diff options
-rw-r--r-- | CMakeLists.txt | 7 | ||||
-rw-r--r-- | Help/release/dev/curl-default-cainfo.rst | 8 | ||||
-rw-r--r-- | Source/CMakeLists.txt | 8 | ||||
-rw-r--r-- | Source/CTest/cmCTestSubmitHandler.cxx | 3 | ||||
-rw-r--r-- | Source/cmCTest.cxx | 3 | ||||
-rw-r--r-- | Source/cmCurl.cxx | 64 | ||||
-rw-r--r-- | Source/cmCurl.h | 21 | ||||
-rw-r--r-- | Source/cmFileCommand.cxx | 9 | ||||
-rw-r--r-- | Utilities/cmcurl/CMakeLists.txt | 9 | ||||
-rw-r--r-- | Utilities/cmcurl/lib/curl_config.h.cmake | 6 |
10 files changed, 121 insertions, 17 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index bdc160d..28fd02f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -287,6 +287,13 @@ macro (CMAKE_BUILD_UTILITIES) if(CMAKE_TESTS_CDASH_SERVER) set(CMAKE_CURL_TEST_URL "${CMAKE_TESTS_CDASH_SERVER}/user.php") endif() + option(CMAKE_USE_OPENSSL "Use OpenSSL." OFF) + mark_as_advanced(CMAKE_USE_OPENSSL) + if(CMAKE_USE_OPENSSL) + set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle") + set(CURL_CA_PATH "" CACHE PATH "Path to SSL CA Certificate Directory") + mark_as_advanced(CURL_CA_BUNDLE CURL_CA_PATH) + endif() add_subdirectory(Utilities/cmcurl) CMAKE_SET_TARGET_FOLDER(cmcurl "Utilities/3rdParty") CMAKE_SET_TARGET_FOLDER(LIBCURL "Utilities/3rdParty") diff --git a/Help/release/dev/curl-default-cainfo.rst b/Help/release/dev/curl-default-cainfo.rst new file mode 100644 index 0000000..ed45d36 --- /dev/null +++ b/Help/release/dev/curl-default-cainfo.rst @@ -0,0 +1,8 @@ +curl-default-cainfo +------------------- + +* When CMake is built with OpenSSL on systems other than Windows + and OS X, commands supporting network communication via ``https``, + such as :command:`file(DOWNLOAD)`, :command:`file(UPLOAD)`, and + :command:`ctest_submit`, now search for OS-configured certificate + authorities in a few ``/etc`` paths to be trusted automatically. diff --git a/Source/CMakeLists.txt b/Source/CMakeLists.txt index c04cf9a..07839f3 100644 --- a/Source/CMakeLists.txt +++ b/Source/CMakeLists.txt @@ -175,6 +175,8 @@ set(SRCS cmCPackPropertiesGenerator.cxx cmCryptoHash.cxx cmCryptoHash.h + cmCurl.cxx + cmCurl.h cmCustomCommand.cxx cmCustomCommand.h cmCustomCommandGenerator.cxx @@ -497,6 +499,12 @@ if(WIN32 AND NOT CYGWIN) install(TARGETS cmcldeps DESTINATION bin) endif() +foreach(v CURL_CA_BUNDLE CURL_CA_PATH) + if(${v}) + set_property(SOURCE cmCurl.cxx APPEND PROPERTY COMPILE_DEFINITIONS ${v}="${${v}}") + endif() +endforeach() + # create a library used by the command line and the GUI add_library(CMakeLib ${SRCS}) target_link_libraries(CMakeLib cmsys diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx index 11e3343..3d9545f 100644 --- a/Source/CTest/cmCTestSubmitHandler.cxx +++ b/Source/CTest/cmCTestSubmitHandler.cxx @@ -26,7 +26,7 @@ #include <cm_jsoncpp_reader.h> // For curl submission -#include "cm_curl.h" +#include "cmCurl.h" #include "cmCTestCurl.h" #include <sys/stat.h> @@ -366,6 +366,7 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(const std::string& localprefix, curl = curl_easy_init(); if(curl) { + cmCurlSetCAInfo(curl); if(verifyPeerOff) { cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, diff --git a/Source/cmCTest.cxx b/Source/cmCTest.cxx index 1ef4c92..f08b87c 100644 --- a/Source/cmCTest.cxx +++ b/Source/cmCTest.cxx @@ -9,7 +9,7 @@ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more information. ============================================================================*/ -#include "cm_curl.h" +#include "cmCurl.h" // include before anything that includes windows.h #include "cmCTest.h" #include "cmake.h" @@ -192,6 +192,7 @@ int cmCTest::HTTPRequest(std::string url, HTTPMethod method, FILE* file; ::curl_global_init(CURL_GLOBAL_ALL); curl = ::curl_easy_init(); + cmCurlSetCAInfo(curl); //set request options based on method switch(method) diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx new file mode 100644 index 0000000..96d3547 --- /dev/null +++ b/Source/cmCurl.cxx @@ -0,0 +1,64 @@ +/*============================================================================ + CMake - Cross Platform Makefile Generator + Copyright 2000-2015 Kitware, Inc., Insight Software Consortium + + Distributed under the OSI-approved BSD License (the "License"); + see accompanying file Copyright.txt for details. + + This software is distributed WITHOUT ANY WARRANTY; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the License for more information. +============================================================================*/ +#include "cmCurl.h" +#include "cmSystemTools.h" + +#define check_curl_result(result, errstr) \ + if (result != CURLE_OK) \ + { \ + e += e.empty()? "" : "\n"; \ + e += errstr; \ + e += ::curl_easy_strerror(result); \ + } + +//---------------------------------------------------------------------------- +std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile) +{ + std::string e; + if(cafile && *cafile) + { + ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } +#if !defined(CMAKE_USE_SYSTEM_CURL) && \ + !defined(_WIN32) && !defined(__APPLE__) && \ + !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH) +# define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt" + else if(cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) + { + ::CURLcode res = + ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } +# undef CMAKE_CAFILE_FEDORA + else + { +# define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt" + if(cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true)) + { + ::CURLcode res = + ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } +# undef CMAKE_CAFILE_COMMON +# define CMAKE_CAPATH_COMMON "/etc/ssl/certs" + if(cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON)) + { + ::CURLcode res = + ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON); + check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: "); + } +# undef CMAKE_CAPATH_COMMON + } +#endif + return e; +} diff --git a/Source/cmCurl.h b/Source/cmCurl.h new file mode 100644 index 0000000..0c5609c --- /dev/null +++ b/Source/cmCurl.h @@ -0,0 +1,21 @@ +/*============================================================================ + CMake - Cross Platform Makefile Generator + Copyright 2000-2015 Kitware, Inc., Insight Software Consortium + + Distributed under the OSI-approved BSD License (the "License"); + see accompanying file Copyright.txt for details. + + This software is distributed WITHOUT ANY WARRANTY; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the License for more information. +============================================================================*/ +#ifndef cmCurl_h +#define cmCurl_h + +#include <cmsys/Configure.h> +#include "cm_curl.h" +#include "cmStandardIncludes.h" + +std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile = 0); + +#endif diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index 2c92db2..f125292 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -20,7 +20,7 @@ #include "cmTimestamp.h" #if defined(CMAKE_BUILD_WITH_CMAKE) -#include "cm_curl.h" +#include "cmCurl.h" #include "cmFileLockResult.h" #endif @@ -3068,10 +3068,11 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) } // check to see if a CAINFO file has been specified // command arg comes first - if(cainfo && *cainfo) + std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo); + if (!cainfo_err.empty()) { - res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); - check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + this->SetError(cainfo_err); + return false; } cmFileCommandVectorOfChar chunkDebug; diff --git a/Utilities/cmcurl/CMakeLists.txt b/Utilities/cmcurl/CMakeLists.txt index 0db741e..08bdff5 100644 --- a/Utilities/cmcurl/CMakeLists.txt +++ b/Utilities/cmcurl/CMakeLists.txt @@ -425,9 +425,6 @@ endif() #----------------------------------------------------------------------------- -option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" OFF) -mark_as_advanced(CMAKE_USE_OPENSSL) - set(USE_SSLEAY OFF) set(USE_OPENSSL OFF) set(HAVE_LIBCRYPTO OFF) @@ -454,11 +451,13 @@ if(CMAKE_USE_OPENSSL) check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) # Optionally build with a specific CA cert bundle. - set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle") - mark_as_advanced(CURL_CA_BUNDLE) if(CURL_CA_BUNDLE) add_definitions(-DCURL_CA_BUNDLE="${CURL_CA_BUNDLE}") endif() + # Optionally build with a specific CA cert dir. + if(CURL_CA_PATH) + add_definitions(-DCURL_CA_PATH="${CURL_CA_PATH}") + endif() endif(OPENSSL_FOUND) elseif(WIN32) # Use Windows SSL/TLS native implementation. diff --git a/Utilities/cmcurl/lib/curl_config.h.cmake b/Utilities/cmcurl/lib/curl_config.h.cmake index b5db3b6..a561c3d 100644 --- a/Utilities/cmcurl/lib/curl_config.h.cmake +++ b/Utilities/cmcurl/lib/curl_config.h.cmake @@ -3,12 +3,6 @@ /* when building libcurl itself */ #cmakedefine BUILDING_LIBCURL 1 -/* Location of default ca bundle */ -#cmakedefine CURL_CA_BUNDLE ${CURL_CA_BUNDLE} - -/* Location of default ca path */ -#cmakedefine CURL_CA_PATH ${CURL_CA_PATH} - /* to disable cookies support */ #cmakedefine CURL_DISABLE_COOKIES 1 |