diff options
| author | Brad King <brad.king@kitware.com> | 2021-05-05 14:08:39 (GMT) |
|---|---|---|
| committer | Kitware Robot <kwrobot@kitware.com> | 2021-05-05 14:08:45 (GMT) |
| commit | 7973f9782800f9f2229d6c731d0aaff05b270d89 (patch) | |
| tree | 66b4a703ac9c6babaa45f880c3d0b952b43422a6 | |
| parent | 06d103889c641ce72f4d7e239eddb0a145a324f0 (diff) | |
| parent | 7398993f5b0444d6c7997d5bf14f96c982d07021 (diff) | |
| download | CMake-7973f9782800f9f2229d6c731d0aaff05b270d89.zip CMake-7973f9782800f9f2229d6c731d0aaff05b270d89.tar.gz CMake-7973f9782800f9f2229d6c731d0aaff05b270d89.tar.bz2 | |
Merge topic 'doc-tls'
7398993f5b Help: Document CMAKE_TLS_VERIFY variable explicitly
Acked-by: Kitware Robot <kwrobot@kitware.com>
Merge-request: !6064
| -rw-r--r-- | Help/command/file.rst | 2 | ||||
| -rw-r--r-- | Help/manual/cmake-variables.7.rst | 1 | ||||
| -rw-r--r-- | Help/variable/CMAKE_TLS_VERIFY.rst | 17 | ||||
| -rw-r--r-- | Modules/ExternalProject.cmake | 2 |
4 files changed, 20 insertions, 2 deletions
diff --git a/Help/command/file.rst b/Help/command/file.rst index e170526..f46e55a 100644 --- a/Help/command/file.rst +++ b/Help/command/file.rst @@ -1070,7 +1070,7 @@ If neither ``NETRC`` option is given CMake will check variables For ``https://`` URLs CMake must be built with OpenSSL support. ``TLS/SSL`` certificates are not checked by default. Set ``TLS_VERIFY`` to ``ON`` to check certificates. If neither ``TLS`` option is given CMake will check -variables ``CMAKE_TLS_VERIFY`` and ``CMAKE_TLS_CAINFO``, respectively. +variables :variable:`CMAKE_TLS_VERIFY` and ``CMAKE_TLS_CAINFO``, respectively. Additional options to ``DOWNLOAD`` are: diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst index 37ef053..c4aaa59 100644 --- a/Help/manual/cmake-variables.7.rst +++ b/Help/manual/cmake-variables.7.rst @@ -245,6 +245,7 @@ Variables that Change Behavior /variable/CMAKE_SYSTEM_LIBRARY_PATH /variable/CMAKE_SYSTEM_PREFIX_PATH /variable/CMAKE_SYSTEM_PROGRAM_PATH + /variable/CMAKE_TLS_VERIFY /variable/CMAKE_USER_MAKE_RULES_OVERRIDE /variable/CMAKE_WARN_DEPRECATED /variable/CMAKE_WARN_ON_ABSOLUTE_INSTALL_DESTINATION diff --git a/Help/variable/CMAKE_TLS_VERIFY.rst b/Help/variable/CMAKE_TLS_VERIFY.rst new file mode 100644 index 0000000..24f8a25 --- /dev/null +++ b/Help/variable/CMAKE_TLS_VERIFY.rst @@ -0,0 +1,17 @@ +CMAKE_TLS_VERIFY +---------------- + +Specify the default value for the :command:`file(DOWNLOAD)` and +:command:`file(UPLOAD)` commands' ``TLS_VERIFY`` options. +If not set, the default is *off*. + +This setting is also used by the :module:`ExternalProject` module +for internal calls to :command:`file(DOWNLOAD)`. + +TLS verification can help provide confidence that one is connecting +to the desired server. When downloading known content, one should +also use file hashes to verify it. + +.. code-block:: cmake + + set(CMAKE_TLS_VERIFY TRUE) diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index 56525080..45b6124 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -212,7 +212,7 @@ External Project Definition ``TLS_VERIFY <bool>`` Specifies whether certificate verification should be performed for https URLs. If this option is not provided, the default behavior is - determined by the ``CMAKE_TLS_VERIFY`` variable (see + determined by the :variable:`CMAKE_TLS_VERIFY` variable (see :command:`file(DOWNLOAD)`). If that is also not set, certificate verification will not be performed. In situations where ``URL_HASH`` cannot be provided, this option can be an alternative verification |