From b7cfa757dc010b294b1a001018ccf7ab0106febb Mon Sep 17 00:00:00 2001
From: Tristan Sloughter <t@crashfast.com>
Date: Thu, 27 Feb 2020 09:25:50 -0700
Subject: [PATCH] force use of tls1.2 for http fetching to work on OTP-23-rc1

---
 bootstrap                 | 2 +-
 src/r3_hex_http_httpc.erl | 3 ++-
 src/r3_hex_tarball.erl    | 2 +-
 src/rebar_utils.erl       | 4 ++--
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/bootstrap b/bootstrap
index e430e349..4da4e954 100755
--- a/bootstrap
+++ b/bootstrap
@@ -113,7 +113,7 @@ extract(Binary) ->
     {ok, Contents}.
 
 request(Url) ->
-    HttpOptions = [{relaxed, true} | get_proxy_auth()],
+    HttpOptions = [{ssl, [{versions, ['tlsv1.2']}]}, {relaxed, true} | get_proxy_auth()],
 
     case httpc:request(get, {Url, []},
                        HttpOptions,
diff --git a/src/r3_hex_http_httpc.erl b/src/r3_hex_http_httpc.erl
index c4b5d6f2..1e953f4b 100644
--- a/src/r3_hex_http_httpc.erl
+++ b/src/r3_hex_http_httpc.erl
@@ -13,7 +13,8 @@
 request(Method, URI, ReqHeaders, Body, AdapterConfig) ->
     Profile = maps:get(profile, AdapterConfig, default),
     Request = build_request(URI, ReqHeaders, Body),
-    case httpc:request(Method, Request, [], [{body_format, binary}], Profile) of
+    case httpc:request(Method, Request, [{ssl, rebar_utils:ssl_opts(URI)}],
+                       [{body_format, binary}], Profile) of
         {ok, {{_, StatusCode, _}, RespHeaders, RespBody}} ->
             RespHeaders2 = load_headers(RespHeaders),
             {ok, {StatusCode, RespHeaders2, RespBody}};
diff --git a/src/r3_hex_tarball.erl b/src/r3_hex_tarball.erl
index 9bc7a69c..a80ca153 100644
--- a/src/r3_hex_tarball.erl
+++ b/src/r3_hex_tarball.erl
@@ -223,7 +223,7 @@ do_unpack(Files, OuterChecksum, Output) ->
 finish_unpack({error, _} = Error) ->
     Error;
 finish_unpack(#{metadata := Metadata, files := Files, inner_checksum := InnerChecksum, outer_checksum := OuterChecksum, output := Output}) ->
-    _Version = maps:get("VERSION", Files),
+    _ = maps:get("VERSION", Files),
     ContentsBinary = maps:get("contents.tar.gz", Files),
     filelib:ensure_dir(filename:join(Output, "*")),
     case unpack_tarball(ContentsBinary, Output) of
diff --git a/src/rebar_utils.erl b/src/rebar_utils.erl
index c587363d..bf1bba56 100644
--- a/src/rebar_utils.erl
+++ b/src/rebar_utils.erl
@@ -1010,9 +1010,9 @@ is_list_of_strings(List) when is_list(List) ->
 ssl_opts(Url) ->
     case get_ssl_config() of
         ssl_verify_enabled ->
-            ssl_opts(ssl_verify_enabled, Url);
+            [{versions, ['tlsv1.2']} | ssl_opts(ssl_verify_enabled, Url)];
         ssl_verify_disabled ->
-            [{verify, verify_none}]
+            [{versions, ['tlsv1.2']}, {verify, verify_none}]
     end.
 
 %%------------------------------------------------------------------------------