq!(file_contents(&target_path), "12345");
+}
diff --git a/src/download/tests/download-curl-unsafe.rs b/src/download/tests/download-curl-unsafe.rs
@@ -5,8 +5,9 @@ use download::*;
 mod support;
 use crate::support::{file_contents, serve_file, tmp_dir};
 
-/// There are two separate files because this crate caches reqwest handles
-/// and all tests in one file use either the safe or the unsafe handle
+// There are two separate files because this crate caches curl handles
+// and all tests in one file use either the safe or the unsafe handle.
+// See download-curl-safe.rs for the complementary test case.
 
 #[test]
 fn downloading_with_bad_certificate_unsafely() {
@@ -16,7 +17,7 @@ fn downloading_with_bad_certificate_unsafely() {
     let addr = serve_file(b"12345".to_vec(), true);
     let from_url = format!("https://{}", addr).parse().unwrap();
 
-    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "1");
+    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "ACCEPT_RISKS");
 
     assert_eq!(std::env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some(), true);
 
diff --git a/src/download/tests/download-reqwest-safe.rs b/src/download/tests/download-reqwest-safe.rs
@@ -5,8 +5,9 @@ use download::*;
 mod support;
 use crate::support::{file_contents, serve_file, tmp_dir};
 
-/// There are two separate files because this crate caches reqwest handles
-/// and all tests in one file use either the safe or the unsafe handle
+// There are two separate files because this crate caches reqwest clients
+// and all tests in one file use either the safe or the unsafe client.
+// See download-reqwest-unsafe.rs for the complementary test case.
 
 #[test]
 fn downloading_with_no_certificate() {
@@ -40,3 +41,23 @@ fn downloading_with_bad_certificate() {
 
     assert_eq!(file_contents(&target_path), "12345");
 }
+
+
+#[test]
+#[should_panic]
+fn downloading_with_bad_certificate_using_wrong_env_value() {
+    let tmpdir = tmp_dir();
+    let target_path = tmpdir.path().join("downloaded");
+
+    let addr = serve_file(b"12345".to_vec(), true);
+    let from_url = format!("https://{}", addr).parse().unwrap();
+
+    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "FOOBAR");
+
+    assert_eq!(std::env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some(), true);
+
+    download_to_path_with_backend(Backend::Reqwest, &from_url, &target_path, false, None)
+        .expect("Test download failed");
+
+    assert_eq!(file_contents(&target_path), "12345");
+}
diff --git a/src/download/tests/download-reqwest-unsafe.rs b/src/download/tests/download-reqwest-unsafe.rs
@@ -5,8 +5,9 @@ use download::*;
 mod support;
 use crate::support::{file_contents, serve_file, tmp_dir};
 
-/// There are two separate files because this crate caches reqwest handles
-/// and all tests in one file use either the safe or the unsafe handle
+// There are two separate files because this crate caches reqwest clients
+// and all tests in one file use either the safe or the unsafe client.
+// See download-reqwest-safe.rs for the complementary test case.
 
 #[test]
 fn downloading_with_bad_certificate_unsafely() {
@@ -16,7 +17,7 @@ fn downloading_with_bad_certificate_unsafely() {
     let addr = serve_file(b"12345".to_vec(), true);
     let from_url = format!("https://{}", addr).parse().unwrap();
 
-    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "1");
+    std::env::set_var("RUSTUP_USE_UNSAFE_SSL", "ACCEPT_RISKS");
 
     assert_eq!(std::env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some(), true);
 

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ pub fn download_to_path_with_backend(`
`130`	`130`	`}`
`131`	`131`
`132`	`132`	`fn use_unsafe_ssl() -> bool {`
`133`		`- env::var_os("RUSTUP_USE_UNSAFE_SSL").is_some()`
	`133`	`+ env::var_os("RUSTUP_USE_UNSAFE_SSL").unwrap_or("NO".into()) == "ACCEPT_RISKS"`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`/// Download via libcurl; encrypt with the native (or OpenSSl) TLS`
`@@ -181,9 +181,11 @@ pub mod curl {`
`181`	`181`	`.connect_timeout(Duration::new(30, 0))`
`182`	`182`	`.chain_err(\|\| "failed to set connect timeout")?;`
`183`	`183`
`184`		`- handle`
`185`		`- .ssl_verify_peer(!use_unsafe_ssl())`
`186`		`- .chain_err(\|\| "failed to configure unsafe SSL mode")?;`
	`184`	`+ if use_unsafe_ssl() {`
	`185`	`+ handle`
	`186`	`+ .ssl_verify_peer(false)`
	`187`	`+ .chain_err(\|\| "failed to configure unsafe SSL mode")?;`
	`188`	`+ }`
`187`	`189`
`188`	`190`	`{`
`189`	`191`	`let cberr = RefCell::new(None);`