ctest: Add explicit options for TLS server verification

Add a dedicated `TLSVerify` ctest option and a `CTEST_TLS_VERIFY`
variable to control it.  Deprecate `CurlOptions` because it exposes
internal implementation details.

28 files changed, 113 insertions, 13 deletions

diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst
index d08ee2c..7728cb4 100644
--- a/Help/manual/cmake-variables.7.rst
+++ b/Help/manual/cmake-variables.7.rst
@@ -728,6 +728,7 @@ Variables for CTest
    /variable/CTEST_SVN_UPDATE_OPTIONS
    /variable/CTEST_TEST_LOAD
    /variable/CTEST_TEST_TIMEOUT
+   /variable/CTEST_TLS_VERIFY
    /variable/CTEST_UPDATE_COMMAND
    /variable/CTEST_UPDATE_OPTIONS
    /variable/CTEST_UPDATE_VERSION_ONLY
diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst
index dff77f9..45ff6da 100644
--- a/Help/manual/ctest.1.rst
+++ b/Help/manual/ctest.1.rst
@@ -1452,6 +1452,10 @@ Configuration settings include:
   * :module:`CTest` module variable: ``CTEST_SUBMIT_RETRY_DELAY``
 
 ``CurlOptions``
+  .. deprecated:: 3.30
+
+    Use ``TLSVerify`` instead.
+
   Specify a semicolon-separated list of options to control the
   Curl library that CTest uses internally to connect to the
   server.
@@ -1547,6 +1551,15 @@ Configuration settings include:
   * `CTest Script`_ variable: :variable:`CTEST_SUBMIT_INACTIVITY_TIMEOUT`
   * :module:`CTest` module variable: ``CTEST_SUBMIT_INACTIVITY_TIMEOUT``
 
+``TLSVerify``
+  .. versionadded:: 3.30
+
+  Specify a boolean value indicating whether to verify the server
+  certificate when submitting to a dashboard via ``https://`` URLs.
+
+  * `CTest Script`_ variable: :variable:`CTEST_TLS_VERIFY`
+  * :module:`CTest` module variable: ``CTEST_TLS_VERIFY``
+
 ``TriggerSite``
   Legacy option.  Not used.
 
diff --git a/Help/release/dev/curl-tls-version.rst b/Help/release/dev/curl-tls-version.rst
index 4b7fe44..6adf189 100644
--- a/Help/release/dev/curl-tls-version.rst
+++ b/Help/release/dev/curl-tls-version.rst
@@ -15,3 +15,7 @@ curl-tls-version
   :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION`
   environment variable, to specify the minimum TLS version for connections
   to ``https://`` URLs.
+
+* The :command:`ctest_submit` command and :option:`ctest -T Submit <ctest -T>`
+  step gained a ``TLSVerify`` option to control negotiation with
+  ``https://`` URLs.  See the :variable:`CTEST_TLS_VERIFY` variable.
diff --git a/Help/variable/CTEST_CURL_OPTIONS.rst b/Help/variable/CTEST_CURL_OPTIONS.rst
index 14af4e4..45e84ed 100644
--- a/Help/variable/CTEST_CURL_OPTIONS.rst
+++ b/Help/variable/CTEST_CURL_OPTIONS.rst
@@ -1,6 +1,10 @@
 CTEST_CURL_OPTIONS
 ------------------
 
+.. deprecated:: 3.30
+
+  Use the :variable:`CTEST_TLS_VERIFY` variable instead.
+
 .. versionadded:: 3.1
 
 Specify the CTest ``CurlOptions`` setting
diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst
new file mode 100644
index 0000000..22133bd
--- /dev/null
+++ b/Help/variable/CTEST_TLS_VERIFY.rst
@@ -0,0 +1,10 @@
+CTEST_TLS_VERIFY
+----------------
+
+.. versionadded:: 3.30
+
+Specify the CTest ``TLSVerify`` setting in a :manual:`ctest(1)`
+:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code
+before including the :module:`CTest` module.  The value is a boolean
+indicating whether to  verify the server certificate when submitting
+to a dashboard via ``https://`` URLs.
diff --git a/Modules/DartConfiguration.tcl.in b/Modules/DartConfiguration.tcl.in
index afa36f7..eb0f0ba 100644
--- a/Modules/DartConfiguration.tcl.in
+++ b/Modules/DartConfiguration.tcl.in
@@ -95,6 +95,8 @@ TimeOut: @DART_TESTING_TIMEOUT@
 # so would cause the system load to exceed this value.
 TestLoad: @CTEST_TEST_LOAD@
 
+TLSVerify: @CTEST_TLS_VERIFY@
+
 UseLaunchers: @CTEST_USE_LAUNCHERS@
 CurlOptions: @CTEST_CURL_OPTIONS@
 # warning, if you add new options here that have to do with submit,
diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx
index d3a0a13..e5963c6 100644
--- a/Source/CTest/cmCTestCurl.cxx
+++ b/Source/CTest/cmCTestCurl.cxx
@@ -12,6 +12,7 @@
 #include "cmList.h"
 #include "cmStringAlgorithms.h"
 #include "cmSystemTools.h"
+#include "cmValue.h"
 
 cmCTestCurl::cmCTestCurl(cmCTest* ctest)
   : CTest(ctest)
@@ -57,13 +58,18 @@ size_t curlDebugCallback(CURL* /*unused*/, curl_infotype /*unused*/,
 
 cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest)
 {
-  cmList args{ ctest->GetCTestConfiguration("CurlOptions") };
-  for (std::string const& arg : args) {
-    if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") {
-      this->VerifyPeerOff = true;
-    }
-    if (arg == "CURLOPT_SSL_VERIFYHOST_OFF") {
-      this->VerifyHostOff = true;
+  std::string tlsVerify = ctest->GetCTestConfiguration("TLSVerify");
+  if (!tlsVerify.empty()) {
+    this->TLSVerifyOpt = cmIsOn(tlsVerify);
+  } else {
+    cmList args{ ctest->GetCTestConfiguration("CurlOptions") };
+    for (std::string const& arg : args) {
+      if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") {
+        this->TLSVerifyOpt = false;
+      }
+      if (arg == "CURLOPT_SSL_VERIFYHOST_OFF") {
+        this->VerifyHostOff = true;
+      }
     }
   }
 }
@@ -74,8 +80,9 @@ bool cmCTestCurl::InitCurl()
     return false;
   }
   cmCurlSetCAInfo(this->Curl);
-  if (this->CurlOpts.VerifyPeerOff) {
-    curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER, 0);
+  if (this->CurlOpts.TLSVerifyOpt) {
+    curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER,
+                     *this->CurlOpts.TLSVerifyOpt ? 1 : 0);
   }
   if (this->CurlOpts.VerifyHostOff) {
     curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYHOST, 0);
diff --git a/Source/CTest/cmCTestCurl.h b/Source/CTest/cmCTestCurl.h
index ea60f19..b027e43 100644
--- a/Source/CTest/cmCTestCurl.h
+++ b/Source/CTest/cmCTestCurl.h
@@ -7,6 +7,8 @@
 #include <string>
 #include <vector>
 
+#include <cm/optional>
+
 #include <cm3p/curl/curl.h>
 
 class cmCTest;
@@ -14,7 +16,7 @@ class cmCTest;
 struct cmCTestCurlOpts
 {
   cmCTestCurlOpts(cmCTest* ctest);
-  bool VerifyPeerOff = false;
+  cm::optional<bool> TLSVerifyOpt;
   bool VerifyHostOff = false;
 };
 
diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx
index a92f9f2..90542e9 100644
--- a/Source/CTest/cmCTestSubmitCommand.cxx
+++ b/Source/CTest/cmCTestSubmitCommand.cxx
@@ -56,6 +56,8 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler()
   }
 
   this->CTest->SetCTestConfigurationFromCMakeVariable(
+    this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet);
+  this->CTest->SetCTestConfigurationFromCMakeVariable(
     this->Makefile, "CurlOptions", "CTEST_CURL_OPTIONS", this->Quiet);
   this->CTest->SetCTestConfigurationFromCMakeVariable(
     this->Makefile, "SubmitInactivityTimeout",
diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx
index 654fbfa..431f108 100644
--- a/Source/CTest/cmCTestSubmitHandler.cxx
+++ b/Source/CTest/cmCTestSubmitHandler.cxx
@@ -8,6 +8,7 @@
 #include <sstream>
 
 #include <cm/iomanip>
+#include <cm/optional>
 #include <cmext/algorithm>
 
 #include <cm3p/curl/curl.h>
@@ -177,11 +178,14 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(
     curl = curl_easy_init();
     if (curl) {
       cmCurlSetCAInfo(curl);
-      if (curlOpts.VerifyPeerOff) {
+      if (curlOpts.TLSVerifyOpt) {
         cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
-                           "  Set CURLOPT_SSL_VERIFYPEER to off\n",
+                           "  Set CURLOPT_SSL_VERIFYPEER to "
+                             << (*curlOpts.TLSVerifyOpt ? "on" : "off")
+                             << "\n",
                            this->Quiet);
-        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER,
+                         *curlOpts.TLSVerifyOpt ? 1 : 0);
       }
       if (curlOpts.VerifyHostOff) {
         cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt
new file mode 100644
index 0000000..d197c91
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt
@@ -0,0 +1 @@
+[^0]
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt
new file mode 100644
index 0000000..be5d335
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt
@@ -0,0 +1 @@
+  Set CURLOPT_SSL_VERIFYPEER to off
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake
new file mode 100644
index 0000000..e0368fc
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake
@@ -0,0 +1 @@
+include(FailDrop-common.cmake)
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt
new file mode 100644
index 0000000..d197c91
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt
@@ -0,0 +1 @@
+[^0]
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt
new file mode 100644
index 0000000..fa95148
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt
@@ -0,0 +1 @@
+  Set CURLOPT_SSL_VERIFYPEER to on
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake
new file mode 100644
index 0000000..e0368fc
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake
@@ -0,0 +1 @@
+include(FailDrop-common.cmake)
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake
new file mode 100644
index 0000000..134d26d
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake
@@ -0,0 +1,3 @@
+set(SUBMIT_URL "https://badhostname.invalid")
+set(CTEST_SUBMIT_RETRY_COUNT 0 CACHE STRING "")
+include(CTest)
diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
index 03aa690..c7f772c 100644
--- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
+++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
@@ -1,6 +1,10 @@
 include(RunCMake)
 include(RunCTest)
 
+# Do not use any proxy for lookup of an invalid site.
+# DNS failure by proxy looks different than DNS failure without proxy.
+set(ENV{no_proxy} "$ENV{no_proxy},badhostname.invalid")
+
 set(RunCMake_TEST_TIMEOUT 60)
 
 run_cmake_command(repeat-opt-bad1
@@ -484,6 +488,17 @@ run_NoTests()
 # Check the configuration type variable is passed
 run_ctest(check-configuration-type)
 
+function(run_FailDrop case)
+  set(RunCMake_TEST_BINARY_DIR ${RunCMake_BINARY_DIR}/FailDrop-${case}-build)
+  run_cmake_with_options(FailDrop-${case} ${ARGN})
+  set(RunCMake_TEST_NO_CLEAN 1)
+  run_cmake_command(FailDrop-${case}-ctest
+    ${CMAKE_CTEST_COMMAND} -M Experimental -T Submit -VV
+    )
+endfunction()
+run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON)
+run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF)
+
 run_cmake_command(EmptyDirCoverage-ctest
   ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage
   )
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt
new file mode 100644
index 0000000..b57e2de
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt
@@ -0,0 +1 @@
+(-1|255)
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt
new file mode 100644
index 0000000..9053f6c
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt
@@ -0,0 +1,4 @@
+SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY
+SetCTestConfiguration:TLSVerify:OFF
+.*
+  Set CURLOPT_SSL_VERIFYPEER to off
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt
new file mode 100644
index 0000000..b57e2de
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt
@@ -0,0 +1 @@
+(-1|255)
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt
new file mode 100644
index 0000000..c2764c3
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt
@@ -0,0 +1,4 @@
+SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY
+SetCTestConfiguration:TLSVerify:ON
+.*
+  Set CURLOPT_SSL_VERIFYPEER to on
diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
index ad35bf5..4d2d95b 100644
--- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
+++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
@@ -4,6 +4,7 @@ include(RunCTest)
 set(CASE_DROP_METHOD "http")
 set(CASE_DROP_SITE "badhostname.invalid")
 set(CASE_CTEST_SUBMIT_ARGS "")
+set(CASE_TEST_PREFIX_CODE "")
 
 # Do not use any proxy for lookup of an invalid site.
 # DNS failure by proxy looks different than DNS failure without proxy.
@@ -54,3 +55,10 @@ endfunction()
 
 run_ctest_submit_FailDrop(http)
 run_ctest_submit_FailDrop(https)
+block()
+  set(CASE_DROP_METHOD "https")
+  set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)")
+  run_ctest(FailDrop-TLSVerify-ON -VV)
+  set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)")
+  run_ctest(FailDrop-TLSVerify-OFF -VV)
+endblock()
diff --git a/Tests/RunCMake/ctest_submit/test.cmake.in b/Tests/RunCMake/ctest_submit/test.cmake.in
index 0f4885f..6026c35 100644
--- a/Tests/RunCMake/ctest_submit/test.cmake.in
+++ b/Tests/RunCMake/ctest_submit/test.cmake.in
@@ -1,4 +1,5 @@
 cmake_minimum_required(VERSION 3.5)
+@CASE_TEST_PREFIX_CODE@
 
 set(CTEST_SITE                          "test-site")
 set(CTEST_BUILD_NAME                    "test-build-name")