Cargo install: spurious network error

hp8wvvvgnj6asjm7 commented 1 year ago

Problem

Hi, I'm new to Rust and would like to start learning it. Problem is that I have to turn off my windows firewall completely to install packages. I also allowed cargo.exe to pass trough, yet the rule doesn't seem to apply.

How do you set your firewall rules for Rust correctly? I'm allowing it inbound, as well as outbound.

d912593878c782111a866767a5e0324cf1e58d7c

npm, git and other package managers work.

update: tried to edit the cargo conf with use github cli true... now it just hangs in updating. and then throws:

    Updating crates.io index
warning: spurious network error (2 tries remaining): [7] Couldn't connect to server (Failed to connect to crates.io port 443 after 17 ms: Bad access)
warning: spurious network error (1 tries remaining): [7] Couldn't connect to server (Failed to connect to crates.io port 443 after 20 ms: Bad access)
error: failed to download from `https://crates.io/api/v1/crates/tokio/1.21.2/download`

Caused by:
  [7] Couldn't connect to server (Failed to connect to crates.io port 443 after 39 ms: Bad access)

Here are some Proxifier Logs when Windows Firewall is disabled:

[11.06 13:34:24] cargo.exe (11792) - 127.0.0.1:54760 matching any:allow rule : direct connection
[11.06 13:34:24] cargo.exe (11792) - api.github.com(140.82.121.5):443 matching any:allow rule : direct connection
[11.06 13:34:25] cargo.exe (11792) - 127.0.0.1:54763 matching any:allow rule : direct connection
[11.06 13:34:25] cargo.exe (11792) - crates.io(13.226.153.36):443 matching any:allow rule : direct connection
[11.06 13:34:25] svchost.exe (2368) - o.ss2.us resolve via 192.168.178.1:53 : DNS
[11.06 13:34:25] lsass.exe (528) - o.ss2.us(13.226.156.205):80 matching any:allow rule : direct connection
[11.06 13:34:25] svchost.exe (2368) - ocsp.rootg2.amazontrust.com resolve via 192.168.178.1:53 : DNS
[11.06 13:34:25] lsass.exe (528) - ocsp.rootg2.amazontrust.com(13.226.156.74):80 matching any:allow rule : direct connection
[11.06 13:34:25] svchost.exe (2368) - ocsp.rootca1.amazontrust.com resolve via 192.168.178.1:53 : DNS
[11.06 13:34:25] lsass.exe (528) - ocsp.rootca1.amazontrust.com(13.226.156.65):80 matching any:allow rule : direct connection
[11.06 13:34:25] cargo.exe (11792) - 127.0.0.1:54769 matching any:allow rule : direct connection
[11.06 13:34:25] svchost.exe (2368) - static.crates.io resolve via 192.168.178.1:53 : DNS
[11.06 13:34:25] cargo.exe (11792) - static.crates.io(108.157.4.10):443 matching any:allow rule : direct connection

Now why is cargo using svchost.exe to connect? And how would I create a firewall rule for it's use with cargo?

These are the Logs when Windows Firewall is Enabled and cargo fails:

[11.06 13:37:18] cargo.exe (9688) - 127.0.0.1:54808 matching any:allow rule : direct connection
[11.06 13:37:18] svchost.exe (2368) - api.github.com resolve via 192.168.178.1:53 : DNS
[11.06 13:37:18] cargo.exe (9688) - api.github.com(140.82.121.6):443 matching any:allow rule : direct connection
[11.06 13:37:18] svchost.exe (2368) - github.com resolve via 192.168.178.1:53 : DNS
[11.06 13:37:18] cargo.exe (9688) - github.com(140.82.121.4):443 matching any:allow rule : direct connection
[11.06 13:37:18] cargo.exe (9688) - github.com(140.82.121.4):443 matching any:allow rule : direct connection
[11.06 13:37:18] cargo.exe (9688) - github.com(140.82.121.4):443 matching any:allow rule : direct connection

Steps

cargo install tokio

Possible Solution(s)

turn off ssl revoke check set github fetch with cli

Version

cargo 1.63.0 (fd9c4297c 2022-07-01)

Notes

curl


C:\Users\_\Desktop\test-core>curl https://github.com/rust-lang/crates.io-index
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.

after that I tried:

[http]
check-revoke = false

It seems that a curl call works if i add the off ssl revoke flag!

Still cargo won't install anything. The config file won't work.

Last state of my config.toml file:

[net]
git-fetch-with-cli = true
[http]
debug = true
check-revoke = false

I'm really curious about whats causing this. Nobody knows?

weihanglo commented 1 year ago

I am sorry to hear you having this issue. I don't think I am helpful enough, as my experience with Windows is not sufficient 😞.

If you use git-fetch-with-cli = true but is still failing, could you try git clone https://github.com/rust-lang/crates.io-index and see if it works?

By the way, you may get more advice on the user forums https://users.rust-lang.org/, where people are likely with more experience with this specific network issue.

hp8wvvvgnj6asjm7 commented 1 year ago

I am sorry to hear you having this issue. I don't think I am helpful enough, as my experience with Windows is not sufficient 😞.

If you use git-fetch-with-cli = true but is still failing, could you try git clone https://github.com/rust-lang/crates.io-index and see if it works?

By the way, you may get more advice on the user forums https://users.rust-lang.org/, where people are likely with more experience with this specific network issue.

I use git all the time, and the above request also works.

I posted the same question in the rust forums, and can't get an answer.

weihanglo commented 1 year ago

Oh. Now I see your error. It seems not directly related to git.

Could you try and see what curl https://crates.io/api/v1/crates/tokio/1.21.2/download report as well?

hp8wvvvgnj6asjm7 commented 1 year ago

Oh. Now I see your error. It seems not directly related to git.

Could you try and see what curl https://crates.io/api/v1/crates/tokio/1.21.2/download report as well?

curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.

It's clearly not downloading.. sometimes the curl command doesn't even return any error, but nothing else happens

hp8wvvvgnj6asjm7 commented 1 year ago

C:\Users\_\Desktop>curl https://crates.io/api/v1/crates/tokio/1.21.2/download

C:\Users\_\Desktop>curl https://crates.io/api/v1/crates/tokio/1.21.2/download

C:\Users\_\Desktop>curl https://crates.io/api/v1/crates/tokio/1.21.2/download

C:\Users\_\Desktop>curl https://crates.io/api/v1/crates/tokio/1.21.2/download

C:\Users\_\Desktop>

Absolutely nothing happening now.

weihanglo commented 1 year ago

My fault. We need -L flag. Try curl -vL https://crates.io/api/v1/crates/tokio/1.21.2/download instead.

hp8wvvvgnj6asjm7 commented 1 year ago

sorry, rarely use curl

C:\Users\_\Desktop>curl -vL https://crates.io/api/v1/crates/tokio/1.21.2/download
*   Trying 13.226.153.109...
* TCP_NODELAY set
* Connected to crates.io (13.226.153.109) port 443 (#0)
* schannel: SSL/TLS connection with crates.io port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 180 bytes...
* schannel: sent initial handshake data: sent 180 bytes
* schannel: SSL/TLS connection with crates.io port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with crates.io port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 3988
* schannel: encrypted data buffer: offset 3988 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with crates.io port 443 (step 2/3)
* schannel: encrypted data got 1024
* schannel: encrypted data buffer: offset 5012 length 5012
* schannel: encrypted data length: 48
* schannel: encrypted data buffer: offset 48 length 5012
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with crates.io port 443 (step 2/3)
* schannel: encrypted data got 750
* schannel: encrypted data buffer: offset 798 length 5012
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with crates.io port 443 (step 2/3)
* schannel: encrypted data got 171
* schannel: encrypted data buffer: offset 171 length 5012
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with crates.io port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /api/v1/crates/tokio/1.21.2/download HTTP/1.1
> Host: crates.io
> User-Agent: curl/7.55.1
> Accept: */*
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 1033
* schannel: encrypted data buffer: offset 1033 length 103424
* schannel: decrypted data length: 1004
* schannel: decrypted data added: 1004
* schannel: decrypted data cached: offset 1004 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 1004 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 1004
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 302 Moved Temporarily
< Content-Length: 0
< Connection: keep-alive
< Server: nginx
< Date: Mon, 07 Nov 2022 12:09:59 GMT
< Location: https://static.crates.io/crates/tokio/tokio-1.21.2.crate
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Content-Security-Policy: default-src 'self'; connect-src 'self' *.ingest.sentry.io https://docs.rs https://play.rust-lang.org https://static.crates.io; script-src 'self' 'unsafe-eval' 'sha256-n1+BB7Ckjcal1Pr7QNBh/dKRTtBQsIytFodRiIosXdE='; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none'
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Via: 1.1 vegur, 1.1 0ee6aea018b9489b266252370f1e002e.cloudfront.net (CloudFront)
< Vary: Accept,Accept-Encoding,Cookie
< X-Cache: Miss from cloudfront
< X-Amz-Cf-Pop: DUS51-C1
< X-Amz-Cf-Id: PCP1zZuIGh7MkYbjeqx6yX68hktguZBOvMaex4rPf_yI1WJCwjAp0w==
<
* Connection #0 to host crates.io left intact
* Issue another request to this URL: 'https://static.crates.io/crates/tokio/tokio-1.21.2.crate'
*   Trying 108.157.4.128...
* TCP_NODELAY set
* Connected to static.crates.io (108.157.4.128) port 443 (#1)
* schannel: SSL/TLS connection with static.crates.io port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 187 bytes...
* schannel: sent initial handshake data: sent 187 bytes
* schannel: SSL/TLS connection with static.crates.io port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with static.crates.io port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 3988
* schannel: encrypted data buffer: offset 3988 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with static.crates.io port 443 (step 2/3)
* schannel: encrypted data got 1024
* schannel: encrypted data buffer: offset 5012 length 5012
* schannel: encrypted data length: 48
* schannel: encrypted data buffer: offset 48 length 5012
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with static.crates.io port 443 (step 2/3)
* schannel: encrypted data got 750
* schannel: encrypted data buffer: offset 798 length 5012
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with static.crates.io port 443 (step 2/3)
* schannel: encrypted data got 171
* schannel: encrypted data buffer: offset 171 length 5012
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with static.crates.io port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /crates/tokio/tokio-1.21.2.crate HTTP/1.1
> Host: static.crates.io
> User-Agent: curl/7.55.1
> Accept: */*
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 18720
* schannel: encrypted data buffer: offset 18720 length 103424
* schannel: decrypted data length: 16384
* schannel: decrypted data added: 16384
* schannel: decrypted data cached: offset 16384 length 102400
* schannel: encrypted data length: 2307
* schannel: encrypted data cached: offset 2307 length 103424
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 16384
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/gzip
< Content-Length: 606589
< Connection: keep-alive
< Date: Mon, 17 Oct 2022 01:00:01 GMT
< x-amz-replication-status: COMPLETED
< Last-Modified: Tue, 27 Sep 2022 20:32:23 GMT
< ETag: "1024839cb24a2ec4af860cb73259c43b"
< Cache-Control: public,max-age=31536000,immutable
< x-amz-version-id: nDO2v6HB1y6d3qBf1Q1CtmPKjsxb3A76
< Accept-Ranges: bytes
< Server: AmazonS3
< X-Cache: Hit from cloudfront
< Via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: DUS51-P2
< X-Amz-Cf-Id: 1wcraRuhkboeE6CNPyob7YTr51mp6Btt4nJ8jgEHbZncm-DYgq_CFg==
< Age: 1854599
<
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 15771)
* Closing connection 1
* schannel: shutting down SSL/TLS connection with static.crates.io port 443
* schannel: clear security context handle

C:\Users\_\Desktop>

ehuss commented 1 year ago

I'm going to close, as I think this is a duplicate of #8688 and #7104. Windows, unlike all other platforms, defaults to checking for TLS revocation certificates. We have considered disabling that on Windows, but have not followed through. This might also be resolved if crates.io leaves Heroku and switches to a service that supports OCSP stapling.

hp8wvvvgnj6asjm7 commented 1 year ago

I still can't download any crates...

hp8wvvvgnj6asjm7 commented 8 months ago

https://github.com/rust-lang/cargo/issues/13338#issuecomment-1937901617

rust-lang / cargo