Add SSL_VERIFYPEER and CAINFO file options to ExternalProject_Add.

This commit adds the ability to turn on and off ssl certificate authority checking. It also adds the ability to specify a certificate authority information file. This can be done by setting global cmake variables CMAKE_CURLOPT_CAINFO_FILE and or CMAKE_CURLOPT_SSL_VERIFYPEER in the project calling ExternalProject_Add, or by passing those options to individual ExternalProject_Add calls.
2012-09-12 18:31:52 -04:00 · 2012-09-12 18:31:52 -04:00 · c266461084
parent beb8a8309b
commit c266461084
1 changed files with 31 additions and 2 deletions
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@ -26,6 +26,8 @@
 #    [URL /.../src.tgz]          # Full path or URL of source
 #    [URL_HASH ALGO=value]       # Hash of file at URL
 #    [URL_MD5 md5]               # Equivalent to URL_HASH MD5=md5
+#    [SSL_VERIFYPEER bool]       # Should certificate for https be checked
+#    [CAINFO_FILE file]          # Path to a certificate authority file
 #    [TIMEOUT seconds]           # Time allowed for file download operations
 #   #--Update/Patch step----------
 #    [UPDATE_COMMAND cmd...]     # Source work-tree update command
@ -399,7 +401,7 @@ endif()
 endfunction()


-function(_ep_write_downloadfile_script script_filename remote local timeout hash)
+function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
  if(timeout)
    set(timeout_args TIMEOUT ${timeout})
    set(timeout_msg "${timeout} seconds")
@ -413,6 +415,27 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
  else()
    set(hash_args "# no EXPECTED_HASH")
  endif()
+  # check for curl globals in the project
+  if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
+    set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
+  endif()
+  if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
+    set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
+  endif()
+
+  # now check for curl locals so that the local values
+  # will override the globals
+
+  # check for ssl_verify argument
+  string(LENGTH "${ssl_verify}" ssl_verify_len)
+  if(ssl_verify_len GREATER 0)
+    set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
+  endif()
+  # check for cainfo_file argument
+  string(LENGTH "${cainfo_file}" cainfo_file_len)
+  if(cainfo_file_len GREATER 0)
+    set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
+  endif()

  file(WRITE ${script_filename}
 "message(STATUS \"downloading...
@ -420,6 +443,9 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
     dst='${local}'
     timeout='${timeout_msg}'\")

+${ssl_verify}
+${ssl_cainfo}
+
 file(DOWNLOAD
  \"${remote}\"
  \"${local}\"
@ -1281,7 +1307,10 @@ function(_ep_add_download_command name)
        string(REPLACE ";" "-" fname "${fname}")
        set(file ${download_dir}/${fname})
        get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
-        _ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake" "${url}" "${file}" "${timeout}" "${hash}")
+        get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
+        get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
+        _ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
+          "${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
        set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
          COMMAND)
        set(comment "Performing download step (download, verify and extract) for '${name}'")