Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add http.proxy-cainfo config for proxy certs #15374

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add http.proxy-cainfo config for proxy certs #15374

wants to merge 1 commit into from
+16 −0

Conversation

koxu1996
Copy link

@koxu1996 koxu1996 commented Apr 1, 2025

This adds a http.proxy-cainfo option to Cargo which reads CA information from a bundle to pass through to the underlying libcurl call. This should allow configuration of Cargo in situations where SSL proxy is used.

Similar to #2917.

@koxu1996
Add http.proxy-cainfo config for proxy certs
ca4a3b1 
This adds a `http.proxy-cainfo` option to Cargo which reads CA
information from a bundle to pass through to the underlying `libcurl`
call. This should allow configuration of Cargo in situations where SSL
proxy is used.
@rustbot
Copy link
Collaborator

rustbot commented Apr 1, 2025

r? @weihanglo

rustbot has assigned @weihanglo.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added A-configuration Area: cargo config files and env vars A-documenting-cargo-itself Area: Cargo's documentation A-networking Area: networking issues, curl, etc. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 1, 2025
weihanglo
weihanglo reviewed Apr 1, 2025
View reviewed changes
src/cargo/util/context/mod.rs
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. This looks reasonable, though I saw your comment in #13460 (comment), and wonder what people want.
Do people really need the ability to configure custom proxy CA info, or just want to disable all the CA checks?

There is also git's CA check discussion in #1180 as well, somehow relevant.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #13460 (comment).

Let's discuss over there :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to disable CA checks - although I think it is really useful option, definitely worth introducing.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I faced the problem where cargo doesn't work with an SSL proxy, even though the custom CA is trusted (curl doesn't complain about the certificates). This stems from the fact that the automatically vendored libcurl has no built-in information about the system trust store. I wrote a fairly detailed description of this issue in #15376; the ability to set a proxy cainfo is a real need to solve it.

@koxu1996 koxu1996 mentioned this pull request Apr 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weihanglo weihanglo weihanglo left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@weihanglo weihanglo

Labels
A-configuration Area: cargo config files and env vars A-documenting-cargo-itself Area: Cargo's documentation A-networking Area: networking issues, curl, etc. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@koxu1996 @rustbot @weihanglo