diff options
| author | Brad King <brad.king@kitware.com> | 2024-09-20 21:40:02 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2024-09-24 12:37:23 (GMT) |
| commit | 4e62bc943c74cbc564209a42bb84605f0771bca7 (patch) | |
| tree | dc774f1d938d0b284e1a30d9a037d0993f9b3f55 | |
| parent | 8e92ee34f6ba4058ca7dc793009f98f2096d8f38 (diff) | |
| download | CMake-4e62bc943c74cbc564209a42bb84605f0771bca7.zip CMake-4e62bc943c74cbc564209a42bb84605f0771bca7.tar.gz CMake-4e62bc943c74cbc564209a42bb84605f0771bca7.tar.bz2 | |
ctest: Verify TLS server certificate by default
Issue: #23608
| -rw-r--r-- | Help/manual/ctest.1.rst | 5 | ||||
| -rw-r--r-- | Help/release/dev/curl-tls-verify.rst | 4 | ||||
| -rw-r--r-- | Help/variable/CTEST_TLS_VERIFY.rst | 6 | ||||
| -rw-r--r-- | Source/CTest/cmCTestCurl.cxx | 7 |
4 files changed, 22 insertions, 0 deletions
diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst index c9ab31e..4793ef5 100644 --- a/Help/manual/ctest.1.rst +++ b/Help/manual/ctest.1.rst @@ -1569,6 +1569,11 @@ Configuration settings include: * `CTest Script`_ variable: :variable:`CTEST_TLS_VERIFY` * :module:`CTest` module variable: ``CTEST_TLS_VERIFY`` + .. versionchanged:: 3.31 + The default is on. Previously, the default was off. + Users may set the :envvar:`CMAKE_TLS_VERIFY` environment + variable to ``0`` to restore the old default. + ``TriggerSite`` Legacy option. Not used. diff --git a/Help/release/dev/curl-tls-verify.rst b/Help/release/dev/curl-tls-verify.rst index 73e1837..96ee421 100644 --- a/Help/release/dev/curl-tls-verify.rst +++ b/Help/release/dev/curl-tls-verify.rst @@ -8,3 +8,7 @@ curl-tls-verify even when building projects that have not been updated. Users may set the :envvar:`CMAKE_TLS_VERIFY` environment variable to ``0`` to restore the old default. + +* The :command:`ctest_submit` command and :option:`ctest -T Submit <ctest -T>` + step now verify TLS server certificates for connections to ``https://`` URLs + by default. See the :variable:`CTEST_TLS_VERIFY` variable for details. diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst index 9b3d96c..b283842 100644 --- a/Help/variable/CTEST_TLS_VERIFY.rst +++ b/Help/variable/CTEST_TLS_VERIFY.rst @@ -11,3 +11,9 @@ to a dashboard via ``https://`` URLs. If ``CTEST_TLS_VERIFY`` is not set, the :variable:`CMAKE_TLS_VERIFY` variable or :envvar:`CMAKE_TLS_VERIFY` environment variable is used instead. +If neither is set, the default is *on*. + +.. versionchanged:: 3.31 + The default is on. Previously, the default was off. + Users may set the :envvar:`CMAKE_TLS_VERIFY` environment + variable to ``0`` to restore the old default. diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index 6f887f3..d9dc3b2 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -14,6 +14,10 @@ #include "cmSystemTools.h" #include "cmValue.h" +namespace { +const bool TLS_VERIFY_DEFAULT = true; +} + cmCTestCurl::cmCTestCurl(cmCTest* ctest) : CTest(ctest) , CurlOpts(ctest) @@ -76,6 +80,9 @@ cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest) } } } + if (!this->TLSVerifyOpt.has_value()) { + this->TLSVerifyOpt = TLS_VERIFY_DEFAULT; + } } bool cmCTestCurl::InitCurl() |