aria2-openssl: Add OpenSSL build for TLS 1.3 support#2828
aria2-openssl: Add OpenSSL build for TLS 1.3 support#2828B67687 wants to merge 7 commits intoScoopInstaller:masterfrom
Conversation
WalkthroughAdds a new Scoop package manifest Changes
Estimated Code Review Effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
This fix was inspired from tutanota not being able to use aria2 properly |
|
Your changes did not pass all checks. Please address the issues in the manifest and comment starting with aria2-openssl
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@bucket/aria2-openssl.json`:
- Around line 15-16: Add a `depends` entry that includes the `cacert` package to
ensure CA certificates are available (mirror how `wget120.json` wires `cacert`),
and update the informational string that currently reads "IMPORTANT: Requires CA
certificates for HTTPS. Use --check-certificate=false if needed." to instead
instruct users to install `cacert` and remove the recommendation to disable
certificate verification (you may mention disabling `--check-certificate=false`
only as a last-resort temporary debugging step). Target the manifest's metadata
strings and the `depends` field in this JSON (look for the existing "IMPORTANT:
Requires CA certificates..." text and add/modify the `"depends"` array
accordingly).
- Line 5: The manifest's version "1.37.0-1" conflicts with checkver.regex
"v([\\d.]+)" which only captures "1.37.0" causing the "-1" build suffix to be
lost; update checkver.regex (in the checkver block) to capture optional build
suffixes (e.g., allow hyphens and digits/patch parts such as using a pattern
that accepts [\\d.-]+) so the full "1.37.0-1" is preserved, and ensure the
autoupdate/url templating still works with the captured group. Also remove the
insecure fallback that suggests "--check-certificate=false" from the notes and
replace it with guidance to install a CA bundle or rely on the system CA store
(or add a manifest dependency on a CA bundle package) so users are directed to
secure TLS certificate validation instead.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f8809200-7432-453e-9ce7-89e7c8050c6e
📒 Files selected for processing (1)
bucket/aria2-openssl.json
This version uses OpenSSL instead of Windows TLS (Schannel). Problem: The default aria2 in main bucket uses Windows TLS (Schannel), which doesn't support TLS 1.3 on Windows 10 or older Windows Server versions. Only Windows 11 21H2+ and Windows Server 2022+ support it. Affected servers: Tuta (tutanota), some CloudFlare configurations, and any server with TLS 1.3-only configuration. Solution: Add this OpenSSL-linked build for users who need TLS 1.3. Usage: scoop install aria2-openssl scoop config aria2-path '$env:USERPROFILE\scoop\apps\aria2-openssl\current\aria2c.exe' Closes: ScoopInstaller/Extras#17010
✅ Actions performedReview triggered.
|
|
Your changes did not pass all checks. Please address the issues in the manifest and comment starting with aria2-openssl
|
|
Your changes did not pass all checks. Please address the issues in the manifest and comment starting with aria2-openssl
|
|
All changes look good. Wait for review from human collaborators. aria2-openssl
|
|
All changes look good. Wait for review from human collaborators. aria2-openssl
|
✅ Actions performedReview triggered.
|
|
All changes look good. Wait for review from human collaborators. aria2-openssl
|
|
All changes look good. Wait for review from human collaborators. aria2-openssl
|
|
Closing this because the current manifest depends on a third-party prebuilt binary. Official aria2 does publish Windows binaries, but they are not OpenSSL-linked, so switching to official upstream would not achieve the goal of this package. Considering requesting upstream for official support of TLS 1.3 on aria2 |
|
Retested this on May 4, 2026, and the current Scoop install flow works with stock The likely fix point is in Extras, not Versions: ScoopInstaller/Extras@280b9ee ( The related PR is #17704 Fresh verification from a clean state:
All three succeeded here. So for the current manifest, this no longer appears to require an OpenSSL-linked If anyone hits the old failure again, I’d first make sure they are on the current Extras manifest and retest after reinstalling |
1 participant
Summary
Add
aria2-opensslto the Versions bucket as an OpenSSL-linkedaria2build for users who need TLS 1.3 support.Problem
The default
aria2setup in Scoop relies on Windows TLS (Schannel). On Windows 10 and older Windows Server versions, that can fail against TLS 1.3-only endpoints.Solution
Provide an OpenSSL-linked
aria2package in the Versions bucket.Usage
Relates to ScoopInstaller/Extras#17010.
<manifest-name[@version]|chore>: <general summary of the pull request>