Merge topic 'cleanup-TLS-and-SSL-interface'
7369a8f
file(DOWNLOAD): Make TLS options behave as documented131d91a
Rename SSL terminology to TLS
This commit is contained in:
commit
024bbad230
|
@ -26,8 +26,8 @@
|
|||
# [URL /.../src.tgz] # Full path or URL of source
|
||||
# [URL_HASH ALGO=value] # Hash of file at URL
|
||||
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
|
||||
# [SSL_VERIFYPEER bool] # Should certificate for https be checked
|
||||
# [CAINFO_FILE file] # Path to a certificate authority file
|
||||
# [TLS_VERIFY bool] # Should certificate for https be checked
|
||||
# [TLS_CAINFO file] # Path to a certificate authority file
|
||||
# [TIMEOUT seconds] # Time allowed for file download operations
|
||||
# #--Update/Patch step----------
|
||||
# [UPDATE_COMMAND cmd...] # Source work-tree update command
|
||||
|
@ -401,7 +401,7 @@ endif()
|
|||
endfunction()
|
||||
|
||||
|
||||
function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
|
||||
function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
|
||||
if(timeout)
|
||||
set(timeout_args TIMEOUT ${timeout})
|
||||
set(timeout_msg "${timeout} seconds")
|
||||
|
@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
|||
set(hash_args "# no EXPECTED_HASH")
|
||||
endif()
|
||||
# check for curl globals in the project
|
||||
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
|
||||
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
|
||||
if(DEFINED CMAKE_TLS_VERIFY)
|
||||
set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
|
||||
endif()
|
||||
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
|
||||
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
|
||||
if(DEFINED CMAKE_TLS_CAINFO)
|
||||
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
|
||||
endif()
|
||||
|
||||
# now check for curl locals so that the local values
|
||||
# will override the globals
|
||||
|
||||
# check for ssl_verify argument
|
||||
string(LENGTH "${ssl_verify}" ssl_verify_len)
|
||||
if(ssl_verify_len GREATER 0)
|
||||
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
|
||||
# check for tls_verify argument
|
||||
string(LENGTH "${tls_verify}" tls_verify_len)
|
||||
if(tls_verify_len GREATER 0)
|
||||
set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
|
||||
endif()
|
||||
# check for cainfo_file argument
|
||||
string(LENGTH "${cainfo_file}" cainfo_file_len)
|
||||
if(cainfo_file_len GREATER 0)
|
||||
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
|
||||
# check for tls_cainfo argument
|
||||
string(LENGTH "${tls_cainfo}" tls_cainfo_len)
|
||||
if(tls_cainfo_len GREATER 0)
|
||||
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
|
||||
endif()
|
||||
|
||||
file(WRITE ${script_filename}
|
||||
|
@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
|||
dst='${local}'
|
||||
timeout='${timeout_msg}'\")
|
||||
|
||||
${ssl_verify}
|
||||
${ssl_cainfo}
|
||||
${tls_verify}
|
||||
${tls_cainfo}
|
||||
|
||||
file(DOWNLOAD
|
||||
\"${remote}\"
|
||||
|
@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
|
|||
string(REPLACE ";" "-" fname "${fname}")
|
||||
set(file ${download_dir}/${fname})
|
||||
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
|
||||
get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
|
||||
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
|
||||
get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
|
||||
get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
|
||||
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
|
||||
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
|
||||
"${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
|
||||
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
|
||||
COMMAND)
|
||||
set(comment "Performing download step (download, verify and extract) for '${name}'")
|
||||
|
|
|
@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
long inactivity_timeout = 0;
|
||||
std::string verboseLog;
|
||||
std::string statusVar;
|
||||
std::string caFile;
|
||||
bool checkSSL = false;
|
||||
bool verifySSL = false;
|
||||
bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
|
||||
const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
|
||||
std::string expectedHash;
|
||||
std::string hashMatchMSG;
|
||||
cmsys::auto_ptr<cmCryptoHash> hash;
|
||||
|
@ -2723,30 +2722,29 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
}
|
||||
statusVar = *i;
|
||||
}
|
||||
else if(*i == "SSL_VERIFY")
|
||||
else if(*i == "TLS_VERIFY")
|
||||
{
|
||||
++i;
|
||||
if(i != args.end())
|
||||
{
|
||||
verifySSL = cmSystemTools::IsOn(i->c_str());
|
||||
checkSSL = true;
|
||||
tls_verify = cmSystemTools::IsOn(i->c_str());
|
||||
}
|
||||
else
|
||||
{
|
||||
this->SetError("SSL_VERIFY missing bool value.");
|
||||
this->SetError("TLS_VERIFY missing bool value.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else if(*i == "SSL_CAINFO_FILE")
|
||||
else if(*i == "TLS_CAINFO")
|
||||
{
|
||||
++i;
|
||||
if(i != args.end())
|
||||
{
|
||||
caFile = *i;
|
||||
cainfo = i->c_str();
|
||||
}
|
||||
else
|
||||
{
|
||||
this->SetError("SSL_CAFILE missing file value.");
|
||||
this->SetError("TLS_CAFILE missing file value.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -2865,41 +2863,23 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
cmFileCommandCurlDebugCallback);
|
||||
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
|
||||
|
||||
// check to see if SSL verification is requested
|
||||
const char* verifyValue =
|
||||
this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
|
||||
// if there is a cmake variable or if the command has SSL_VERIFY requested
|
||||
if(verifyValue || checkSSL)
|
||||
// check to see if TLS verification is requested
|
||||
if(tls_verify)
|
||||
{
|
||||
// the args to the command come first
|
||||
bool verify = verifySSL;
|
||||
if(!verify && verifyValue)
|
||||
{
|
||||
verify = cmSystemTools::IsOn(verifyValue);
|
||||
}
|
||||
if(verify)
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
check_curl_result(res, "Unable to set SSL Verify on: ");
|
||||
}
|
||||
else
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
check_curl_result(res, "Unable to set SSL Verify off: ");
|
||||
}
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
|
||||
}
|
||||
else
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
|
||||
}
|
||||
// check to see if a CAINFO file has been specified
|
||||
const char* cainfo =
|
||||
this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
|
||||
// command arg comes first
|
||||
if(caFile.size())
|
||||
{
|
||||
cainfo = caFile.c_str();
|
||||
}
|
||||
if(cainfo)
|
||||
if(cainfo && *cainfo)
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
|
||||
check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
|
||||
}
|
||||
|
||||
cmFileCommandVectorOfChar chunkDebug;
|
||||
|
|
|
@ -85,7 +85,7 @@ public:
|
|||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
|
||||
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
|
||||
" [EXPECTED_MD5 sum]\n"
|
||||
" [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
|
||||
" [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
|
||||
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
|
||||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
|
||||
"WRITE will write a message into a file called 'filename'. It "
|
||||
|
@ -177,12 +177,12 @@ public:
|
|||
"If SHOW_PROGRESS is specified, progress information will be printed "
|
||||
"as status messages until the operation is complete. "
|
||||
"For https URLs CMake must be built with OpenSSL. "
|
||||
"SSL certificates are not checked by default. "
|
||||
"Set SSL_VERIFY to ON to check certificates and/or use "
|
||||
"TLS/SSL certificates are not checked by default. "
|
||||
"Set TLS_VERIFY to ON to check certificates and/or use "
|
||||
"EXPECTED_HASH to verify downloaded content. "
|
||||
"Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
|
||||
"If either SSL option is not given CMake will check variables "
|
||||
"CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
|
||||
"Set TLS_CAINFO to specify a custom Certificate Authority file. "
|
||||
"If either TLS option is not given CMake will check variables "
|
||||
"CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
|
||||
"respectively."
|
||||
"\n"
|
||||
"UPLOAD will upload the given file to the given URL. "
|
||||
|
|
Loading…
Reference in New Issue