Description
Hello and thank you for developing Cargo.
Wonder if you have any guidelines for setting up Windows Defender Firewall to work with Cargo?
Problem
My setup:
I have Windows Defender Firewall managed by Local Group Policy with defaults set to Block outbound unless there's an Allow rule, allowed both cargo executable and a curl executable throught with unrestricted outbound connections (any port, any protocol), yet the software does not seem to connect. If I allow all outbound connections(disabling the Firewall), it does connect without issue.
Default host: x86_64-pc-windows-msvc
stable-x86_64-pc-windows-msvc (default)
rustc 1.75.0 (82e1608df 2023-12-21)
Two cargo.exe binaries in `.cargo/bin` and `c:\Users\%username%\.rustup\toolchains\stable-x86_64-pc-windows-msvc\bin\`
cargo 1.75.0 (1d8b05cdd 2023-11-20)
release: 1.75.0
commit-hash: 1d8b05cdd1287c64467306cf3ca2c8ac60c11eb0
commit-date: 2023-11-20
host: x86_64-pc-windows-msvc
libgit2: 1.7.1 (sys:0.18.1 vendored)
libcurl: 8.4.0-DEV (sys:0.4.68+curl-8.4.0 vendored ssl:Schannel)
os: Windows 10.0.19045 (Windows 10 Pro) [64-bit]
When I try to connect with cargo install ... I get the following error
Updating crates.io index
warning: spurious network error (3 tries remaining): [7] Couldn't connect to server (Failed to connect to index.crates.io port 443 after 3 ms: Couldn't connect to server)
warning: spurious network error (2 tries remaining): [7] Couldn't connect to server (Failed to connect to index.crates.io port 443 after 0 ms: Couldn't connect to server)
error: failed to query replaced source registry `crates-io`
Caused by:
download of config.json failed
Caused by:
failed to download from `https://index.crates.io/config.json`
Caused by:
[7] Couldn't connect to server (Failed to connect to index.crates.io port 443 after 0 ms: Couldn't connect to server)
yet command-line curl works
>curl https://index.crates.io/config.json
{
"dl": "https://crates.io/api/v1/crates",
"api": "https://crates.io"
}
curl setup
C:\Windows\System32\curl.exe
curl --version
curl 8.4.0 (Windows) libcurl/8.4.0 Schannel WinIDN
Release-Date: 2023-10-11
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets
.cargo/config.toml
[http]
check-revoke = false
setting revoke to false in config or CARGO_HTTP_CHECK_REVOKE=false env var produces no results
So my guess there is something native to Windows cargo is using to connect besides the cargo.exe and curl.exe. Could you point me to the right direction?
Found similar issues, not solved:
#11344
https://users.rust-lang.org/t/cargo-install-spurious-network-error/83829
Notes
Also tried on a fresh Win 10 installation, with default Windows Firewall rules all enabled, with policy for Outbound set to Block, and both cargo and curl explicitly allowed - same result. Tried git-fetch-with-cli option - same result (git clone over https works fine).
rustup-init.exe fails to connect too, even thought it's explicitly allowed throught the Firewall:
error: could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to 'C:\Users\zalup\.rustup\tmp\xc7ngx_ynwmtawtg_file': failed to make network request: error sending request for url (https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256): error trying to connect: tcp connect error: An attempt was made to access a socket in a way forbidden by its access permissions. (os error 10013): error trying to connect: tcp connect error: An attempt was made to access a socket in a way forbidden by its access permissions. (os error 10013): tcp connect error: An attempt was made to access a socket in a way forbidden by its access permissions. (os error 10013): An attempt was made to access a socket in a way forbidden by its access permissions. (os error 10013)
Only workaround found so far is to use a local passthrough proxy #12296 (comment)