diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh index 31ee6cd94d3..04986c85973 100644 --- a/.codeql-prebuild-cpp-Windows.sh +++ b/.codeql-prebuild-cpp-Windows.sh @@ -2,18 +2,10 @@ set -e # update pacman -pacman --noconfirm -Suy - -# install wget -pacman --noconfirm -S \ - wget - -# download working curl -wget https://repo.msys2.org/mingw/ucrt64/mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst +pacman --noconfirm -Syu # install dependencies -pacman -U --noconfirm mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst -pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \ +pacman -S --noconfirm \ base-devel \ diffutils \ gcc \ @@ -21,6 +13,7 @@ pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \ make \ mingw-w64-ucrt-x86_64-cmake \ mingw-w64-ucrt-x86_64-cppwinrt \ + mingw-w64-ucrt-x86_64-curl-winssl \ mingw-w64-ucrt-x86_64-graphviz \ mingw-w64-ucrt-x86_64-miniupnpc \ mingw-w64-ucrt-x86_64-nlohmann-json \ diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index c1b6620b16d..5bdc25d4ba5 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -1019,30 +1019,20 @@ jobs: msystem: ucrt64 update: true install: >- - wget - - - name: Update Windows dependencies - shell: msys2 {0} - run: | - # download working curl - wget https://repo.msys2.org/mingw/ucrt64/mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst - - # install dependencies - pacman -U --noconfirm mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst - pacman -Syu --noconfirm \ - --ignore=mingw-w64-ucrt-x86_64-curl \ - git \ - mingw-w64-ucrt-x86_64-cmake \ - mingw-w64-ucrt-x86_64-cppwinrt \ - mingw-w64-ucrt-x86_64-graphviz \ - mingw-w64-ucrt-x86_64-miniupnpc \ - mingw-w64-ucrt-x86_64-nlohmann-json \ - mingw-w64-ucrt-x86_64-nodejs \ - mingw-w64-ucrt-x86_64-nsis \ - mingw-w64-ucrt-x86_64-onevpl \ - mingw-w64-ucrt-x86_64-openssl \ - mingw-w64-ucrt-x86_64-opus \ + git + mingw-w64-ucrt-x86_64-cmake + mingw-w64-ucrt-x86_64-cppwinrt + mingw-w64-ucrt-x86_64-curl-winssl + mingw-w64-ucrt-x86_64-graphviz + mingw-w64-ucrt-x86_64-miniupnpc + mingw-w64-ucrt-x86_64-nlohmann-json + mingw-w64-ucrt-x86_64-nodejs + mingw-w64-ucrt-x86_64-nsis + mingw-w64-ucrt-x86_64-onevpl + mingw-w64-ucrt-x86_64-openssl + mingw-w64-ucrt-x86_64-opus mingw-w64-ucrt-x86_64-toolchain + wget - name: Install Doxygen # GCC compiled doxygen has issues when running graphviz diff --git a/docs/building.md b/docs/building.md index 6d0e7c4751e..8386194302b 100644 --- a/docs/building.md +++ b/docs/building.md @@ -86,7 +86,7 @@ dependencies=( "mingw-w64-ucrt-x86_64-boost" # Optional "mingw-w64-ucrt-x86_64-cmake" "mingw-w64-ucrt-x86_64-cppwinrt" - "mingw-w64-ucrt-x86_64-curl" + "mingw-w64-ucrt-x86_64-curl-winssl" "mingw-w64-ucrt-x86_64-graphviz" # Optional, for docs "mingw-w64-ucrt-x86_64-miniupnpc" "mingw-w64-ucrt-x86_64-nlohmann-json" diff --git a/src/httpcommon.cpp b/src/httpcommon.cpp index 5be5d9ba97f..419ca6dd142 100644 --- a/src/httpcommon.cpp +++ b/src/httpcommon.cpp @@ -196,7 +196,12 @@ namespace http { bool download_file(const std::string &url, const std::string &file) { CURL *curl = curl_easy_init(); - if (!curl) { + if (curl) { + // sonar complains about weak ssl and tls versions + // ideally, the setopts should go after the early returns; however sonar cannot detect the fix + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + } + else { BOOST_LOG(error) << "Couldn't create CURL instance"; return false; } @@ -214,17 +219,16 @@ namespace http { curl_easy_cleanup(curl); return false; } + curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite); curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -#ifdef _WIN32 - curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA); -#endif + CURLcode result = curl_easy_perform(curl); if (result != CURLE_OK) { BOOST_LOG(error) << "Couldn't download ["sv << url << ", code:" << result << ']'; } + curl_easy_cleanup(curl); fclose(fp); return result == CURLE_OK;