When performing a request via curl on Windows using schannel, ssl
certificate revocation checks does not handle verification failures
gracefully when an error is encountered that is unrelated to the actual
revocation of a certificate.
A new option is available to perform best effort revocation checks on
curl, so this is enabled by default on the Windows platform. A new
config option (`box_download_disable_ssl_revoke_best_effort`) has also
been added which can be optionally enabled to restore previous behavior
which results in a hard error if any error is encountered.
Prior to this commit, if a user had recently checked for updates, there
was no way to force Vagrant to re-check without manually deleting a
state file in the local `.vagrant` data dir. This commit fixes that by
giving users the ability to force check for updates for a given box with
a flag to the `vagrant box outdated` command.
This commit checks the local box collection to see if the latest box
update has already been downloaded. If it has, Vagrant will display the
destroy/recreate message instead of the "run vagrant update" message.
Prior to this commit, vagrant would halt if it could not parse the
metadata file for a box to check for updates with. This commit changes
that to behave like when vagrant fails to download a metadata file and
continue on but warn the user it failed to check for box updates.
Prior to this commit, when the `--global` flag was used with the
`vagrant box outdated` command, it would ignore box providers and not
inform the user of all outdated boxes. This commit fixes that by
displaying each box within the users environment, and includes the
provider of the box in the message.
Vagrant::Box.load_metadata did not provide a way to specify the HTTPS
download options that could be specified when downloading boxes
(ca cert, ca path, client cert, insecure). As a result, while it was
possible to add a box whose metadata file needed to be downloaded with one of
those options specified, it was impossible to check for updates. The following
changes have been made to address the situation:
1. Create a DownloadMixins module to provide the --insecure, --cacert, --capth,
and --cert command line options to all of `vagrant box add`,
`vagrant box update`, and `vagrant box outdated`.
2. Extend `Vagrant::Box.has_update?` and `Vagrant::Box.load_metadata` to accept
said download options.
3. Extend `box outdated` and `box update` commands to pass download options
down.
4. Extend `Vagrant::Builtin::Action::BoxCheckOutdated` to honour download
options.
5. Options specified on the command line take precedence over options specified
in the machine configuration, if any.
6. Fix bug in `vagrant box add` where client cert was being passed down using
the wrong environment key.
7. Unit test coverage in update_test and box_check_outdated_test.
Resolves#4420
