ctest: Add explicit options for TLS server verification

Add a dedicated `TLSVerify` ctest option and a `CTEST_TLS_VERIFY`
variable to control it.  Deprecate `CurlOptions` because it exposes
internal implementation details.

5 files changed, 32 insertions, 0 deletions

diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst
index d08ee2c..7728cb4 100644
--- a/Help/manual/cmake-variables.7.rst
+++ b/Help/manual/cmake-variables.7.rst
@@ -728,6 +728,7 @@ Variables for CTest
    /variable/CTEST_SVN_UPDATE_OPTIONS
    /variable/CTEST_TEST_LOAD
    /variable/CTEST_TEST_TIMEOUT
+   /variable/CTEST_TLS_VERIFY
    /variable/CTEST_UPDATE_COMMAND
    /variable/CTEST_UPDATE_OPTIONS
    /variable/CTEST_UPDATE_VERSION_ONLY
diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst
index dff77f9..45ff6da 100644
--- a/Help/manual/ctest.1.rst
+++ b/Help/manual/ctest.1.rst
@@ -1452,6 +1452,10 @@ Configuration settings include:
   * :module:`CTest` module variable: ``CTEST_SUBMIT_RETRY_DELAY``
 
 ``CurlOptions``
+  .. deprecated:: 3.30
+
+    Use ``TLSVerify`` instead.
+
   Specify a semicolon-separated list of options to control the
   Curl library that CTest uses internally to connect to the
   server.
@@ -1547,6 +1551,15 @@ Configuration settings include:
   * `CTest Script`_ variable: :variable:`CTEST_SUBMIT_INACTIVITY_TIMEOUT`
   * :module:`CTest` module variable: ``CTEST_SUBMIT_INACTIVITY_TIMEOUT``
 
+``TLSVerify``
+  .. versionadded:: 3.30
+
+  Specify a boolean value indicating whether to verify the server
+  certificate when submitting to a dashboard via ``https://`` URLs.
+
+  * `CTest Script`_ variable: :variable:`CTEST_TLS_VERIFY`
+  * :module:`CTest` module variable: ``CTEST_TLS_VERIFY``
+
 ``TriggerSite``
   Legacy option.  Not used.
 
diff --git a/Help/release/dev/curl-tls-version.rst b/Help/release/dev/curl-tls-version.rst
index 4b7fe44..6adf189 100644
--- a/Help/release/dev/curl-tls-version.rst
+++ b/Help/release/dev/curl-tls-version.rst
@@ -15,3 +15,7 @@ curl-tls-version
   :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION`
   environment variable, to specify the minimum TLS version for connections
   to ``https://`` URLs.
+
+* The :command:`ctest_submit` command and :option:`ctest -T Submit <ctest -T>`
+  step gained a ``TLSVerify`` option to control negotiation with
+  ``https://`` URLs.  See the :variable:`CTEST_TLS_VERIFY` variable.
diff --git a/Help/variable/CTEST_CURL_OPTIONS.rst b/Help/variable/CTEST_CURL_OPTIONS.rst
index 14af4e4..45e84ed 100644
--- a/Help/variable/CTEST_CURL_OPTIONS.rst
+++ b/Help/variable/CTEST_CURL_OPTIONS.rst
@@ -1,6 +1,10 @@
 CTEST_CURL_OPTIONS
 ------------------
 
+.. deprecated:: 3.30
+
+  Use the :variable:`CTEST_TLS_VERIFY` variable instead.
+
 .. versionadded:: 3.1
 
 Specify the CTest ``CurlOptions`` setting
diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst
new file mode 100644
index 0000000..22133bd
--- /dev/null
+++ b/Help/variable/CTEST_TLS_VERIFY.rst
@@ -0,0 +1,10 @@
+CTEST_TLS_VERIFY
+----------------
+
+.. versionadded:: 3.30
+
+Specify the CTest ``TLSVerify`` setting in a :manual:`ctest(1)`
+:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code
+before including the :module:`CTest` module.  The value is a boolean
+indicating whether to  verify the server certificate when submitting
+to a dashboard via ``https://`` URLs.