diff options
| -rw-r--r-- | Source/cmFileCommand.cxx | 67 | ||||
| -rw-r--r-- | Source/cmFileCommand.h | 11 |
2 files changed, 77 insertions, 1 deletions
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index b0c1070..bb12980 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2667,6 +2667,9 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) long inactivity_timeout = 0; std::string verboseLog; std::string statusVar; + std::string caFile; + bool checkSSL = false; + bool verifySSL = false; std::string expectedHash; std::string hashMatchMSG; cmsys::auto_ptr<cmCryptoHash> hash; @@ -2720,6 +2723,33 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) } statusVar = *i; } + else if(*i == "SSL_VERIFY") + { + ++i; + if(i != args.end()) + { + verifySSL = cmSystemTools::IsOn(i->c_str()); + checkSSL = true; + } + else + { + this->SetError("SSL_VERIFY missing bool value."); + return false; + } + } + else if(*i == "SSL_CAINFO_FILE") + { + ++i; + if(i != args.end()) + { + caFile = *i; + } + else + { + this->SetError("SSL_CAFILE missing file value."); + return false; + } + } else if(*i == "EXPECTED_MD5") { ++i; @@ -2835,6 +2865,43 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) cmFileCommandCurlDebugCallback); check_curl_result(res, "DOWNLOAD cannot set debug function: "); + // check to see if SSL verification is requested + const char* verifyValue = + this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER"); + // if there is a cmake variable or if the command has SSL_VERIFY requested + if(verifyValue || checkSSL) + { + // the args to the command come first + bool verify = verifySSL; + if(!verify && verifyValue) + { + verify = cmSystemTools::IsOn(verifyValue); + } + if(verify) + { + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); + check_curl_result(res, "Unable to set SSL Verify on: "); + } + else + { + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + check_curl_result(res, "Unable to set SSL Verify off: "); + } + } + // check to see if a CAINFO file has been specified + const char* cainfo = + this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE"); + // command arg comes first + if(caFile.size()) + { + cainfo = caFile.c_str(); + } + if(cainfo) + { + res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); + check_curl_result(res, "Unable to set SSL Verify CAINFO: "); + } + cmFileCommandVectorOfChar chunkDebug; res = ::curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&fout); diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h index ca2bdfd..413e2f4 100644 --- a/Source/cmFileCommand.h +++ b/Source/cmFileCommand.h @@ -84,7 +84,8 @@ public: " file(DOWNLOAD url file [INACTIVITY_TIMEOUT timeout]\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n" " [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n" - " [EXPECTED_MD5 sum])\n" + " [EXPECTED_MD5 sum]\n" + " [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n" " file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n" "WRITE will write a message into a file called 'filename'. It " @@ -175,6 +176,14 @@ public: "(EXPECTED_MD5 is short-hand for EXPECTED_HASH MD5.) " "If SHOW_PROGRESS is specified, progress information will be printed " "as status messages until the operation is complete. " + "For https URLs CMake must be built with OpenSSL. " + "SSL certificates are not checked by default. " + "Set SSL_VERIFY to ON to check certificates and/or use " + "EXPECTED_HASH to verify downloaded content. " + "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. " + "If either SSL option is not given CMake will check variables " + "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, " + "respectively." "\n" "UPLOAD will upload the given file to the given URL. " "If LOG var is specified a log of the upload will be put in var. " |