From 7656b887d9daf5ce0c5a0d5c46204a3fbc9b52b0 Mon Sep 17 00:00:00 2001
From: Jiahao XU <Jiahao_XU@outlook.com>
Date: Fri, 6 Jan 2023 00:21:00 +1100
Subject: [PATCH] Fix `Client::new`: Make sure we use at least tls 1.2 (#652)

Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---
 crates/binstalk-downloader/src/remote.rs | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/crates/binstalk-downloader/src/remote.rs b/crates/binstalk-downloader/src/remote.rs
index 228d31a1..876cd998 100644
--- a/crates/binstalk-downloader/src/remote.rs
+++ b/crates/binstalk-downloader/src/remote.rs
@@ -21,6 +21,7 @@ pub use url::Url;
 
 const MAX_RETRY_DURATION: Duration = Duration::from_secs(120);
 const MAX_RETRY_COUNT: u8 = 3;
+const DEFAULT_MIN_TLS: tls::Version = tls::Version::TLS_1_2;
 
 #[derive(Debug, ThisError)]
 pub enum Error {
@@ -50,6 +51,8 @@ impl Client {
     /// * `per` - must not be 0.
     /// * `num_request` - maximum number of requests to be processed for
     ///   each `per` duration.
+    ///
+    /// The Client created would use at least tls 1.2
     pub fn new(
         user_agent: impl AsRef<str>,
         min_tls: Option<tls::Version>,
@@ -62,17 +65,16 @@ impl Client {
             per: Duration,
             num_request: NonZeroU64,
         ) -> Result<Client, Error> {
-            let mut builder = reqwest::ClientBuilder::new()
+            let tls_ver = min_tls
+                .map(|tls| tls.max(DEFAULT_MIN_TLS))
+                .unwrap_or(DEFAULT_MIN_TLS);
+
+            let client = reqwest::ClientBuilder::new()
                 .user_agent(user_agent)
                 .https_only(true)
-                .min_tls_version(tls::Version::TLS_1_2)
-                .tcp_nodelay(false);
-
-            if let Some(ver) = min_tls {
-                builder = builder.min_tls_version(ver);
-            }
-
-            let client = builder.build()?;
+                .min_tls_version(tls_ver)
+                .tcp_nodelay(false)
+                .build()?;
 
             Ok(Client {
                 client: client.clone(),