Add an option to ignore SSL revocation checking

alexcrichton · alexcrichton · commit 923f21c32e8e · 2017-02-22T12:31:47.000-08:00
This is apparently required in some Windows setups to get past SSL context
creation in schannel.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,7 +19,7 @@ path = "src/cargo/lib.rs"
 [dependencies]
 crates-io = { path = "src/crates-io", version = "0.7" }
 crossbeam = "0.2"
-curl = "0.4"
+curl = "0.4.6"
 docopt = "0.7"
 env_logger = "0.4"
 filetime = "0.1"
diff --git a/src/cargo/ops/registry.rs b/src/cargo/ops/registry.rs
@@ -5,7 +5,7 @@ use std::iter::repeat;
 use std::path::PathBuf;
 use std::time::Duration;
 
-use curl::easy::Easy;
+use curl::easy::{Easy, SslOpt};
 use git2;
 use registry::{Registry, NewCrate, NewCrateDependency};
 use term::color::BLACK;
@@ -231,6 +231,9 @@ pub fn http_handle(config: &Config) -> CargoResult<Easy> {
     if let Some(cainfo) = config.get_path("http.cainfo")? {
         handle.cainfo(&cainfo.val)?;
     }
+    if let Some(check) = config.get_bool("http.check-revoke")? {
+        handle.ssl_options(SslOpt::new().no_revoke(!check.val))?;
+    }
     if let Some(timeout) = http_timeout(config)? {
         handle.connect_timeout(Duration::new(timeout as u64, 0))?;
         handle.low_speed_time(Duration::new(timeout as u64, 0))?;
diff --git a/src/doc/config.md b/src/doc/config.md
@@ -83,6 +83,7 @@ proxy = "host:port" # HTTP proxy to use for HTTP requests (defaults to none)
                     # in libcurl format, e.g. "socks5h://host:port"
 timeout = 60000     # Timeout for each HTTP request, in milliseconds
 cainfo = "cert.pem" # Path to Certificate Authority (CA) bundle (optional)
+check-revoke = true # Indicates whether SSL certs are checked for revocation
 
 [build]
 jobs = 1                  # number of parallel jobs, defaults to # of CPUs
