Merge topic 'cleanup-TLS-and-SSL-interface'

7369a8f file(DOWNLOAD): Make TLS options behave as documented
131d91a Rename SSL terminology to TLS
This commit is contained in:
David Cole 2012-09-18 16:42:47 -04:00 committed by CMake Topic Stage
commit 024bbad230
3 changed files with 45 additions and 65 deletions

View File

@ -26,8 +26,8 @@
# [URL /.../src.tgz] # Full path or URL of source
# [URL_HASH ALGO=value] # Hash of file at URL
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
# [SSL_VERIFYPEER bool] # Should certificate for https be checked
# [CAINFO_FILE file] # Path to a certificate authority file
# [TLS_VERIFY bool] # Should certificate for https be checked
# [TLS_CAINFO file] # Path to a certificate authority file
# [TIMEOUT seconds] # Time allowed for file download operations
# #--Update/Patch step----------
# [UPDATE_COMMAND cmd...] # Source work-tree update command
@ -401,7 +401,7 @@ endif()
endfunction()
function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
if(timeout)
set(timeout_args TIMEOUT ${timeout})
set(timeout_msg "${timeout} seconds")
@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
set(hash_args "# no EXPECTED_HASH")
endif()
# check for curl globals in the project
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
if(DEFINED CMAKE_TLS_VERIFY)
set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
endif()
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
if(DEFINED CMAKE_TLS_CAINFO)
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
endif()
# now check for curl locals so that the local values
# will override the globals
# check for ssl_verify argument
string(LENGTH "${ssl_verify}" ssl_verify_len)
if(ssl_verify_len GREATER 0)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
# check for tls_verify argument
string(LENGTH "${tls_verify}" tls_verify_len)
if(tls_verify_len GREATER 0)
set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
endif()
# check for cainfo_file argument
string(LENGTH "${cainfo_file}" cainfo_file_len)
if(cainfo_file_len GREATER 0)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
# check for tls_cainfo argument
string(LENGTH "${tls_cainfo}" tls_cainfo_len)
if(tls_cainfo_len GREATER 0)
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
endif()
file(WRITE ${script_filename}
@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
dst='${local}'
timeout='${timeout_msg}'\")
${ssl_verify}
${ssl_cainfo}
${tls_verify}
${tls_cainfo}
file(DOWNLOAD
\"${remote}\"
@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
string(REPLACE ";" "-" fname "${fname}")
set(file ${download_dir}/${fname})
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
"${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
COMMAND)
set(comment "Performing download step (download, verify and extract) for '${name}'")

View File

@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
long inactivity_timeout = 0;
std::string verboseLog;
std::string statusVar;
std::string caFile;
bool checkSSL = false;
bool verifySSL = false;
bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
std::string expectedHash;
std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash;
@ -2723,30 +2722,29 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
statusVar = *i;
}
else if(*i == "SSL_VERIFY")
else if(*i == "TLS_VERIFY")
{
++i;
if(i != args.end())
{
verifySSL = cmSystemTools::IsOn(i->c_str());
checkSSL = true;
tls_verify = cmSystemTools::IsOn(i->c_str());
}
else
{
this->SetError("SSL_VERIFY missing bool value.");
this->SetError("TLS_VERIFY missing bool value.");
return false;
}
}
else if(*i == "SSL_CAINFO_FILE")
else if(*i == "TLS_CAINFO")
{
++i;
if(i != args.end())
{
caFile = *i;
cainfo = i->c_str();
}
else
{
this->SetError("SSL_CAFILE missing file value.");
this->SetError("TLS_CAFILE missing file value.");
return false;
}
}
@ -2865,41 +2863,23 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
cmFileCommandCurlDebugCallback);
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
// check to see if SSL verification is requested
const char* verifyValue =
this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
// if there is a cmake variable or if the command has SSL_VERIFY requested
if(verifyValue || checkSSL)
// check to see if TLS verification is requested
if(tls_verify)
{
// the args to the command come first
bool verify = verifySSL;
if(!verify && verifyValue)
{
verify = cmSystemTools::IsOn(verifyValue);
}
if(verify)
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
check_curl_result(res, "Unable to set SSL Verify on: ");
}
else
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
check_curl_result(res, "Unable to set SSL Verify off: ");
}
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
}
else
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
}
// check to see if a CAINFO file has been specified
const char* cainfo =
this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
// command arg comes first
if(caFile.size())
{
cainfo = caFile.c_str();
}
if(cainfo)
if(cainfo && *cainfo)
{
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
}
cmFileCommandVectorOfChar chunkDebug;

View File

@ -85,7 +85,7 @@ public:
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
" [EXPECTED_MD5 sum]\n"
" [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
" [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
"WRITE will write a message into a file called 'filename'. It "
@ -177,12 +177,12 @@ public:
"If SHOW_PROGRESS is specified, progress information will be printed "
"as status messages until the operation is complete. "
"For https URLs CMake must be built with OpenSSL. "
"SSL certificates are not checked by default. "
"Set SSL_VERIFY to ON to check certificates and/or use "
"TLS/SSL certificates are not checked by default. "
"Set TLS_VERIFY to ON to check certificates and/or use "
"EXPECTED_HASH to verify downloaded content. "
"Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
"If either SSL option is not given CMake will check variables "
"CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
"Set TLS_CAINFO to specify a custom Certificate Authority file. "
"If either TLS option is not given CMake will check variables "
"CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
"respectively."
"\n"
"UPLOAD will upload the given file to the given URL. "