Auto merge of #6614 - claudijd:https_all_the_things, r=dwijnand

HTTPS all the things

Noticed that we still have a bunch of HTTP links, which could present mild MiTM risks that we can totally remove.

One short coming of this was:

cargo/src/etc/_cargo:13 "http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions" of which does not have an HTTPS equivalent yet.

LICENSE-APACHE

@@ -1,6 +1,6 @@
                               Apache License
                         Version 2.0, January 2004
-                     http://www.apache.org/licenses/
+                     https://www.apache.org/licenses/LICENSE-2.0
 
 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -192,7 +192,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-	http://www.apache.org/licenses/LICENSE-2.0
+	https://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,

LICENSE-THIRD-PARTY

@@ -3,7 +3,7 @@ depends on a number of libraries which carry their own copyright notices and
 license terms. These libraries are normally all linked static into the binary
 distributions of Cargo:
 
-* OpenSSL - http://www.openssl.org/source/license.html
+* OpenSSL - https://www.openssl.org/source/license.html
 
     Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 
@@ -22,7 +22,7 @@ distributions of Cargo:
     3. All advertising materials mentioning features or use of this
        software must display the following acknowledgment:
        "This product includes software developed by the OpenSSL Project
-       for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+       for use in the OpenSSL Toolkit. (https://www.openssl.org/)"
 
     4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
        endorse or promote products derived from this software without
@@ -36,7 +36,7 @@ distributions of Cargo:
     6. Redistributions of any form whatsoever must retain the following
        acknowledgment:
        "This product includes software developed by the OpenSSL Project
-       for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+       for use in the OpenSSL Toolkit (https://www.openssl.org/)"
 
     THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -1037,7 +1037,7 @@ distributions of Cargo:
 
     ----------------------------------------------------------------------
 
-* libssh2 - http://www.libssh2.org/license.html
+* libssh2 - https://www.libssh2.org/license.html
 
     Copyright (c) 2004-2007 Sara Golemon <[email protected]>
     Copyright (c) 2005,2006 Mikhail Gusarov <[email protected]>
@@ -1080,7 +1080,7 @@ distributions of Cargo:
     USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
     OF SUCH DAMAGE.
 
-* libcurl - http://curl.haxx.se/docs/copyright.html
+* libcurl - https://curl.haxx.se/docs/copyright.html
 
     COPYRIGHT AND PERMISSION NOTICE
 
@@ -1268,5 +1268,5 @@ distributions of Cargo:
     ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
     OTHER DEALINGS IN THE SOFTWARE.
 
-    For more information, please refer to <http://unlicense.org/>
+    For more information, please refer to <https://unlicense.org/>
 

README.md

@@ -78,7 +78,7 @@ See LICENSE-APACHE and LICENSE-MIT for details.
 ### Third party software
 
 This product includes software developed by the OpenSSL Project
-for use in the OpenSSL Toolkit (http://www.openssl.org/).
+for use in the OpenSSL Toolkit (https://www.openssl.org/).
 
 In binary form, this product includes software that is licensed under the
 terms of the GNU General Public License, version 2, with a linking exception,

src/bin/cargo/commands/pkgid.rs

@@ -27,7 +27,7 @@ Example Package IDs
      crates.io/foo                | foo    | *         | *://crates.io/foo
      crates.io/foo#1.2.3          | foo    | 1.2.3     | *://crates.io/foo
      crates.io/bar#foo:1.2.3      | foo    | 1.2.3     | *://crates.io/bar
-     http://crates.io/foo#1.2.3   | foo    | 1.2.3     | http://crates.io/foo
+     https://crates.io/foo#1.2.3  | foo    | 1.2.3     | https://crates.io/foo
 ",
         )
 }

src/cargo/core/package_id_spec.rs

@@ -35,8 +35,8 @@ impl PackageIdSpec {
     /// use cargo::core::PackageIdSpec;
     ///
     /// let specs = vec![
-    ///     "http://crates.io/foo#1.2.3",
-    ///     "http://crates.io/foo#bar:1.2.3",
+    ///     "https://crates.io/foo#1.2.3",
+    ///     "https://crates.io/foo#bar:1.2.3",
     ///     "crates.io/foo",
     ///     "crates.io/foo#1.2.3",
     ///     "crates.io/foo#bar",
@@ -286,19 +286,19 @@ mod tests {
         }
 
         ok(
-            "http://crates.io/foo#1.2.3",
+            "https://crates.io/foo#1.2.3",
             PackageIdSpec {
                 name: "foo".to_string(),
                 version: Some("1.2.3".to_semver().unwrap()),
-                url: Some(Url::parse("http://crates.io/foo").unwrap()),
+                url: Some(Url::parse("https://crates.io/foo").unwrap()),
             },
         );
         ok(
-            "http://crates.io/foo#bar:1.2.3",
+            "https://crates.io/foo#bar:1.2.3",
             PackageIdSpec {
                 name: "bar".to_string(),
                 version: Some("1.2.3".to_semver().unwrap()),
-                url: Some(Url::parse("http://crates.io/foo").unwrap()),
+                url: Some(Url::parse("https://crates.io/foo").unwrap()),
             },
         );
         ok(
@@ -356,13 +356,13 @@ mod tests {
         assert!(PackageIdSpec::parse("baz:").is_err());
         assert!(PackageIdSpec::parse("baz:*").is_err());
         assert!(PackageIdSpec::parse("baz:1.0").is_err());
-        assert!(PackageIdSpec::parse("http://baz:1.0").is_err());
-        assert!(PackageIdSpec::parse("http://#baz:1.0").is_err());
+        assert!(PackageIdSpec::parse("https://baz:1.0").is_err());
+        assert!(PackageIdSpec::parse("https://#baz:1.0").is_err());
     }
 
     #[test]
     fn matching() {
-        let url = Url::parse("http://example.com").unwrap();
+        let url = Url::parse("https://example.com").unwrap();
         let sid = SourceId::for_registry(&url).unwrap();
         let foo = PackageId::new("foo", "1.2.3", sid).unwrap();
         let bar = PackageId::new("bar", "1.2.3", sid).unwrap();

src/cargo/ops/cargo_package.rs

@@ -152,7 +152,7 @@ fn check_metadata(pkg: &Package, config: &Config) -> CargoResult<()> {
 
         config.shell().warn(&format!(
             "manifest has no {things}.\n\
-             See http://doc.crates.io/manifest.html#package-metadata for more info.",
+             See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.",
             things = things
         ))?
     }

src/cargo/ops/common_for_install_and_uninstall.rs

@@ -92,7 +92,7 @@ where
                                 "the `--vers` provided, `{}`, is \
                                        not a valid semver version requirement\n\n
                                        Please have a look at \
-                                       http://doc.crates.io/specifying-dependencies.html \
+                                       https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html \
                                        for the correct format",
                                 v
                             ),

src/cargo/ops/registry.rs

@@ -290,7 +290,7 @@ fn transmit(
                      the following are not valid badges and were ignored: {}. \
                      Either the badge type specified is unknown or a required \
                      attribute is missing. Please see \
-                     http://doc.crates.io/manifest.html#package-metadata \
+                     https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata \
                      for valid badge types and their required attributes.",
                     warnings.invalid_badges.join(", ")
                 );
@@ -763,7 +763,7 @@ pub fn search(
         );
     } else if total_crates > limit && limit >= search_max_limit {
         println!(
-            "... and {} crates more (go to http://crates.io/search?q={} to see more)",
+            "... and {} crates more (go to https://crates.io/search?q={} to see more)",
             total_crates - limit,
             percent_encode(query.as_bytes(), QUERY_ENCODE_SET)
         );

src/doc/man/cargo.adoc

@@ -17,7 +17,7 @@ cargo - The Rust package manager
 == DESCRIPTION
 
 This program is a package manager and build tool for the Rust language,
-available at <http://rust-lang.org>.
+available at <https://rust-lang.org>.
 
 == COMMANDS
 

src/doc/man/generated/cargo.html

@@ -19,7 +19,7 @@ <h2 id="_description">DESCRIPTION</h2>
 <div class="sectionbody">
 <div class="paragraph">
 <p>This program is a package manager and build tool for the Rust language,
-available at <a href="http://rust-lang.org" class="bare">http://rust-lang.org</a>.</p>
+available at <a href="https://rust-lang.org" class="bare">https://rust-lang.org</a>.</p>
 </div>
 </div>
 </div>

src/doc/src/reference/manifest.md

@@ -32,7 +32,7 @@ name such as "nul", is not too long, etc.
 #### The `version` field
 
 Cargo bakes in the concept of [Semantic
-Versioning](http://semver.org/), so make sure you follow some basic rules:
+Versioning](https://semver.org/), so make sure you follow some basic rules:
 
 * Before you reach 1.0.0, anything goes, but if you make breaking changes,
   increment the minor version. In Rust, breaking changes include adding fields to

src/doc/src/reference/pkgid-spec.md

@@ -34,7 +34,7 @@ registry at `crates.io`
 | `crates.io/foo`              | `foo` | `*`     | `*://crates.io/foo`    |
 | `crates.io/foo#1.2.3`        | `foo` | `1.2.3` | `*://crates.io/foo`    |
 | `crates.io/bar#foo:1.2.3`    | `foo` | `1.2.3` | `*://crates.io/bar`    |
-| `http://crates.io/foo#1.2.3` | `foo` | `1.2.3` | `http://crates.io/foo` |
+| `https://crates.io/foo#1.2.3`| `foo` | `1.2.3` | `https://crates.io/foo` |
 
 #### Brevity of specifications
 

src/etc/man/cargo.1

@@ -44,7 +44,7 @@ cargo \- The Rust package manager
 .sp
 This program is a package manager and build tool for the Rust language,
 available at \c
-.URL "http://rust\-lang.org" "" "."
+.URL "https://rust\-lang.org" "" "."
 .SH "COMMANDS"
 .SS "Build Commands"
 .sp

tests/testsuite/bad_config.rs

@@ -857,7 +857,7 @@ fn ambiguous_git_reference() {
             authors = []
 
             [dependencies.bar]
-            git = "https://127.0.0.1"
+            git = "http://127.0.0.1"
             branch = "master"
             tag = "some-tag"
         "#,
@@ -953,7 +953,7 @@ fn bad_source_config3() {
             ".cargo/config",
             r#"
             [source.crates-io]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             replace-with = 'crates-io'
         "#,
         )
@@ -995,11 +995,11 @@ fn bad_source_config4() {
             ".cargo/config",
             r#"
             [source.crates-io]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             replace-with = 'bar'
 
             [source.bar]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             replace-with = 'crates-io'
         "#,
         )
@@ -1042,7 +1042,7 @@ fn bad_source_config5() {
             ".cargo/config",
             r#"
             [source.crates-io]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             replace-with = 'bar'
 
             [source.bar]
@@ -1076,7 +1076,7 @@ fn both_git_and_path_specified() {
         authors = []
 
         [dependencies.bar]
-        git = "https://127.0.0.1"
+        git = "http://127.0.0.1"
         path = "bar"
     "#,
         )
@@ -1115,7 +1115,7 @@ fn bad_source_config6() {
             ".cargo/config",
             r#"
             [source.crates-io]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             replace-with = ['not', 'a', 'string']
         "#,
         )
@@ -1176,7 +1176,7 @@ fn bad_source_config7() {
             ".cargo/config",
             r#"
             [source.foo]
-            registry = 'http://example.com'
+            registry = 'https://example.com'
             local-registry = 'file:///another/file'
         "#,
         )

tests/testsuite/build.rs

@@ -1446,8 +1446,8 @@ fn crate_env_vars() {
         name = "foo"
         version = "0.5.1-alpha.1"
         description = "This is foo"
-        homepage = "http://example.com"
-        repository = "http://example.com/repo.git"
+        homepage = "https://example.com"
+        repository = "https://example.com/repo.git"
         authors = ["[email protected]"]
         "#,
         )
@@ -1475,8 +1475,8 @@ fn crate_env_vars() {
                  assert_eq!(s, foo::version());
                  println!("{}", s);
                  assert_eq!("foo", PKG_NAME);
-                 assert_eq!("http://example.com", HOMEPAGE);
-                 assert_eq!("http://example.com/repo.git", REPOSITORY);
+                 assert_eq!("https://example.com", HOMEPAGE);
+                 assert_eq!("https://example.com/repo.git", REPOSITORY);
                  assert_eq!("This is foo", DESCRIPTION);
                 let s = format!("{}.{}.{}-{}", VERSION_MAJOR,
                                 VERSION_MINOR, VERSION_PATCH, VERSION_PRE);

tests/testsuite/build_auth.rs

@@ -126,11 +126,11 @@ fn http_auth_offered() {
         .with_status(101)
         .with_stderr_contains(&format!(
             "\
-[UPDATING] git repository `http://{addr}/foo/bar`
+[UPDATING] git repository `https://{addr}/foo/bar`
 [ERROR] failed to load source for a dependency on `bar`
 
 Caused by:
-  Unable to update http://{addr}/foo/bar
+  Unable to update https://{addr}/foo/bar
 
 Caused by:
   failed to clone into: [..]
@@ -171,7 +171,7 @@ fn https_something_happens() {
             authors = []
 
             [dependencies.bar]
-            git = "https://127.0.0.1:{}/foo/bar"
+            git = "http://127.0.0.1:{}/foo/bar"
         "#,
                 addr.port()
             ),

tests/testsuite/git.rs

@@ -2714,7 +2714,7 @@ fn failed_submodule_checkout() {
     });
 
     let repo = git2::Repository::open(&git_project2.root()).unwrap();
-    let url = format!("http://{}:{}/", addr.ip(), addr.port());
+    let url = format!("https://{}:{}/", addr.ip(), addr.port());
     {
         let mut s = repo.submodule(&url, Path::new("bar"), false).unwrap();
         let subrepo = s.open().unwrap();

tests/testsuite/net_config.rs

@@ -12,7 +12,7 @@ fn net_retry_loads_from_config() {
             authors = []
 
             [dependencies.bar]
-            git = "https://127.0.0.1:11/foo/bar"
+            git = "http://127.0.0.1:11/foo/bar"
         "#,
         )
         .file("src/main.rs", "")
@@ -48,7 +48,7 @@ fn net_retry_git_outputs_warning() {
             authors = []
 
             [dependencies.bar]
-            git = "https://127.0.0.1:11/foo/bar"
+            git = "http://127.0.0.1:11/foo/bar"
         "#,
         )
         .file(