Warn Windows 7 users about old TLS #5069
Conversation
|
(rust_highfive has picked a reviewer for you, use r? to override) |
|
This seems like it'd be helpful: https://msdn.microsoft.com/en-us/library/windows/desktop/dn424961(v=vs.85).aspx. |
|
According to, And thanks for making this patch! |
|
Amusingly, trying to test out this fix on win7 with fails with this very error =P |
|
If we get this landed and a commit somewhere (a 1.24.1 branch?) that targets stable that also does this by Monday morning, I feel fairly good about being able to include it in 1.24.1. Otherwise we'll just land it into beta I think. |
|
Ok, I've checked that the current patch works as expected on windows 7. I've looked into detecting registry key/windows version a bit, but I've failed to find a smiple API in winapi-rs to do this, and I don't feel confident about using complex windows API, so it would be great if someone with more windows experience implements a version check =) |
So The complication is that the version functions lie to applications without manifests that claim support for Windows 8.1 and 10, and I don't know if cargo has such a manifest. It certainly doesn't appear to. |
|
Unfortunately I tried to use GetVersionEx directly: and on my win10, I get 6.2. according to the docs at https://msdn.microsoft.com/en-us/library/windows/desktop/ms724834(v=vs.85).aspx that is win8, probably something about not having a manifest file. But if we get 6.1 on win 7 we may have a workaround. (I don't have a win7 box to test on.) |
|
@Eh2406 Yes, as I said in my comment, the function is header-only, and lies to applications without manifests. |
|
Something like this will work, once you've figured out the manifest problem (not tested or compiled): const WIN32_WINNT_WINBLUE_HIBYTE = 0x06;
const WIN32_WINNT_WINBLUE_LOBYTE = 0x03;
fn IsWindows8Point1OrGreater() -> bool {
IsWindowsVersionOrGreater(WIN32_WINNT_WINBLUE_HIBYTE, WIN32_WINNT_WINBLUE_LOBYTE, 0)
}
fn IsWindowsVersionOrGreater(majorVersion: DWORD, minorVersion: DWORD, servicePackMajor: DWORD) -> bool {
let conditionMask: DWORDLONG = VerSetConditionMask(VerSetConditionMask(VerSetConditionMask(0, VER_MAJORVERSION, VER_GREATER_EQUAL), VER_MINORVERSION, VER_GREATER_EQUAL), VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);
let mut osvi: OSVERSIONINFOEXW = std::mem::zeroed();
osvi.dwOSVersionInfoSize = std::mem::size_of::<OSVERSIONINFOEXW>();
osvi.dwMajorVersion = majorVersion;
osvi.dwMinorVersion = minorVersion;
osvi.wServicePackMajor = servicePackMajor;
VerifyVersionInfoW(&mut osvi, VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR, conditionMask) != FALSE
}(Based on the implementation of those functions in VersionHelpers.h from the Win 10 SDK) |
|
@Arnavion, I can't find your comment about
I don't think the
Yes that is a better solution, once it is converted to valid rust. |
|
@retep998 should comment about that. It's not a problem for windows-msvc builds of course, but I don't know anything about windows-gnu (assuming the cargo.exe that ships with the windows-gnu toolchain is itself built with windows-gnu and not just the same binary as the one that ships with the windows-msvc toolchain). |
|
If we need to deal with the manifest to lowerer the false positive rate, then perhaps we merge as is for now so it can get in |
src/cargo/util/network.rs
Outdated
|
|
||
| const WIN7_TLS_WARNING: &str = "\ | ||
| Certificate check failure might be caused by outdated TLS on Windows 7.\n\ | ||
| Please follow these instructions to enable more secure TLS:\n\n \ |
There was a problem hiding this comment.
Until we are able to reliably detect Windows 7, perhaps we should prefix this with If you are using Windows 7, please...
|
Agreed. The function's comment and error message should also mention Server 2008R2 and Server 2012 in addition to 7, and perhaps word it like "If you're on ... then certificate check failure might be caused..." |
|
Having the necessary tooling from VC++/MinGW to link manifests is not an issue. The issue is having the support from Rust itself. It will involve non-trivial design work to come up with a good way to link manifests, and I doubt it will happen any time soon. However there is a shorter term solution for manifests and that is having simple external manifests instead of embedded manifests. It would involve someone writing manifests such as |
|
I think we can use rust-embed-resource or similar build script magic to include the manifest, without the design work from rustic. (If we have the tooling from VC++/MinGW installed.) I have never had any luck getting |
|
Hm, it looks like we won't be able to implement the manifest solution in any reasonable time frame :-( Could we check for the presence of Specifically, is this key present on Windows 8 and Windows 10? EDIT: hm, sorry, @Arnavion, I've missed the fact that you already checked that in #5069 (comment)! Thanks a lot ❤️ ! |
matklad
force-pushed
the
win7-y-u-no-tls
branch
from
da2c030
to
abddedd
Compare
|
Updated the error message to mention windows server and to be conditional on "if you are indeed on windows". It seems unlikely to me that we will be able to implement the The failure mode here is that a user on Windows 10 might get this wrong worming if threre's genuinely something wrong with TLS. However, because we are checking for a specific code from libgit, this seams unlikely? |
An eyepatch for rust-lang#5066.
matklad
force-pushed
the
win7-y-u-no-tls
branch
from
abddedd
to
9de29ff
Compare
|
Thanks for the quick fix here @matklad! It sounds like this is hopefully going to be a temporary holdover until libgit2/libgit2#4550 is sorted out, after which we'll probably just update libgit2 pronto and get that into Cargo. In that sense it seems like we'll be using this for hopefully only a few cycles, but still a few cycles in the sense that it'll get backported and such. This looks pretty conservative but I think one final thing we may wish to do is to only warn about connections to github.com perhaps? I believe that's the main instigator for this issue, right? It may also help reduce the noise of warnings in legitimate situations as that seems to come up relatively often (certificate errors on Windows). I'd personally also be much more comfortable backporting a warning like this as well rather than libgit2 updates, so I think for sure we should pursue this. @matklad would you be ok switching to only warning on github.com hostnames? |
Sure will try to do this in a couple of hours! |
|
Updated to check for GitHub specifically, and verified on the virtual machine that the message is indeed printed on an unpatched win7, and that a patched one works OK. |
|
@bors: r+ |
|
📌 Commit 81e18de has been approved by |
|
☀️ Test successful - status-appveyor, status-travis |
[beta] warn about TLS for github specifically Backport of #5069 to beta r? @alexcrichton
[stable] warn about TLS for github specifically Backport of #5069 to stable for 1.24.1 🔥⚠️ r? @alexcrichton
[beta] backport cargo TLS warning for win7 rust-lang/cargo#5069 r? @alexcrichton
An eyepatch for #5066.
@retep998 what would the best way to check for windows 7 specifically? Currently I use just
#[cfg(windows)], which might give false positives on 8 and 10.