Add SSL_VERIFYPEER and CAINFO file options to ExternalProject_Add.
This commit adds the ability to turn on and off ssl certificate authority checking. It also adds the ability to specify a certificate authority information file. This can be done by setting global cmake variables CMAKE_CURLOPT_CAINFO_FILE and or CMAKE_CURLOPT_SSL_VERIFYPEER in the project calling ExternalProject_Add, or by passing those options to individual ExternalProject_Add calls.
This commit is contained in:
parent
beb8a8309b
commit
c266461084
|
@ -26,6 +26,8 @@
|
||||||
# [URL /.../src.tgz] # Full path or URL of source
|
# [URL /.../src.tgz] # Full path or URL of source
|
||||||
# [URL_HASH ALGO=value] # Hash of file at URL
|
# [URL_HASH ALGO=value] # Hash of file at URL
|
||||||
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
|
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
|
||||||
|
# [SSL_VERIFYPEER bool] # Should certificate for https be checked
|
||||||
|
# [CAINFO_FILE file] # Path to a certificate authority file
|
||||||
# [TIMEOUT seconds] # Time allowed for file download operations
|
# [TIMEOUT seconds] # Time allowed for file download operations
|
||||||
# #--Update/Patch step----------
|
# #--Update/Patch step----------
|
||||||
# [UPDATE_COMMAND cmd...] # Source work-tree update command
|
# [UPDATE_COMMAND cmd...] # Source work-tree update command
|
||||||
|
@ -399,7 +401,7 @@ endif()
|
||||||
endfunction()
|
endfunction()
|
||||||
|
|
||||||
|
|
||||||
function(_ep_write_downloadfile_script script_filename remote local timeout hash)
|
function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
|
||||||
if(timeout)
|
if(timeout)
|
||||||
set(timeout_args TIMEOUT ${timeout})
|
set(timeout_args TIMEOUT ${timeout})
|
||||||
set(timeout_msg "${timeout} seconds")
|
set(timeout_msg "${timeout} seconds")
|
||||||
|
@ -413,6 +415,27 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
||||||
else()
|
else()
|
||||||
set(hash_args "# no EXPECTED_HASH")
|
set(hash_args "# no EXPECTED_HASH")
|
||||||
endif()
|
endif()
|
||||||
|
# check for curl globals in the project
|
||||||
|
if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
|
||||||
|
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
|
||||||
|
endif()
|
||||||
|
if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
|
||||||
|
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
|
||||||
|
endif()
|
||||||
|
|
||||||
|
# now check for curl locals so that the local values
|
||||||
|
# will override the globals
|
||||||
|
|
||||||
|
# check for ssl_verify argument
|
||||||
|
string(LENGTH "${ssl_verify}" ssl_verify_len)
|
||||||
|
if(ssl_verify_len GREATER 0)
|
||||||
|
set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
|
||||||
|
endif()
|
||||||
|
# check for cainfo_file argument
|
||||||
|
string(LENGTH "${cainfo_file}" cainfo_file_len)
|
||||||
|
if(cainfo_file_len GREATER 0)
|
||||||
|
set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
|
||||||
|
endif()
|
||||||
|
|
||||||
file(WRITE ${script_filename}
|
file(WRITE ${script_filename}
|
||||||
"message(STATUS \"downloading...
|
"message(STATUS \"downloading...
|
||||||
|
@ -420,6 +443,9 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
|
||||||
dst='${local}'
|
dst='${local}'
|
||||||
timeout='${timeout_msg}'\")
|
timeout='${timeout_msg}'\")
|
||||||
|
|
||||||
|
${ssl_verify}
|
||||||
|
${ssl_cainfo}
|
||||||
|
|
||||||
file(DOWNLOAD
|
file(DOWNLOAD
|
||||||
\"${remote}\"
|
\"${remote}\"
|
||||||
\"${local}\"
|
\"${local}\"
|
||||||
|
@ -1281,7 +1307,10 @@ function(_ep_add_download_command name)
|
||||||
string(REPLACE ";" "-" fname "${fname}")
|
string(REPLACE ";" "-" fname "${fname}")
|
||||||
set(file ${download_dir}/${fname})
|
set(file ${download_dir}/${fname})
|
||||||
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
|
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
|
||||||
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake" "${url}" "${file}" "${timeout}" "${hash}")
|
get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
|
||||||
|
get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
|
||||||
|
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
|
||||||
|
"${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
|
||||||
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
|
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
|
||||||
COMMAND)
|
COMMAND)
|
||||||
set(comment "Performing download step (download, verify and extract) for '${name}'")
|
set(comment "Performing download step (download, verify and extract) for '${name}'")
|
||||||
|
|
Loading…
Reference in New Issue