file(DOWNLOAD): Add options for SSL
Add the ability to request that downloads disable or enable Certificate Authority checking with https ssl downloads. When the option to verify the servers CA is disabled, one may verify download contents with SHA hashes.
This commit is contained in:
parent
073a73a3d8
commit
e1c89f08bb
|
@ -2667,6 +2667,9 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
||||||
long inactivity_timeout = 0;
|
long inactivity_timeout = 0;
|
||||||
std::string verboseLog;
|
std::string verboseLog;
|
||||||
std::string statusVar;
|
std::string statusVar;
|
||||||
|
std::string caFile;
|
||||||
|
bool checkSSL = false;
|
||||||
|
bool verifySSL = false;
|
||||||
std::string expectedHash;
|
std::string expectedHash;
|
||||||
std::string hashMatchMSG;
|
std::string hashMatchMSG;
|
||||||
cmsys::auto_ptr<cmCryptoHash> hash;
|
cmsys::auto_ptr<cmCryptoHash> hash;
|
||||||
|
@ -2720,6 +2723,33 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
||||||
}
|
}
|
||||||
statusVar = *i;
|
statusVar = *i;
|
||||||
}
|
}
|
||||||
|
else if(*i == "SSL_VERIFY")
|
||||||
|
{
|
||||||
|
++i;
|
||||||
|
if(i != args.end())
|
||||||
|
{
|
||||||
|
verifySSL = cmSystemTools::IsOn(i->c_str());
|
||||||
|
checkSSL = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
this->SetError("SSL_VERIFY missing bool value.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(*i == "SSL_CAINFO_FILE")
|
||||||
|
{
|
||||||
|
++i;
|
||||||
|
if(i != args.end())
|
||||||
|
{
|
||||||
|
caFile = *i;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
this->SetError("SSL_CAFILE missing file value.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
else if(*i == "EXPECTED_MD5")
|
else if(*i == "EXPECTED_MD5")
|
||||||
{
|
{
|
||||||
++i;
|
++i;
|
||||||
|
@ -2835,6 +2865,43 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
|
||||||
cmFileCommandCurlDebugCallback);
|
cmFileCommandCurlDebugCallback);
|
||||||
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
|
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
|
||||||
|
|
||||||
|
// check to see if SSL verification is requested
|
||||||
|
const char* verifyValue =
|
||||||
|
this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
|
||||||
|
// if there is a cmake variable or if the command has SSL_VERIFY requested
|
||||||
|
if(verifyValue || checkSSL)
|
||||||
|
{
|
||||||
|
// the args to the command come first
|
||||||
|
bool verify = verifySSL;
|
||||||
|
if(!verify && verifyValue)
|
||||||
|
{
|
||||||
|
verify = cmSystemTools::IsOn(verifyValue);
|
||||||
|
}
|
||||||
|
if(verify)
|
||||||
|
{
|
||||||
|
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
|
||||||
|
check_curl_result(res, "Unable to set SSL Verify on: ");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
|
||||||
|
check_curl_result(res, "Unable to set SSL Verify off: ");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// check to see if a CAINFO file has been specified
|
||||||
|
const char* cainfo =
|
||||||
|
this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
|
||||||
|
// command arg comes first
|
||||||
|
if(caFile.size())
|
||||||
|
{
|
||||||
|
cainfo = caFile.c_str();
|
||||||
|
}
|
||||||
|
if(cainfo)
|
||||||
|
{
|
||||||
|
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
|
||||||
|
check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
|
||||||
|
}
|
||||||
|
|
||||||
cmFileCommandVectorOfChar chunkDebug;
|
cmFileCommandVectorOfChar chunkDebug;
|
||||||
|
|
||||||
res = ::curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&fout);
|
res = ::curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&fout);
|
||||||
|
|
|
@ -84,7 +84,8 @@ public:
|
||||||
" file(DOWNLOAD url file [INACTIVITY_TIMEOUT timeout]\n"
|
" file(DOWNLOAD url file [INACTIVITY_TIMEOUT timeout]\n"
|
||||||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
|
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
|
||||||
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
|
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
|
||||||
" [EXPECTED_MD5 sum])\n"
|
" [EXPECTED_MD5 sum]\n"
|
||||||
|
" [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
|
||||||
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
|
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
|
||||||
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
|
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
|
||||||
"WRITE will write a message into a file called 'filename'. It "
|
"WRITE will write a message into a file called 'filename'. It "
|
||||||
|
@ -175,6 +176,14 @@ public:
|
||||||
"(EXPECTED_MD5 is short-hand for EXPECTED_HASH MD5.) "
|
"(EXPECTED_MD5 is short-hand for EXPECTED_HASH MD5.) "
|
||||||
"If SHOW_PROGRESS is specified, progress information will be printed "
|
"If SHOW_PROGRESS is specified, progress information will be printed "
|
||||||
"as status messages until the operation is complete. "
|
"as status messages until the operation is complete. "
|
||||||
|
"For https URLs CMake must be built with OpenSSL. "
|
||||||
|
"SSL certificates are not checked by default. "
|
||||||
|
"Set SSL_VERIFY to ON to check certificates and/or use "
|
||||||
|
"EXPECTED_HASH to verify downloaded content. "
|
||||||
|
"Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
|
||||||
|
"If either SSL option is not given CMake will check variables "
|
||||||
|
"CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
|
||||||
|
"respectively."
|
||||||
"\n"
|
"\n"
|
||||||
"UPLOAD will upload the given file to the given URL. "
|
"UPLOAD will upload the given file to the given URL. "
|
||||||
"If LOG var is specified a log of the upload will be put in var. "
|
"If LOG var is specified a log of the upload will be put in var. "
|
||||||
|
|
Loading…
Reference in New Issue