kolan
/
CMake
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge topic 'cleanup-TLS-and-SSL-interface' 

7369a8f file(DOWNLOAD): Make TLS options behave as documented
131d91a Rename SSL terminology to TLS
This commit is contained in:
David Cole 2012-09-18 16:42:47 -04:00 committed by CMake Topic Stage
parent 893d84b221 7369a8faee
commit 024bbad230
3 changed files with 45 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Modules/ExternalProject.cmake
View File

@ -26,8 +26,8 @@
# [URL /.../src.tgz] # Full path or URL of source # [URL /.../src.tgz] # Full path or URL of source
# [URL_HASH ALGO=value] # Hash of file at URL # [URL_HASH ALGO=value] # Hash of file at URL
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5 # [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
# [SSL_VERIFYPEER bool] # Should certificate for https be checked # [TLS_VERIFY bool] # Should certificate for https be checked
# [CAINFO_FILE file] # Path to a certificate authority file # [TLS_CAINFO file] # Path to a certificate authority file
# [TIMEOUT seconds] # Time allowed for file download operations # [TIMEOUT seconds] # Time allowed for file download operations
# #--Update/Patch step---------- # #--Update/Patch step----------
# [UPDATE_COMMAND cmd...] # Source work-tree update command # [UPDATE_COMMAND cmd...] # Source work-tree update command
@ -401,7 +401,7 @@ endif()
endfunction() endfunction()
function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file) function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
if(timeout) if(timeout)
set(timeout_args TIMEOUT ${timeout}) set(timeout_args TIMEOUT ${timeout})
set(timeout_msg "${timeout} seconds") set(timeout_msg "${timeout} seconds")
@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
set(hash_args "# no EXPECTED_HASH") set(hash_args "# no EXPECTED_HASH")
endif() endif()
# check for curl globals in the project # check for curl globals in the project
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER) if(DEFINED CMAKE_TLS_VERIFY)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})") set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
endif() endif()
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE) if(DEFINED CMAKE_TLS_CAINFO)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")") set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
endif() endif()
# now check for curl locals so that the local values # now check for curl locals so that the local values
# will override the globals # will override the globals
# check for ssl_verify argument # check for tls_verify argument
string(LENGTH "${ssl_verify}" ssl_verify_len) string(LENGTH "${tls_verify}" tls_verify_len)
if(ssl_verify_len GREATER 0) if(tls_verify_len GREATER 0)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})") set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
endif() endif()
# check for cainfo_file argument # check for tls_cainfo argument
string(LENGTH "${cainfo_file}" cainfo_file_len) string(LENGTH "${tls_cainfo}" tls_cainfo_len)
if(cainfo_file_len GREATER 0) if(tls_cainfo_len GREATER 0)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")") set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
endif() endif()
file(WRITE ${script_filename} file(WRITE ${script_filename}
@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
dst='${local}' dst='${local}'
timeout='${timeout_msg}'\") timeout='${timeout_msg}'\")
${ssl_verify} ${tls_verify}
${ssl_cainfo} ${tls_cainfo}
file(DOWNLOAD file(DOWNLOAD
\"${remote}\" \"${remote}\"
@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
string(REPLACE ";" "-" fname "${fname}") string(REPLACE ";" "-" fname "${fname}")
set(file ${download_dir}/${fname}) set(file ${download_dir}/${fname})
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT) get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER) get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE) get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake" _ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}") "${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
COMMAND) COMMAND)
set(comment "Performing download step (download, verify and extract) for '${name}'") set(comment "Performing download step (download, verify and extract) for '${name}'")

58
Source/cmFileCommand.cxx
View File

@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
long inactivity_timeout = 0; long inactivity_timeout = 0;
std::string verboseLog; std::string verboseLog;
std::string statusVar; std::string statusVar;
std::string caFile; bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
bool checkSSL = false; const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
bool verifySSL = false;
std::string expectedHash; std::string expectedHash;
std::string hashMatchMSG; std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash; cmsys::auto_ptr<cmCryptoHash> hash;
@ -2723,30 +2722,29 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
} }
statusVar = *i; statusVar = *i;
} }
else if(*i == "SSL_VERIFY") else if(*i == "TLS_VERIFY")
{ {
++i; ++i;
if(i != args.end()) if(i != args.end())
{ {
verifySSL = cmSystemTools::IsOn(i->c_str()); tls_verify = cmSystemTools::IsOn(i->c_str());
checkSSL = true;
} }
else else
{ {
this->SetError("SSL_VERIFY missing bool value."); this->SetError("TLS_VERIFY missing bool value.");
return false; return false;
} }
} }
else if(*i == "SSL_CAINFO_FILE") else if(*i == "TLS_CAINFO")
{ {
++i; ++i;
if(i != args.end()) if(i != args.end())
{ {
caFile = *i; cainfo = i->c_str();
} }
else else
{ {
this->SetError("SSL_CAFILE missing file value."); this->SetError("TLS_CAFILE missing file value.");
return false; return false;
} }
} }
@ -2865,41 +2863,23 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
cmFileCommandCurlDebugCallback); cmFileCommandCurlDebugCallback);
check_curl_result(res, "DOWNLOAD cannot set debug function: "); check_curl_result(res, "DOWNLOAD cannot set debug function: ");
// check to see if SSL verification is requested // check to see if TLS verification is requested
const char* verifyValue = if(tls_verify)
this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
// if there is a cmake variable or if the command has SSL_VERIFY requested
if(verifyValue || checkSSL)
{ {
// the args to the command come first res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
bool verify = verifySSL; check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
if(!verify && verifyValue) }
{ else
verify = cmSystemTools::IsOn(verifyValue); {
} res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
if(verify) check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
check_curl_result(res, "Unable to set SSL Verify on: ");
}
else
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
check_curl_result(res, "Unable to set SSL Verify off: ");
}
} }
// check to see if a CAINFO file has been specified // check to see if a CAINFO file has been specified
const char* cainfo =
this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
// command arg comes first // command arg comes first
if(caFile.size()) if(cainfo && *cainfo)
{
cainfo = caFile.c_str();
}
if(cainfo)
{ {
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
check_curl_result(res, "Unable to set SSL Verify CAINFO: "); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
} }
cmFileCommandVectorOfChar chunkDebug; cmFileCommandVectorOfChar chunkDebug;

12
Source/cmFileCommand.h
View File

@ -85,7 +85,7 @@ public:
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n" " [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
" [EXPECTED_MD5 sum]\n" " [EXPECTED_MD5 sum]\n"
" [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n" " [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n" " file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
"WRITE will write a message into a file called 'filename'. It " "WRITE will write a message into a file called 'filename'. It "
@ -177,12 +177,12 @@ public:
"If SHOW_PROGRESS is specified, progress information will be printed " "If SHOW_PROGRESS is specified, progress information will be printed "
"as status messages until the operation is complete. " "as status messages until the operation is complete. "
"For https URLs CMake must be built with OpenSSL. " "For https URLs CMake must be built with OpenSSL. "
"SSL certificates are not checked by default. " "TLS/SSL certificates are not checked by default. "
"Set SSL_VERIFY to ON to check certificates and/or use " "Set TLS_VERIFY to ON to check certificates and/or use "
"EXPECTED_HASH to verify downloaded content. " "EXPECTED_HASH to verify downloaded content. "
"Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. " "Set TLS_CAINFO to specify a custom Certificate Authority file. "
"If either SSL option is not given CMake will check variables " "If either TLS option is not given CMake will check variables "
"CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, " "CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
"respectively." "respectively."
"\n" "\n"
"UPLOAD will upload the given file to the given URL. " "UPLOAD will upload the given file to the given URL. "