diff options
| author | Billy O'Neal <bion@microsoft.com> | 2020-05-07 14:20:14 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-07 14:20:14 -0700 |
| commit | d7d410b50bce43ec28699e6fa86f066a3eeceeb4 (patch) | |
| tree | 3bb5d5c6a0dd800bd21c7b42ef8c59161dd539e9 /toolsrc | |
| parent | b07e46b368526f34722d6e9eba4a5f87ca425b88 (diff) | |
| download | vcpkg-d7d410b50bce43ec28699e6fa86f066a3eeceeb4.tar.gz vcpkg-d7d410b50bce43ec28699e6fa86f066a3eeceeb4.zip | |
[vcpkg] Restrict telemetry uploads to TLS 1.2 (#11213)
* [vcpkg] Restrict telemetry uploads to TLS 1.2, as required by Azure security policy.
Co-authored-by: nicole mazzuca <mazzucan@outlook.com>
Diffstat (limited to 'toolsrc')
| -rw-r--r-- | toolsrc/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | toolsrc/src/vcpkg/metrics.cpp | 11 |
2 files changed, 12 insertions, 3 deletions
diff --git a/toolsrc/CMakeLists.txt b/toolsrc/CMakeLists.txt index c08e71fb0..83de7970d 100644 --- a/toolsrc/CMakeLists.txt +++ b/toolsrc/CMakeLists.txt @@ -114,6 +114,9 @@ file(GLOB_RECURSE VCPKGLIB_SOURCES CONFIGURE_DEPENDS src/vcpkg/*.cpp) add_library(vcpkglib OBJECT ${VCPKGLIB_SOURCES})
add_executable(vcpkg src/vcpkg.cpp $<TARGET_OBJECTS:vcpkglib>)
+if(WIN32)
+ add_executable(vcpkgmetricsuploader WIN32 src/vcpkgmetricsuploader.cpp $<TARGET_OBJECTS:vcpkglib>)
+endif()
if (BUILD_TESTING)
file(GLOB_RECURSE VCPKGTEST_SOURCES CONFIGURE_DEPENDS src/vcpkg-test/*.cpp)
@@ -154,4 +157,3 @@ if(MSVC) target_sources(vcpkglib PRIVATE src/pch.cpp)
target_compile_options(vcpkglib PRIVATE /Yupch.h /FIpch.h /Zm200)
endif()
-
diff --git a/toolsrc/src/vcpkg/metrics.cpp b/toolsrc/src/vcpkg/metrics.cpp index 06478d3f4..253ea121d 100644 --- a/toolsrc/src/vcpkg/metrics.cpp +++ b/toolsrc/src/vcpkg/metrics.cpp @@ -315,9 +315,15 @@ namespace vcpkg::Metrics const HINTERNET session = WinHttpOpen( L"vcpkg/1.0", WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0); - if (session) connect = WinHttpConnect(session, L"dc.services.visualstudio.com", INTERNET_DEFAULT_HTTPS_PORT, 0); + + unsigned long secure_protocols = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2; + if (session && WinHttpSetOption(session, WINHTTP_OPTION_SECURE_PROTOCOLS, &secure_protocols, sizeof(DWORD))) + { + connect = WinHttpConnect(session, L"dc.services.visualstudio.com", INTERNET_DEFAULT_HTTPS_PORT, 0); + } if (connect) + { request = WinHttpOpenRequest(connect, L"POST", L"/v2/track", @@ -325,6 +331,7 @@ namespace vcpkg::Metrics WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_SECURE); + } if (request) { @@ -448,7 +455,7 @@ namespace vcpkg::Metrics #else auto escaped_path = Strings::escape_string(vcpkg_metrics_txt_path.u8string(), '\'', '\\'); const std::string cmd_line = Strings::format( - R"((curl "https://dc.services.visualstudio.com/v2/track" -H "Content-Type: application/json" -X POST --data '@%s' >/dev/null 2>&1; rm '%s') &)", + R"((curl "https://dc.services.visualstudio.com/v2/track" -H "Content-Type: application/json" -X POST --tlsv1.2 --data '@%s' >/dev/null 2>&1; rm '%s') &)", escaped_path, escaped_path); System::cmd_execute_clean(cmd_line); |