Add SSL_VERIFYPEER and CAINFO file options to ExternalProject_Add.

This commit adds the ability to turn on and off ssl certificate
authority checking.  It also adds the ability to specify a
certificate authority information file.  This can be done
by setting global cmake variables CMAKE_CURLOPT_CAINFO_FILE
and or CMAKE_CURLOPT_SSL_VERIFYPEER in the project calling
ExternalProject_Add, or by passing those options to individual
ExternalProject_Add calls.
This commit is contained in:
Bill Hoffman 2012-09-12 18:31:52 -04:00
parent beb8a8309b
commit c266461084
1 changed files with 31 additions and 2 deletions

View File

@ -26,6 +26,8 @@
# [URL /.../src.tgz] # Full path or URL of source # [URL /.../src.tgz] # Full path or URL of source
# [URL_HASH ALGO=value] # Hash of file at URL # [URL_HASH ALGO=value] # Hash of file at URL
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5 # [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
# [SSL_VERIFYPEER bool] # Should certificate for https be checked
# [CAINFO_FILE file] # Path to a certificate authority file
# [TIMEOUT seconds] # Time allowed for file download operations # [TIMEOUT seconds] # Time allowed for file download operations
# #--Update/Patch step---------- # #--Update/Patch step----------
# [UPDATE_COMMAND cmd...] # Source work-tree update command # [UPDATE_COMMAND cmd...] # Source work-tree update command
@ -399,7 +401,7 @@ endif()
endfunction() endfunction()
function(_ep_write_downloadfile_script script_filename remote local timeout hash) function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
if(timeout) if(timeout)
set(timeout_args TIMEOUT ${timeout}) set(timeout_args TIMEOUT ${timeout})
set(timeout_msg "${timeout} seconds") set(timeout_msg "${timeout} seconds")
@ -413,6 +415,27 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
else() else()
set(hash_args "# no EXPECTED_HASH") set(hash_args "# no EXPECTED_HASH")
endif() endif()
# check for curl globals in the project
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
endif()
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
endif()
# now check for curl locals so that the local values
# will override the globals
# check for ssl_verify argument
string(LENGTH "${ssl_verify}" ssl_verify_len)
if(ssl_verify_len GREATER 0)
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
endif()
# check for cainfo_file argument
string(LENGTH "${cainfo_file}" cainfo_file_len)
if(cainfo_file_len GREATER 0)
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
endif()
file(WRITE ${script_filename} file(WRITE ${script_filename}
"message(STATUS \"downloading... "message(STATUS \"downloading...
@ -420,6 +443,9 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
dst='${local}' dst='${local}'
timeout='${timeout_msg}'\") timeout='${timeout_msg}'\")
${ssl_verify}
${ssl_cainfo}
file(DOWNLOAD file(DOWNLOAD
\"${remote}\" \"${remote}\"
\"${local}\" \"${local}\"
@ -1281,7 +1307,10 @@ function(_ep_add_download_command name)
string(REPLACE ";" "-" fname "${fname}") string(REPLACE ";" "-" fname "${fname}")
set(file ${download_dir}/${fname}) set(file ${download_dir}/${fname})
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT) get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake" "${url}" "${file}" "${timeout}" "${hash}") get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
COMMAND) COMMAND)
set(comment "Performing download step (download, verify and extract) for '${name}'") set(comment "Performing download step (download, verify and extract) for '${name}'")