diff options
| author | Bill Hoffman <bill.hoffman@kitware.com> | 2012-08-21 22:41:24 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2012-09-11 19:34:54 (GMT) |
| commit | e1c89f08bb78127e20383bffb3d28dfccbe816a0 (patch) | |
| tree | d68fea69e9381b99ba17fe7778ba7d8314576baf /Source/cmFileCommand.cxx | |
| parent | 073a73a3d8ee531253107253ad19296b1ed6d9ac (diff) | |
| download | CMake-e1c89f08bb78127e20383bffb3d28dfccbe816a0.zip CMake-e1c89f08bb78127e20383bffb3d28dfccbe816a0.tar.gz CMake-e1c89f08bb78127e20383bffb3d28dfccbe816a0.tar.bz2 | |
file(DOWNLOAD): Add options for SSL
Add the ability to request that downloads disable or enable Certificate
Authority checking with https ssl downloads. When the option to verify
the servers CA is disabled, one may verify download contents with SHA
hashes.
Diffstat (limited to 'Source/cmFileCommand.cxx')
| -rw-r--r-- | Source/cmFileCommand.cxx | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index b0c1070..bb12980 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2667,6 +2667,9 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) long inactivity_timeout = 0; std::string verboseLog; std::string statusVar; + std::string caFile; + bool checkSSL = false; + bool verifySSL = false; std::string expectedHash; std::string hashMatchMSG; cmsys::auto_ptr<cmCryptoHash> hash; @@ -2720,6 +2723,33 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) } statusVar = *i; } + else if(*i == "SSL_VERIFY") + { + ++i; + if(i != args.end()) + { + verifySSL = cmSystemTools::IsOn(i->c_str()); + checkSSL = true; + } + else + { + this->SetError("SSL_VERIFY missing bool value."); + return false; + } + } + else if(*i == "SSL_CAINFO_FILE") + { + ++i; + if(i != args.end()) + { + caFile = *i; + } + else + { + this->SetError("SSL_CAFILE missing file value."); + return false; + } + } else if(*i == "EXPECTED_MD5") { ++i; @@ -2835,6 +2865,43 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) cmFileCommandCurlDebugCallback); check_curl_result(res, "DOWNLOAD cannot set debug function: "); + // check to see if SSL verification is requested + const char* verifyValue = + this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER"); + // if there is a cmake variable or if the command has SSL_VERIFY requested + if(verifyValue || checkSSL) + { + // the args to the command come first + bool verify = verifySSL; + if(!verify && verifyValue) + { + verify = cmSystemTools::IsOn(verifyValue); + } + if(verify) + { + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); + check_curl_result(res, "Unable to set SSL Verify on: "); + } + else + { + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + check_curl_result(res, "Unable to set SSL Verify off: "); + } + } + // check to see if a CAINFO file has been specified + const char* cainfo = + this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE"); + // command arg comes first + if(caFile.size()) + { + cainfo = caFile.c_str(); + } + if(cainfo) + { + res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); + check_curl_result(res, "Unable to set SSL Verify CAINFO: "); + } + cmFileCommandVectorOfChar chunkDebug; res = ::curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&fout); |