summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CMakeLists.txt7
-rw-r--r--Help/release/dev/curl-default-cainfo.rst8
-rw-r--r--Source/CMakeLists.txt8
-rw-r--r--Source/CTest/cmCTestSubmitHandler.cxx3
-rw-r--r--Source/cmCTest.cxx3
-rw-r--r--Source/cmCurl.cxx64
-rw-r--r--Source/cmCurl.h21
-rw-r--r--Source/cmFileCommand.cxx9
-rw-r--r--Utilities/cmcurl/CMakeLists.txt9
-rw-r--r--Utilities/cmcurl/lib/curl_config.h.cmake6
10 files changed, 121 insertions, 17 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bdc160d..28fd02f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -287,6 +287,13 @@ macro (CMAKE_BUILD_UTILITIES)
if(CMAKE_TESTS_CDASH_SERVER)
set(CMAKE_CURL_TEST_URL "${CMAKE_TESTS_CDASH_SERVER}/user.php")
endif()
+ option(CMAKE_USE_OPENSSL "Use OpenSSL." OFF)
+ mark_as_advanced(CMAKE_USE_OPENSSL)
+ if(CMAKE_USE_OPENSSL)
+ set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
+ set(CURL_CA_PATH "" CACHE PATH "Path to SSL CA Certificate Directory")
+ mark_as_advanced(CURL_CA_BUNDLE CURL_CA_PATH)
+ endif()
add_subdirectory(Utilities/cmcurl)
CMAKE_SET_TARGET_FOLDER(cmcurl "Utilities/3rdParty")
CMAKE_SET_TARGET_FOLDER(LIBCURL "Utilities/3rdParty")
diff --git a/Help/release/dev/curl-default-cainfo.rst b/Help/release/dev/curl-default-cainfo.rst
new file mode 100644
index 0000000..ed45d36
--- /dev/null
+++ b/Help/release/dev/curl-default-cainfo.rst
@@ -0,0 +1,8 @@
+curl-default-cainfo
+-------------------
+
+* When CMake is built with OpenSSL on systems other than Windows
+ and OS X, commands supporting network communication via ``https``,
+ such as :command:`file(DOWNLOAD)`, :command:`file(UPLOAD)`, and
+ :command:`ctest_submit`, now search for OS-configured certificate
+ authorities in a few ``/etc`` paths to be trusted automatically.
diff --git a/Source/CMakeLists.txt b/Source/CMakeLists.txt
index c04cf9a..07839f3 100644
--- a/Source/CMakeLists.txt
+++ b/Source/CMakeLists.txt
@@ -175,6 +175,8 @@ set(SRCS
cmCPackPropertiesGenerator.cxx
cmCryptoHash.cxx
cmCryptoHash.h
+ cmCurl.cxx
+ cmCurl.h
cmCustomCommand.cxx
cmCustomCommand.h
cmCustomCommandGenerator.cxx
@@ -497,6 +499,12 @@ if(WIN32 AND NOT CYGWIN)
install(TARGETS cmcldeps DESTINATION bin)
endif()
+foreach(v CURL_CA_BUNDLE CURL_CA_PATH)
+ if(${v})
+ set_property(SOURCE cmCurl.cxx APPEND PROPERTY COMPILE_DEFINITIONS ${v}="${${v}}")
+ endif()
+endforeach()
+
# create a library used by the command line and the GUI
add_library(CMakeLib ${SRCS})
target_link_libraries(CMakeLib cmsys
diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx
index 11e3343..3d9545f 100644
--- a/Source/CTest/cmCTestSubmitHandler.cxx
+++ b/Source/CTest/cmCTestSubmitHandler.cxx
@@ -26,7 +26,7 @@
#include <cm_jsoncpp_reader.h>
// For curl submission
-#include "cm_curl.h"
+#include "cmCurl.h"
#include "cmCTestCurl.h"
#include <sys/stat.h>
@@ -366,6 +366,7 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(const std::string& localprefix,
curl = curl_easy_init();
if(curl)
{
+ cmCurlSetCAInfo(curl);
if(verifyPeerOff)
{
cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
diff --git a/Source/cmCTest.cxx b/Source/cmCTest.cxx
index 1ef4c92..f08b87c 100644
--- a/Source/cmCTest.cxx
+++ b/Source/cmCTest.cxx
@@ -9,7 +9,7 @@
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License for more information.
============================================================================*/
-#include "cm_curl.h"
+#include "cmCurl.h" // include before anything that includes windows.h
#include "cmCTest.h"
#include "cmake.h"
@@ -192,6 +192,7 @@ int cmCTest::HTTPRequest(std::string url, HTTPMethod method,
FILE* file;
::curl_global_init(CURL_GLOBAL_ALL);
curl = ::curl_easy_init();
+ cmCurlSetCAInfo(curl);
//set request options based on method
switch(method)
diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx
new file mode 100644
index 0000000..96d3547
--- /dev/null
+++ b/Source/cmCurl.cxx
@@ -0,0 +1,64 @@
+/*============================================================================
+ CMake - Cross Platform Makefile Generator
+ Copyright 2000-2015 Kitware, Inc., Insight Software Consortium
+
+ Distributed under the OSI-approved BSD License (the "License");
+ see accompanying file Copyright.txt for details.
+
+ This software is distributed WITHOUT ANY WARRANTY; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License for more information.
+============================================================================*/
+#include "cmCurl.h"
+#include "cmSystemTools.h"
+
+#define check_curl_result(result, errstr) \
+ if (result != CURLE_OK) \
+ { \
+ e += e.empty()? "" : "\n"; \
+ e += errstr; \
+ e += ::curl_easy_strerror(result); \
+ }
+
+//----------------------------------------------------------------------------
+std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile)
+{
+ std::string e;
+ if(cafile && *cafile)
+ {
+ ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+#if !defined(CMAKE_USE_SYSTEM_CURL) && \
+ !defined(_WIN32) && !defined(__APPLE__) && \
+ !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
+# define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
+ else if(cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+# undef CMAKE_CAFILE_FEDORA
+ else
+ {
+# define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
+ if(cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+# undef CMAKE_CAFILE_COMMON
+# define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
+ if(cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
+ }
+# undef CMAKE_CAPATH_COMMON
+ }
+#endif
+ return e;
+}
diff --git a/Source/cmCurl.h b/Source/cmCurl.h
new file mode 100644
index 0000000..0c5609c
--- /dev/null
+++ b/Source/cmCurl.h
@@ -0,0 +1,21 @@
+/*============================================================================
+ CMake - Cross Platform Makefile Generator
+ Copyright 2000-2015 Kitware, Inc., Insight Software Consortium
+
+ Distributed under the OSI-approved BSD License (the "License");
+ see accompanying file Copyright.txt for details.
+
+ This software is distributed WITHOUT ANY WARRANTY; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License for more information.
+============================================================================*/
+#ifndef cmCurl_h
+#define cmCurl_h
+
+#include <cmsys/Configure.h>
+#include "cm_curl.h"
+#include "cmStandardIncludes.h"
+
+std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile = 0);
+
+#endif
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 2c92db2..f125292 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -20,7 +20,7 @@
#include "cmTimestamp.h"
#if defined(CMAKE_BUILD_WITH_CMAKE)
-#include "cm_curl.h"
+#include "cmCurl.h"
#include "cmFileLockResult.h"
#endif
@@ -3068,10 +3068,11 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
// check to see if a CAINFO file has been specified
// command arg comes first
- if(cainfo && *cainfo)
+ std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo);
+ if (!cainfo_err.empty())
{
- res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
- check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ this->SetError(cainfo_err);
+ return false;
}
cmFileCommandVectorOfChar chunkDebug;
diff --git a/Utilities/cmcurl/CMakeLists.txt b/Utilities/cmcurl/CMakeLists.txt
index 0db741e..08bdff5 100644
--- a/Utilities/cmcurl/CMakeLists.txt
+++ b/Utilities/cmcurl/CMakeLists.txt
@@ -425,9 +425,6 @@ endif()
#-----------------------------------------------------------------------------
-option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" OFF)
-mark_as_advanced(CMAKE_USE_OPENSSL)
-
set(USE_SSLEAY OFF)
set(USE_OPENSSL OFF)
set(HAVE_LIBCRYPTO OFF)
@@ -454,11 +451,13 @@ if(CMAKE_USE_OPENSSL)
check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H)
# Optionally build with a specific CA cert bundle.
- set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
- mark_as_advanced(CURL_CA_BUNDLE)
if(CURL_CA_BUNDLE)
add_definitions(-DCURL_CA_BUNDLE="${CURL_CA_BUNDLE}")
endif()
+ # Optionally build with a specific CA cert dir.
+ if(CURL_CA_PATH)
+ add_definitions(-DCURL_CA_PATH="${CURL_CA_PATH}")
+ endif()
endif(OPENSSL_FOUND)
elseif(WIN32)
# Use Windows SSL/TLS native implementation.
diff --git a/Utilities/cmcurl/lib/curl_config.h.cmake b/Utilities/cmcurl/lib/curl_config.h.cmake
index b5db3b6..a561c3d 100644
--- a/Utilities/cmcurl/lib/curl_config.h.cmake
+++ b/Utilities/cmcurl/lib/curl_config.h.cmake
@@ -3,12 +3,6 @@
/* when building libcurl itself */
#cmakedefine BUILDING_LIBCURL 1
-/* Location of default ca bundle */
-#cmakedefine CURL_CA_BUNDLE ${CURL_CA_BUNDLE}
-
-/* Location of default ca path */
-#cmakedefine CURL_CA_PATH ${CURL_CA_PATH}
-
/* to disable cookies support */
#cmakedefine CURL_DISABLE_COOKIES 1