diff options
| author | Brad King <brad.king@kitware.com> | 2022-09-19 14:21:12 (GMT) |
|---|---|---|
| committer | Kitware Robot <kwrobot@kitware.com> | 2022-09-19 14:21:22 (GMT) |
| commit | f485e2c65b74d943d224ff308f3b553638c89de3 (patch) | |
| tree | 19a29d5e9d53441b0f89a2b3f67161efd6da3795 | |
| parent | 10afb5eb8716545f0cd2cf26b79577b2a1829cd8 (diff) | |
| parent | 10bf34a2d97c600c3d806309c79137afba113cf9 (diff) | |
| download | CMake-f485e2c65b74d943d224ff308f3b553638c89de3.zip CMake-f485e2c65b74d943d224ff308f3b553638c89de3.tar.gz CMake-f485e2c65b74d943d224ff308f3b553638c89de3.tar.bz2 | |
Merge topic 'env-tls-certs'
10bf34a2d9 cmCurl: Honor OpenSSL certificate environment variables
Acked-by: Kitware Robot <kwrobot@kitware.com>
Merge-request: !7670
| -rw-r--r-- | Help/envvar/SSL_CERT_DIR.rst | 9 | ||||
| -rw-r--r-- | Help/envvar/SSL_CERT_FILE.rst | 9 | ||||
| -rw-r--r-- | Help/manual/cmake-env-variables.7.rst | 2 | ||||
| -rw-r--r-- | Help/release/dev/env-tls-certs.rst | 6 | ||||
| -rw-r--r-- | Source/cmCurl.cxx | 11 |
5 files changed, 37 insertions, 0 deletions
diff --git a/Help/envvar/SSL_CERT_DIR.rst b/Help/envvar/SSL_CERT_DIR.rst new file mode 100644 index 0000000..1e678e4 --- /dev/null +++ b/Help/envvar/SSL_CERT_DIR.rst @@ -0,0 +1,9 @@ +SSL_CERT_DIR +------------ + +.. versionadded:: 3.25 + +.. include:: ENV_VAR.txt + +Specify default directory containing CA certificates. It overrides +the default CA directory used. diff --git a/Help/envvar/SSL_CERT_FILE.rst b/Help/envvar/SSL_CERT_FILE.rst new file mode 100644 index 0000000..23216c0 --- /dev/null +++ b/Help/envvar/SSL_CERT_FILE.rst @@ -0,0 +1,9 @@ +SSL_CERT_FILE +------------- + +.. versionadded:: 3.25 + +.. include:: ENV_VAR.txt + +Specify the file name containing CA certificates. It overrides the +default, os-specific CA file used. diff --git a/Help/manual/cmake-env-variables.7.rst b/Help/manual/cmake-env-variables.7.rst index 737b22c..50fcf75 100644 --- a/Help/manual/cmake-env-variables.7.rst +++ b/Help/manual/cmake-env-variables.7.rst @@ -21,6 +21,8 @@ Environment Variables that Change Behavior :maxdepth: 1 /envvar/CMAKE_PREFIX_PATH + /envvar/SSL_CERT_DIR + /envvar/SSL_CERT_FILE Environment Variables that Control the Build ============================================ diff --git a/Help/release/dev/env-tls-certs.rst b/Help/release/dev/env-tls-certs.rst new file mode 100644 index 0000000..4afadb4 --- /dev/null +++ b/Help/release/dev/env-tls-certs.rst @@ -0,0 +1,6 @@ +env-tls-certs +------------- + +* The :envvar:`SSL_CERT_FILE` and :envvar:`SSL_CERT_DIR` environment + variables are now used to find certificate authorities for TLS/SSL + operations. diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index 28ee24d..fd6aee1 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -34,10 +34,21 @@ std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile) { std::string e; + std::string env_ca; if (!cafile.empty()) { ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str()); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } + /* Honor the user-configurable OpenSSL environment variables. */ + else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca) && + cmSystemTools::FileExists(env_ca, true)) { + ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, env_ca.c_str()); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca) && + cmSystemTools::FileIsDirectory(env_ca)) { + ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAPATH, env_ca.c_str()); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } #ifdef CMAKE_FIND_CAFILE # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt" else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) { |