diff options
| author | Brad King <brad.king@kitware.com> | 2024-09-27 12:02:13 (GMT) |
|---|---|---|
| committer | Kitware Robot <kwrobot@kitware.com> | 2024-09-27 12:03:01 (GMT) |
| commit | f7e2422c3e4361053d1ad9f1e009d3f078aa7b03 (patch) | |
| tree | 7a117808bbfcf9bc2b5cd1751e4c831c5bc635d7 /Source | |
| parent | 5701ba7484a917c11e256e0a7a95ccad1ee1acbc (diff) | |
| parent | 38390245a2ceebe6ece3859e887442b8cce01297 (diff) | |
| download | CMake-f7e2422c3e4361053d1ad9f1e009d3f078aa7b03.zip CMake-f7e2422c3e4361053d1ad9f1e009d3f078aa7b03.tar.gz CMake-f7e2422c3e4361053d1ad9f1e009d3f078aa7b03.tar.bz2 | |
Merge topic 'curl-tls-version'
38390245a2 ctest: Require minimum TLS 1.2 by default
5e1a59dc2b file(DOWNLOAD/UPLOAD): Require minimum TLS 1.2 by default
Acked-by: Kitware Robot <kwrobot@kitware.com>
Acked-by: buildbot <buildbot@kitware.com>
Merge-request: !9848
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/CTest/cmCTestCurl.cxx | 4 | ||||
| -rw-r--r-- | Source/cmFileCommand.cxx | 17 |
2 files changed, 21 insertions, 0 deletions
diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index d9dc3b2..b203a51 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -16,6 +16,7 @@ namespace { const bool TLS_VERIFY_DEFAULT = true; +const int TLS_VERSION_DEFAULT = CURL_SSLVERSION_TLSv1_2; } cmCTestCurl::cmCTestCurl(cmCTest* ctest) @@ -65,6 +66,9 @@ cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest) { this->TLSVersionOpt = cmCurlParseTLSVersion(ctest->GetCTestConfiguration("TLSVersion")); + if (!this->TLSVersionOpt.has_value()) { + this->TLSVersionOpt = TLS_VERSION_DEFAULT; + } std::string tlsVerify = ctest->GetCTestConfiguration("TLSVerify"); if (!tlsVerify.empty()) { diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index 30d92ca..92e6b3e 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -1741,6 +1741,7 @@ bool HandleNativePathCommand(std::vector<std::string> const& args, #if !defined(CMAKE_BOOTSTRAP) const bool TLS_VERIFY_DEFAULT = true; +const std::string TLS_VERSION_DEFAULT = "1.2"; // Stuff for curl download/upload using cmFileCommandVectorOfChar = std::vector<char>; @@ -2128,6 +2129,11 @@ bool HandleDownloadCommand(std::vector<std::string> const& args, tlsVersionOpt = std::move(v); } } + bool tlsVersionDefaulted = false; + if (!tlsVersionOpt.has_value()) { + tlsVersionOpt = TLS_VERSION_DEFAULT; + tlsVersionDefaulted = true; + } // Can't calculate hash if we don't save the file. // TODO Incrementally calculate hash in the write callback as the file is @@ -2212,6 +2218,9 @@ bool HandleDownloadCommand(std::vector<std::string> const& args, if (tlsVersionOpt.has_value()) { if (cm::optional<int> v = cmCurlParseTLSVersion(*tlsVersionOpt)) { res = ::curl_easy_setopt(curl, CURLOPT_SSLVERSION, *v); + if (tlsVersionDefaulted && res == CURLE_NOT_BUILT_IN) { + res = CURLE_OK; + } check_curl_result(res, cmStrCat("DOWNLOAD cannot set TLS/SSL version ", *tlsVersionOpt, ": ")); @@ -2554,6 +2563,11 @@ bool HandleUploadCommand(std::vector<std::string> const& args, tlsVersionOpt = std::move(v); } } + bool tlsVersionDefaulted = false; + if (!tlsVersionOpt.has_value()) { + tlsVersionOpt = TLS_VERSION_DEFAULT; + tlsVersionDefaulted = true; + } // Open file for reading: // @@ -2603,6 +2617,9 @@ bool HandleUploadCommand(std::vector<std::string> const& args, if (tlsVersionOpt.has_value()) { if (cm::optional<int> v = cmCurlParseTLSVersion(*tlsVersionOpt)) { res = ::curl_easy_setopt(curl, CURLOPT_SSLVERSION, *v); + if (tlsVersionDefaulted && res == CURLE_NOT_BUILT_IN) { + res = CURLE_OK; + } check_curl_result( res, cmStrCat("UPLOAD cannot set TLS/SSL version ", *tlsVersionOpt, ": ")); |