Rename SSL terminology to TLS
TLS has superseded SSL so rename the recently added file(DOWNLOAD) and ExternalProject options using the newer terminology. Drop "CURLOPT" from names because curl is an implementation detail.
This commit is contained in:
Brad King
parent
c266461084
commit
131d91a1f9
|
|
@ -26,8 +26,8 @@
|
|||
# [URL /.../src.tgz] # Full path or URL of source
|
||||
# [URL_HASH ALGO=value] # Hash of file at URL
|
||||
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
|
||||
# [SSL_VERIFYPEER bool] # Should certificate for https be checked
|
||||
# [CAINFO_FILE file] # Path to a certificate authority file
|
||||
# [TLS_VERIFY bool] # Should certificate for https be checked
|
||||
# [TLS_CAINFO file] # Path to a certificate authority file
|
||||
# [TIMEOUT seconds] # Time allowed for file download operations
|
||||
# #--Update/Patch step----------
|
||||
# [UPDATE_COMMAND cmd...] # Source work-tree update command
|
||||
|
|
@ -401,7 +401,7 @@ endif()
|
|||
endfunction()
|
||||
|
||||
|
||||
function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
|
||||
function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
|
||||
if(timeout)
|
||||
set(timeout_args TIMEOUT ${timeout})
|
||||
set(timeout_msg "${timeout} seconds")
|
||||
|
|
@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
|||
set(hash_args "# no EXPECTED_HASH")
|
||||
endif()
|
||||
# check for curl globals in the project
|
||||
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
|
||||
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
|
||||
if(DEFINED CMAKE_TLS_VERIFY)
|
||||
set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
|
||||
endif()
|
||||
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
|
||||
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
|
||||
if(DEFINED CMAKE_TLS_CAINFO)
|
||||
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
|
||||
endif()
|
||||
|
||||
# now check for curl locals so that the local values
|
||||
# will override the globals
|
||||
|
||||
# check for ssl_verify argument
|
||||
string(LENGTH "${ssl_verify}" ssl_verify_len)
|
||||
if(ssl_verify_len GREATER 0)
|
||||
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
|
||||
# check for tls_verify argument
|
||||
string(LENGTH "${tls_verify}" tls_verify_len)
|
||||
if(tls_verify_len GREATER 0)
|
||||
set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
|
||||
endif()
|
||||
# check for cainfo_file argument
|
||||
string(LENGTH "${cainfo_file}" cainfo_file_len)
|
||||
if(cainfo_file_len GREATER 0)
|
||||
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
|
||||
# check for tls_cainfo argument
|
||||
string(LENGTH "${tls_cainfo}" tls_cainfo_len)
|
||||
if(tls_cainfo_len GREATER 0)
|
||||
set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
|
||||
endif()
|
||||
|
||||
file(WRITE ${script_filename}
|
||||
|
|
@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
|||
dst='${local}'
|
||||
timeout='${timeout_msg}'\")
|
||||
|
||||
${ssl_verify}
|
||||
${ssl_cainfo}
|
||||
${tls_verify}
|
||||
${tls_cainfo}
|
||||
|
||||
file(DOWNLOAD
|
||||
\"${remote}\"
|
||||
|
|
@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
|
|||
string(REPLACE ";" "-" fname "${fname}")
|
||||
set(file ${download_dir}/${fname})
|
||||
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
|
||||
get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
|
||||
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
|
||||
get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
|
||||
get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
|
||||
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
|
||||
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
|
||||
"${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
|
||||
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
|
||||
COMMAND)
|
||||
set(comment "Performing download step (download, verify and extract) for '${name}'")
|
||||
|
|
|
|||
|
|
@ -2668,8 +2668,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
std::string verboseLog;
|
||||
std::string statusVar;
|
||||
std::string caFile;
|
||||
bool checkSSL = false;
|
||||
bool verifySSL = false;
|
||||
bool checkTLS = false;
|
||||
bool verifyTLS = false;
|
||||
std::string expectedHash;
|
||||
std::string hashMatchMSG;
|
||||
cmsys::auto_ptr<cmCryptoHash> hash;
|
||||
|
|
@ -2723,21 +2723,21 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
}
|
||||
statusVar = *i;
|
||||
}
|
||||
else if(*i == "SSL_VERIFY")
|
||||
else if(*i == "TLS_VERIFY")
|
||||
{
|
||||
++i;
|
||||
if(i != args.end())
|
||||
{
|
||||
verifySSL = cmSystemTools::IsOn(i->c_str());
|
||||
checkSSL = true;
|
||||
verifyTLS = cmSystemTools::IsOn(i->c_str());
|
||||
checkTLS = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
this->SetError("SSL_VERIFY missing bool value.");
|
||||
this->SetError("TLS_VERIFY missing bool value.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else if(*i == "SSL_CAINFO_FILE")
|
||||
else if(*i == "TLS_CAINFO")
|
||||
{
|
||||
++i;
|
||||
if(i != args.end())
|
||||
|
|
@ -2746,7 +2746,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
}
|
||||
else
|
||||
{
|
||||
this->SetError("SSL_CAFILE missing file value.");
|
||||
this->SetError("TLS_CAFILE missing file value.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -2865,14 +2865,14 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
cmFileCommandCurlDebugCallback);
|
||||
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
|
||||
|
||||
// check to see if SSL verification is requested
|
||||
// check to see if TLS verification is requested
|
||||
const char* verifyValue =
|
||||
this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
|
||||
// if there is a cmake variable or if the command has SSL_VERIFY requested
|
||||
if(verifyValue || checkSSL)
|
||||
this->Makefile->GetDefinition("CMAKE_TLS_VERIFY");
|
||||
// if there is a cmake variable or if the command has TLS_VERIFY requested
|
||||
if(verifyValue || checkTLS)
|
||||
{
|
||||
// the args to the command come first
|
||||
bool verify = verifySSL;
|
||||
bool verify = verifyTLS;
|
||||
if(!verify && verifyValue)
|
||||
{
|
||||
verify = cmSystemTools::IsOn(verifyValue);
|
||||
|
|
@ -2880,17 +2880,17 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
if(verify)
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
check_curl_result(res, "Unable to set SSL Verify on: ");
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
|
||||
}
|
||||
else
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
check_curl_result(res, "Unable to set SSL Verify off: ");
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
|
||||
}
|
||||
}
|
||||
// check to see if a CAINFO file has been specified
|
||||
const char* cainfo =
|
||||
this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
|
||||
this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
|
||||
// command arg comes first
|
||||
if(caFile.size())
|
||||
{
|
||||
|
|
@ -2899,7 +2899,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
|||
if(cainfo)
|
||||
{
|
||||
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
|
||||
check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
|
||||
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
|
||||
}
|
||||
|
||||
cmFileCommandVectorOfChar chunkDebug;
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ public:
|
|||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
|
||||
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
|
||||
" [EXPECTED_MD5 sum]\n"
|
||||
" [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
|
||||
" [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
|
||||
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
|
||||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
|
||||
"WRITE will write a message into a file called 'filename'. It "
|
||||
|
|
@ -177,12 +177,12 @@ public:
|
|||
"If SHOW_PROGRESS is specified, progress information will be printed "
|
||||
"as status messages until the operation is complete. "
|
||||
"For https URLs CMake must be built with OpenSSL. "
|
||||
"SSL certificates are not checked by default. "
|
||||
"Set SSL_VERIFY to ON to check certificates and/or use "
|
||||
"TLS/SSL certificates are not checked by default. "
|
||||
"Set TLS_VERIFY to ON to check certificates and/or use "
|
||||
"EXPECTED_HASH to verify downloaded content. "
|
||||
"Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
|
||||
"If either SSL option is not given CMake will check variables "
|
||||
"CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
|
||||
"Set TLS_CAINFO to specify a custom Certificate Authority file. "
|
||||
"If either TLS option is not given CMake will check variables "
|
||||
"CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
|
||||
"respectively."
|
||||
"\n"
|
||||
"UPLOAD will upload the given file to the given URL. "
|
||||
|
|
|
|||
Loading…
Reference in New Issue