file(DOWNLOAD): Make TLS options behave as documented

The logic added in commit e1c89f08 (file(DOWNLOAD): Add options for SSL,
2012-08-21) did not actually provide the documented behavior.  Simplify
the implementation to read the variable values first and then replace
them with the explicit argument values if encountered.  Always set the
curl option CURLOPT_SSL_VERIFYPEER to either on or off explicitly
instead of depending on the curl default behavior.
This commit is contained in:
Brad King 2012-09-14 15:57:18 -04:00
parent 131d91a1f9
commit 7369a8faee
1 changed files with 13 additions and 33 deletions

View File

@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
long inactivity_timeout = 0; long inactivity_timeout = 0;
std::string verboseLog; std::string verboseLog;
std::string statusVar; std::string statusVar;
std::string caFile; bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
bool checkTLS = false; const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
bool verifyTLS = false;
std::string expectedHash; std::string expectedHash;
std::string hashMatchMSG; std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash; cmsys::auto_ptr<cmCryptoHash> hash;
@ -2728,8 +2727,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
++i; ++i;
if(i != args.end()) if(i != args.end())
{ {
verifyTLS = cmSystemTools::IsOn(i->c_str()); tls_verify = cmSystemTools::IsOn(i->c_str());
checkTLS = true;
} }
else else
{ {
@ -2742,7 +2740,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
++i; ++i;
if(i != args.end()) if(i != args.end())
{ {
caFile = *i; cainfo = i->c_str();
} }
else else
{ {
@ -2866,18 +2864,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
check_curl_result(res, "DOWNLOAD cannot set debug function: "); check_curl_result(res, "DOWNLOAD cannot set debug function: ");
// check to see if TLS verification is requested // check to see if TLS verification is requested
const char* verifyValue = if(tls_verify)
this->Makefile->GetDefinition("CMAKE_TLS_VERIFY");
// if there is a cmake variable or if the command has TLS_VERIFY requested
if(verifyValue || checkTLS)
{
// the args to the command come first
bool verify = verifyTLS;
if(!verify && verifyValue)
{
verify = cmSystemTools::IsOn(verifyValue);
}
if(verify)
{ {
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
check_curl_result(res, "Unable to set TLS/SSL Verify on: "); check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
@ -2887,16 +2874,9 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
check_curl_result(res, "Unable to set TLS/SSL Verify off: "); check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
} }
}
// check to see if a CAINFO file has been specified // check to see if a CAINFO file has been specified
const char* cainfo =
this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
// command arg comes first // command arg comes first
if(caFile.size()) if(cainfo && *cainfo)
{
cainfo = caFile.c_str();
}
if(cainfo)
{ {
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");