summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarry Mallon <hjmallon@gmail.com>2020-04-07 17:03:07 (GMT)
committerHarry Mallon <hjmallon@gmail.com>2020-04-08 14:15:49 (GMT)
commitbf94dcba7606a7ac0c44d9071636bdfb50c2cabf (patch)
treead8a3fd470474cc873e8dfd7332ca95f1a22c838
parent37fa5122c2c1e2138b9e01191dc3cc1800f6ba40 (diff)
downloadCMake-bf94dcba7606a7ac0c44d9071636bdfb50c2cabf.zip
CMake-bf94dcba7606a7ac0c44d9071636bdfb50c2cabf.tar.gz
CMake-bf94dcba7606a7ac0c44d9071636bdfb50c2cabf.tar.bz2
file(UPLOAD): Add support for TLS_VERIFY and TLS_CAINFO
* Improve and test err messages when TLS_VERIFY and TLS_CAINFO are not set in file(DOWNLOAD) and file(UPLOAD).
-rw-r--r--Help/command/file.rst25
-rw-r--r--Help/release/dev/file-upload-tls.rst5
-rw-r--r--Source/cmFileCommand.cxx41
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-result.txt1
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-stderr.txt4
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set.cmake1
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-result.txt1
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-stderr.txt4
-rw-r--r--Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set.cmake1
-rw-r--r--Tests/RunCMake/file/RunCMakeTest.cmake4
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-result.txt1
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-stderr.txt4
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set.cmake1
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-verify-not-set-result.txt1
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-verify-not-set-stderr.txt4
-rw-r--r--Tests/RunCMake/file/UPLOAD-tls-verify-not-set.cmake1
16 files changed, 80 insertions, 19 deletions
diff --git a/Help/command/file.rst b/Help/command/file.rst
index 6105219..bb560a9 100644
--- a/Help/command/file.rst
+++ b/Help/command/file.rst
@@ -836,6 +836,18 @@ Options to both ``DOWNLOAD`` and ``UPLOAD`` are:
If neither ``NETRC`` option is given CMake will check variables
``CMAKE_NETRC`` and ``CMAKE_NETRC_FILE``, respectively.
+``TLS_VERIFY <ON|OFF>``
+ Specify whether to verify the server certificate for ``https://`` URLs.
+ The default is to *not* verify.
+
+``TLS_CAINFO <file>``
+ Specify a custom Certificate Authority file for ``https://`` URLs.
+
+For ``https://`` URLs CMake must be built with OpenSSL support. ``TLS/SSL``
+certificates are not checked by default. Set ``TLS_VERIFY`` to ``ON`` to
+check certificates. If neither ``TLS`` option is given CMake will check
+variables ``CMAKE_TLS_VERIFY`` and ``CMAKE_TLS_CAINFO``, respectively.
+
Additional options to ``DOWNLOAD`` are:
``EXPECTED_HASH ALGO=<value>``
@@ -847,19 +859,6 @@ Additional options to ``DOWNLOAD`` are:
``EXPECTED_MD5 <value>``
Historical short-hand for ``EXPECTED_HASH MD5=<value>``.
-``TLS_VERIFY <ON|OFF>``
- Specify whether to verify the server certificate for ``https://`` URLs.
- The default is to *not* verify.
-
-``TLS_CAINFO <file>``
- Specify a custom Certificate Authority file for ``https://`` URLs.
-
-For ``https://`` URLs CMake must be built with OpenSSL support. ``TLS/SSL``
-certificates are not checked by default. Set ``TLS_VERIFY`` to ``ON`` to
-check certificates and/or use ``EXPECTED_HASH`` to verify downloaded content.
-If neither ``TLS`` option is given CMake will check variables
-``CMAKE_TLS_VERIFY`` and ``CMAKE_TLS_CAINFO``, respectively.
-
Locking
^^^^^^^
diff --git a/Help/release/dev/file-upload-tls.rst b/Help/release/dev/file-upload-tls.rst
new file mode 100644
index 0000000..e19be24
--- /dev/null
+++ b/Help/release/dev/file-upload-tls.rst
@@ -0,0 +1,5 @@
+file-upload-tls
+---------------
+
+* The :command:`file(UPLOAD)` command gained ``TLS_VERIFY`` and ``TLS_CAINFO``
+ options to control server certificate verification.
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 204e99f..af3c554 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -1610,7 +1610,7 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
if (i != args.end()) {
tls_verify = cmIsOn(*i);
} else {
- status.SetError("TLS_VERIFY missing bool value.");
+ status.SetError("DOWNLOAD missing bool value for TLS_VERIFY.");
return false;
}
} else if (*i == "TLS_CAINFO") {
@@ -1618,7 +1618,7 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
if (i != args.end()) {
cainfo = i->c_str();
} else {
- status.SetError("TLS_CAFILE missing file value.");
+ status.SetError("DOWNLOAD missing file value for TLS_CAINFO.");
return false;
}
} else if (*i == "NETRC_FILE") {
@@ -1760,11 +1760,12 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
// check to see if TLS verification is requested
if (tls_verify) {
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
- check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
+ check_curl_result(res, "DOWNLOAD cannot set TLS/SSL Verify on: ");
} else {
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
- check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
+ check_curl_result(res, "DOWNLOAD cannot set TLS/SSL Verify off: ");
}
+
// check to see if a CAINFO file has been specified
// command arg comes first
std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo);
@@ -1929,6 +1930,8 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
std::string logVar;
std::string statusVar;
bool showProgress = false;
+ bool tls_verify = status.GetMakefile().IsOn("CMAKE_TLS_VERIFY");
+ const char* cainfo = status.GetMakefile().GetDefinition("CMAKE_TLS_CAINFO");
std::string userpwd;
std::string netrc_level =
status.GetMakefile().GetSafeDefinition("CMAKE_NETRC");
@@ -1970,6 +1973,22 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
statusVar = *i;
} else if (*i == "SHOW_PROGRESS") {
showProgress = true;
+ } else if (*i == "TLS_VERIFY") {
+ ++i;
+ if (i != args.end()) {
+ tls_verify = cmIsOn(*i);
+ } else {
+ status.SetError("UPLOAD missing bool value for TLS_VERIFY.");
+ return false;
+ }
+ } else if (*i == "TLS_CAINFO") {
+ ++i;
+ if (i != args.end()) {
+ cainfo = i->c_str();
+ } else {
+ status.SetError("UPLOAD missing file value for TLS_CAINFO.");
+ return false;
+ }
} else if (*i == "NETRC_FILE") {
++i;
if (i != args.end()) {
@@ -2055,8 +2074,18 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
cmFileCommandCurlDebugCallback);
check_curl_result(res, "UPLOAD cannot set debug function: ");
- // make sure default CAInfo is set
- std::string const& cainfo_err = cmCurlSetCAInfo(curl, nullptr);
+ // check to see if TLS verification is requested
+ if (tls_verify) {
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
+ check_curl_result(res, "UPLOAD cannot set TLS/SSL Verify on: ");
+ } else {
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+ check_curl_result(res, "UPLOAD cannot set TLS/SSL Verify off: ");
+ }
+
+ // check to see if a CAINFO file has been specified
+ // command arg comes first
+ std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo);
if (!cainfo_err.empty()) {
status.SetError(cainfo_err);
return false;
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-result.txt b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-stderr.txt b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-stderr.txt
new file mode 100644
index 0000000..1552baa
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set-stderr.txt
@@ -0,0 +1,4 @@
+^CMake Error at DOWNLOAD-tls-cainfo-not-set.cmake:[0-9]+ \(file\):
+ file DOWNLOAD missing file value for TLS_CAINFO.
+Call Stack \(most recent call first\):
+ CMakeLists.txt:[0-9]+ \(include\)$
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set.cmake b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set.cmake
new file mode 100644
index 0000000..b476425
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-cainfo-not-set.cmake
@@ -0,0 +1 @@
+file(DOWNLOAD "" "" TLS_CAINFO)
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-result.txt b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-stderr.txt b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-stderr.txt
new file mode 100644
index 0000000..2f46c0c
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set-stderr.txt
@@ -0,0 +1,4 @@
+^CMake Error at DOWNLOAD-tls-verify-not-set.cmake:[0-9]+ \(file\):
+ file DOWNLOAD missing bool value for TLS_VERIFY.
+Call Stack \(most recent call first\):
+ CMakeLists.txt:[0-9]+ \(include\)$
diff --git a/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set.cmake b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set.cmake
new file mode 100644
index 0000000..919368c
--- /dev/null
+++ b/Tests/RunCMake/file/DOWNLOAD-tls-verify-not-set.cmake
@@ -0,0 +1 @@
+file(DOWNLOAD "" "" TLS_VERIFY)
diff --git a/Tests/RunCMake/file/RunCMakeTest.cmake b/Tests/RunCMake/file/RunCMakeTest.cmake
index f5461ad..a4de1d3 100644
--- a/Tests/RunCMake/file/RunCMakeTest.cmake
+++ b/Tests/RunCMake/file/RunCMakeTest.cmake
@@ -8,6 +8,8 @@ run_cmake(DOWNLOAD-hash-mismatch)
run_cmake(DOWNLOAD-unused-argument)
run_cmake(DOWNLOAD-httpheader-not-set)
run_cmake(DOWNLOAD-netrc-bad)
+run_cmake(DOWNLOAD-tls-cainfo-not-set)
+run_cmake(DOWNLOAD-tls-verify-not-set)
run_cmake(DOWNLOAD-pass-not-set)
run_cmake(TOUCH)
run_cmake(TOUCH-error-in-source-directory)
@@ -15,6 +17,8 @@ run_cmake(TOUCH-error-missing-directory)
run_cmake(UPLOAD-unused-argument)
run_cmake(UPLOAD-httpheader-not-set)
run_cmake(UPLOAD-netrc-bad)
+run_cmake(UPLOAD-tls-cainfo-not-set)
+run_cmake(UPLOAD-tls-verify-not-set)
run_cmake(UPLOAD-pass-not-set)
run_cmake(INSTALL-DIRECTORY)
run_cmake(INSTALL-FILES_FROM_DIR)
diff --git a/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-result.txt b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-stderr.txt b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-stderr.txt
new file mode 100644
index 0000000..a5fa4e8
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set-stderr.txt
@@ -0,0 +1,4 @@
+^CMake Error at UPLOAD-tls-cainfo-not-set.cmake:[0-9]+ \(file\):
+ file UPLOAD missing file value for TLS_CAINFO.
+Call Stack \(most recent call first\):
+ CMakeLists.txt:[0-9]+ \(include\)$
diff --git a/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set.cmake b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set.cmake
new file mode 100644
index 0000000..8eb7c83
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-cainfo-not-set.cmake
@@ -0,0 +1 @@
+file(UPLOAD "" "" TLS_CAINFO)
diff --git a/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-result.txt b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-stderr.txt b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-stderr.txt
new file mode 100644
index 0000000..c4dffcd
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set-stderr.txt
@@ -0,0 +1,4 @@
+^CMake Error at UPLOAD-tls-verify-not-set.cmake:[0-9]+ \(file\):
+ file UPLOAD missing bool value for TLS_VERIFY.
+Call Stack \(most recent call first\):
+ CMakeLists.txt:[0-9]+ \(include\)$
diff --git a/Tests/RunCMake/file/UPLOAD-tls-verify-not-set.cmake b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set.cmake
new file mode 100644
index 0000000..8b9d293
--- /dev/null
+++ b/Tests/RunCMake/file/UPLOAD-tls-verify-not-set.cmake
@@ -0,0 +1 @@
+file(UPLOAD "" "" TLS_VERIFY)