Merge topic 'cleanup-TLS-and-SSL-interface'

7369a8f file(DOWNLOAD): Make TLS options behave as documented
131d91a Rename SSL terminology to TLS

3 files changed, 45 insertions, 65 deletions

diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake
index d2e00a8..3923685 100644
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@@ -26,8 +26,8 @@
 #    [URL /.../src.tgz]          # Full path or URL of source
 #    [URL_HASH ALGO=value]       # Hash of file at URL
 #    [URL_MD5 md5]               # Equivalent to URL_HASH MD5=md5
-#    [SSL_VERIFYPEER bool]       # Should certificate for https be checked
-#    [CAINFO_FILE file]          # Path to a certificate authority file
+#    [TLS_VERIFY bool]           # Should certificate for https be checked
+#    [TLS_CAINFO file]           # Path to a certificate authority file
 #    [TIMEOUT seconds]           # Time allowed for file download operations
 #   #--Update/Patch step----------
 #    [UPDATE_COMMAND cmd...]     # Source work-tree update command
@@ -401,7 +401,7 @@ endif()
 endfunction()
 
 
-function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
+function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
   if(timeout)
     set(timeout_args TIMEOUT ${timeout})
     set(timeout_msg "${timeout} seconds")
@@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
     set(hash_args "# no EXPECTED_HASH")
   endif()
   # check for curl globals in the project
-  if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
-    set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
+  if(DEFINED CMAKE_TLS_VERIFY)
+    set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
   endif()
-  if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
-    set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
+  if(DEFINED CMAKE_TLS_CAINFO)
+    set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
   endif()
 
   # now check for curl locals so that the local values
   # will override the globals
 
-  # check for ssl_verify argument
-  string(LENGTH "${ssl_verify}" ssl_verify_len)
-  if(ssl_verify_len GREATER 0)
-    set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
+  # check for tls_verify argument
+  string(LENGTH "${tls_verify}" tls_verify_len)
+  if(tls_verify_len GREATER 0)
+    set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
   endif()
-  # check for cainfo_file argument
-  string(LENGTH "${cainfo_file}" cainfo_file_len)
-  if(cainfo_file_len GREATER 0)
-    set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
+  # check for tls_cainfo argument
+  string(LENGTH "${tls_cainfo}" tls_cainfo_len)
+  if(tls_cainfo_len GREATER 0)
+    set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
   endif()
 
   file(WRITE ${script_filename}
@@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
      dst='${local}'
      timeout='${timeout_msg}'\")
 
-${ssl_verify}
-${ssl_cainfo}
+${tls_verify}
+${tls_cainfo}
 
 file(DOWNLOAD
   \"${remote}\"
@@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
         string(REPLACE ";" "-" fname "${fname}")
         set(file ${download_dir}/${fname})
         get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
-        get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
-        get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
+        get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
+        get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
         _ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
-          "${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
+          "${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
         set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
           COMMAND)
         set(comment "Performing download step (download, verify and extract) for '${name}'")
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index bb12980..4d9eb79 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
   long inactivity_timeout = 0;
   std::string verboseLog;
   std::string statusVar;
-  std::string caFile;
-  bool checkSSL = false;
-  bool verifySSL = false;
+  bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
+  const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
   std::string expectedHash;
   std::string hashMatchMSG;
   cmsys::auto_ptr<cmCryptoHash> hash;
@@ -2723,30 +2722,29 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
         }
       statusVar = *i;
       }
-    else if(*i == "SSL_VERIFY")
+    else if(*i == "TLS_VERIFY")
       {
       ++i;
       if(i != args.end())
         {
-        verifySSL = cmSystemTools::IsOn(i->c_str());
-        checkSSL = true;
+        tls_verify = cmSystemTools::IsOn(i->c_str());
         }
       else
         {
-        this->SetError("SSL_VERIFY missing bool value.");
+        this->SetError("TLS_VERIFY missing bool value.");
         return false;
         }
       }
-    else if(*i == "SSL_CAINFO_FILE")
+    else if(*i == "TLS_CAINFO")
       {
       ++i;
       if(i != args.end())
         {
-        caFile = *i;
+        cainfo = i->c_str();
         }
       else
         {
-        this->SetError("SSL_CAFILE missing file value.");
+        this->SetError("TLS_CAFILE missing file value.");
         return false;
         }
       }
@@ -2865,41 +2863,23 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
                            cmFileCommandCurlDebugCallback);
   check_curl_result(res, "DOWNLOAD cannot set debug function: ");
 
-  // check to see if SSL verification is requested
-  const char* verifyValue =
-    this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
-  // if there is a cmake variable or if the command has SSL_VERIFY requested
-  if(verifyValue || checkSSL)
+  // check to see if TLS verification is requested
+  if(tls_verify)
     {
-    // the args to the command come first
-    bool verify = verifySSL;
-    if(!verify && verifyValue)
-      {
-      verify = cmSystemTools::IsOn(verifyValue);
-      }
-    if(verify)
-      {
-      res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
-      check_curl_result(res, "Unable to set SSL Verify on: ");
-      }
-    else
-      {
-      res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
-      check_curl_result(res, "Unable to set SSL Verify off: ");
-      }
+    res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
+    check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
     }
-  // check to see if a CAINFO file has been specified
-  const char* cainfo =
-    this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
-  // command arg comes first
-  if(caFile.size())
+  else
     {
-    cainfo = caFile.c_str();
+    res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+    check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
     }
-  if(cainfo)
+  // check to see if a CAINFO file has been specified
+  // command arg comes first
+  if(cainfo && *cainfo)
     {
     res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
-    check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
+    check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
     }
 
   cmFileCommandVectorOfChar chunkDebug;
diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h
index 413e2f4..bd6f612 100644
--- a/Source/cmFileCommand.h
+++ b/Source/cmFileCommand.h
@@ -85,7 +85,7 @@ public:
       "       [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
       "       [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
       "       [EXPECTED_MD5 sum]\n"
-      "       [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
+      "       [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
       "  file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
       "       [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
       "WRITE will write a message into a file called 'filename'. It "
@@ -177,12 +177,12 @@ public:
       "If SHOW_PROGRESS is specified, progress information will be printed "
       "as status messages until the operation is complete. "
       "For https URLs CMake must be built with OpenSSL.  "
-      "SSL certificates are not checked by default.  "
-      "Set SSL_VERIFY to ON to check certificates and/or use "
+      "TLS/SSL certificates are not checked by default.  "
+      "Set TLS_VERIFY to ON to check certificates and/or use "
       "EXPECTED_HASH to verify downloaded content.  "
-      "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file.  "
-      "If either SSL option is not given CMake will check variables "
-      "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
+      "Set TLS_CAINFO to specify a custom Certificate Authority file.  "
+      "If either TLS option is not given CMake will check variables "
+      "CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
       "respectively."
       "\n"
       "UPLOAD will upload the given file to the given URL. "