diff options
26 files changed, 168 insertions, 129 deletions
diff --git a/.gitlab/ci/configure_debian10_aarch64_ninja.cmake b/.gitlab/ci/configure_debian10_aarch64_ninja.cmake index 808f91d..7407959 100644 --- a/.gitlab/ci/configure_debian10_aarch64_ninja.cmake +++ b/.gitlab/ci/configure_debian10_aarch64_ninja.cmake @@ -74,6 +74,7 @@ set(CMake_TEST_IPO_WORKS_CXX "ON" CACHE BOOL "") set(CMake_TEST_IPO_WORKS_Fortran "ON" CACHE BOOL "") set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "") set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake") diff --git a/.gitlab/ci/configure_debian10_ninja.cmake b/.gitlab/ci/configure_debian10_ninja.cmake index acada17..e8d6d55 100644 --- a/.gitlab/ci/configure_debian10_ninja.cmake +++ b/.gitlab/ci/configure_debian10_ninja.cmake @@ -80,6 +80,7 @@ set(CMake_TEST_IPO_WORKS_CXX "ON" CACHE BOOL "") set(CMake_TEST_IPO_WORKS_Fortran "ON" CACHE BOOL "") set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "") set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") if (NOT "$ENV{SWIFTC}" STREQUAL "") diff --git a/.gitlab/ci/configure_fedora37_makefiles.cmake b/.gitlab/ci/configure_fedora37_makefiles.cmake index 6cd3d35..725cc46 100644 --- a/.gitlab/ci/configure_fedora37_makefiles.cmake +++ b/.gitlab/ci/configure_fedora37_makefiles.cmake @@ -80,6 +80,7 @@ if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake") diff --git a/.gitlab/ci/configure_fedora37_ninja.cmake b/.gitlab/ci/configure_fedora37_ninja.cmake index 3defa5a..5b40677 100644 --- a/.gitlab/ci/configure_fedora37_ninja.cmake +++ b/.gitlab/ci/configure_fedora37_ninja.cmake @@ -2,6 +2,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") # "Release" flags without "-DNDEBUG" so we get assertions. set(CMAKE_C_FLAGS_RELEASE "-O3" CACHE STRING "") diff --git a/.gitlab/ci/configure_macos_arm64_ninja.cmake b/.gitlab/ci/configure_macos_arm64_ninja.cmake index 1a41bc3..f59b43c 100644 --- a/.gitlab/ci/configure_macos_arm64_ninja.cmake +++ b/.gitlab/ci/configure_macos_arm64_ninja.cmake @@ -2,5 +2,6 @@ set(CMake_TEST_FindOpenMP "ON" CACHE BOOL "") set(CMake_TEST_FindOpenMP_C "ON" CACHE BOOL "") set(CMake_TEST_FindOpenMP_CXX "ON" CACHE BOOL "") set(CMake_TEST_GUI "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake index 113fe56..3c5d8fe 100644 --- a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake +++ b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake @@ -5,6 +5,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_macos_x86_64_ninja.cmake b/.gitlab/ci/configure_macos_x86_64_ninja.cmake index 113fe56..3c5d8fe 100644 --- a/.gitlab/ci/configure_macos_x86_64_ninja.cmake +++ b/.gitlab/ci/configure_macos_x86_64_ninja.cmake @@ -5,6 +5,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake index 722e009..a12ee6c 100644 --- a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake +++ b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake @@ -1,5 +1,6 @@ # Qt host tools are not yet available natively on windows-arm64. set(CMake_TEST_GUI "OFF" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(BUILD_QtDialog "OFF" CACHE BOOL "") set(CMAKE_PREFIX_PATH "" CACHE STRING "") diff --git a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake index f5a6d80..5bf0be8 100644 --- a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake +++ b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake @@ -1,6 +1,7 @@ if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_vs_common_ninja.cmake") diff --git a/Help/manual/cmake-configure-log.7.rst b/Help/manual/cmake-configure-log.7.rst index 72d4093..4d64506 100644 --- a/Help/manual/cmake-configure-log.7.rst +++ b/Help/manual/cmake-configure-log.7.rst @@ -12,18 +12,24 @@ cmake-configure-log(7) Introduction ============ -CMake writes a running log, known as the configure log, -of certain events that occur during the "configure" step. -The log file is located at:: - - ${CMAKE_BINARY_DIR}/CMakeFiles/CMakeConfigureLog.yaml - +CMake writes a running log, known as the *configure log*, +of certain events that occur during the Configure step. The configure log does *not* contain a log of all output, errors, or messages printed while configuring a project. It is a log of detailed information about specific events, such as toolchain inspection by :command:`try_compile`, meant for use in debugging the configuration of a build tree. +For human use, this version of CMake writes the configure log to the file:: + + ${CMAKE_BINARY_DIR}/CMakeFiles/CMakeConfigureLog.yaml + +However, the *location and name of the log file may change* in future +versions of CMake. Tools that read the configure log should get its +location using a :ref:`configureLog <file-api configureLog>` query to +the :manual:`cmake-file-api(7)`. +See the `Log Versioning`_ section below for details. + Log Structure ============= diff --git a/Help/manual/cmake-gui.1.rst b/Help/manual/cmake-gui.1.rst index cdb860f..367b0a7 100644 --- a/Help/manual/cmake-gui.1.rst +++ b/Help/manual/cmake-gui.1.rst @@ -11,7 +11,7 @@ Synopsis cmake-gui [<options>] cmake-gui [<options>] <path-to-source | path-to-existing-build> cmake-gui [<options>] -S <path-to-source> -B <path-to-build> - cmake-gui [<options>] --browse-manual + cmake-gui [<options>] --browse-manual [<filename>] Description =========== @@ -46,9 +46,11 @@ Options Name of the preset to use from the project's :manual:`presets <cmake-presets(7)>` files, if it has them. -.. option:: --browse-manual +.. option:: --browse-manual [<filename>] - Open the CMake reference manual in a browser and immediately exit. + Open the CMake reference manual in a browser and immediately exit. If + ``<filename>`` is specified, open that file within the reference manual + instead of ``index.html``. .. include:: OPTIONS_HELP.txt diff --git a/Help/prop_tgt/LANG_CLANG_TIDY_EXPORT_FIXES_DIR.rst b/Help/prop_tgt/LANG_CLANG_TIDY_EXPORT_FIXES_DIR.rst index 265fade..fc88f0f 100644 --- a/Help/prop_tgt/LANG_CLANG_TIDY_EXPORT_FIXES_DIR.rst +++ b/Help/prop_tgt/LANG_CLANG_TIDY_EXPORT_FIXES_DIR.rst @@ -17,12 +17,12 @@ absolute directory, it is assumed to be relative to the target's binary directory. This property should be preferred over adding an ``--export-fixes`` or ``--fix`` argument directly to the :prop_tgt:`<LANG>_CLANG_TIDY` property. -At generate-time, in order to avoid passing stale fixes from old code to -``clang-apply-replacements``, CMake will search the directory for any ``.yaml`` -files that won't be generated by ``clang-tidy`` during the build, and delete -them. In addition, just before running ``clang-tidy`` on a file, CMake will -delete that file's corresponding ``.yaml`` file in case ``clang-tidy`` doesn't -produce any fixes. +When this property is set, CMake takes ownership of the specified directory, +and may create, modify, or delete files and directories within the directory +at any time during configure or build time. Users should use a dedicated +directory for exporting clang-tidy fixes to avoid having files deleted or +overwritten by CMake. Users should not create, modify, or delete files in this +directory. This property is initialized by the value of the :variable:`CMAKE_<LANG>_CLANG_TIDY_EXPORT_FIXES_DIR` variable if it is set diff --git a/Source/CMakeVersion.cmake b/Source/CMakeVersion.cmake index 1b77599..abe02f3 100644 --- a/Source/CMakeVersion.cmake +++ b/Source/CMakeVersion.cmake @@ -1,7 +1,7 @@ # CMake version number components. set(CMake_VERSION_MAJOR 3) set(CMake_VERSION_MINOR 26) -set(CMake_VERSION_PATCH 20230209) +set(CMake_VERSION_PATCH 20230213) #set(CMake_VERSION_RC 0) set(CMake_VERSION_IS_DIRTY 0) diff --git a/Source/QtDialog/CMakeSetup.cxx b/Source/QtDialog/CMakeSetup.cxx index 50e8e3a..21ed8c8 100644 --- a/Source/QtDialog/CMakeSetup.cxx +++ b/Source/QtDialog/CMakeSetup.cxx @@ -34,7 +34,7 @@ const cmDocumentationEntry cmDocumentationUsage = { " cmake-gui [options] <path-to-source>\n" " cmake-gui [options] <path-to-existing-build>\n" " cmake-gui [options] -S <path-to-source> -B <path-to-build>\n" - " cmake-gui [options] --browse-manual" + " cmake-gui [options] --browse-manual [<filename>]" }; const cmDocumentationEntry cmDocumentationOptions[3] = { @@ -62,7 +62,7 @@ Q_IMPORT_PLUGIN(QWindowsVistaStylePlugin); int CMakeGUIExec(CMakeSetupDialog* window); void SetupDefaultQSettings(); -void OpenReferenceManual(); +void OpenReferenceManual(const QString& filename); int main(int argc, char** argv) { @@ -199,7 +199,12 @@ int main(int argc, char** argv) } presetName = preset.toStdString(); } else if (arg == "--browse-manual") { - OpenReferenceManual(); + ++i; + if (i >= args.size()) { + OpenReferenceManual("index.html"); + } else { + OpenReferenceManual(args[i]); + } return 0; } } diff --git a/Source/QtDialog/CMakeSetupDialog.cxx b/Source/QtDialog/CMakeSetupDialog.cxx index 3d4d726..8641407 100644 --- a/Source/QtDialog/CMakeSetupDialog.cxx +++ b/Source/QtDialog/CMakeSetupDialog.cxx @@ -42,7 +42,7 @@ #include "RegexExplorer.h" #include "WarningMessagesDialog.h" -void OpenReferenceManual() +void OpenReferenceManual(const QString& filename) { QString urlFormat("https://cmake.org/cmake/help/v%1.%2/"); QUrl url(urlFormat.arg(QString::number(cmVersion::GetMajorVersion()), @@ -51,7 +51,7 @@ void OpenReferenceManual() if (!cmSystemTools::GetHTMLDoc().empty()) { url = QUrl::fromLocalFile( QDir(QString::fromStdString(cmSystemTools::GetHTMLDoc())) - .filePath("index.html")); + .filePath(filename)); } QDesktopServices::openUrl(url); @@ -212,7 +212,8 @@ CMakeSetupDialog::CMakeSetupDialog() QObject::connect(a, &QAction::triggered, this, &CMakeSetupDialog::doHelp); a->setShortcut(QKeySequence::HelpContents); a = HelpMenu->addAction(tr("CMake Reference Manual")); - QObject::connect(a, &QAction::triggered, this, OpenReferenceManual); + QObject::connect(a, &QAction::triggered, this, + [] { OpenReferenceManual("index.html"); }); a = HelpMenu->addAction(tr("About")); QObject::connect(a, &QAction::triggered, this, &CMakeSetupDialog::doAbout); diff --git a/Source/kwsys/CMakeLists.txt b/Source/kwsys/CMakeLists.txt index c8ce900..2defc6c 100644 --- a/Source/kwsys/CMakeLists.txt +++ b/Source/kwsys/CMakeLists.txt @@ -631,7 +631,7 @@ endif() # selected components. Initialize with required components. set(KWSYS_CLASSES) set(KWSYS_H_FILES Configure) -set(KWSYS_HXX_FILES Configure String) +set(KWSYS_HXX_FILES Configure) # Add selected C++ classes. set(cppclasses diff --git a/Source/kwsys/CommandLineArguments.cxx b/Source/kwsys/CommandLineArguments.cxx index ccd5f6d..50171dd 100644 --- a/Source/kwsys/CommandLineArguments.cxx +++ b/Source/kwsys/CommandLineArguments.cxx @@ -4,20 +4,19 @@ #include KWSYS_HEADER(CommandLineArguments.hxx) #include KWSYS_HEADER(Configure.hxx) -#include KWSYS_HEADER(String.hxx) // Work-around CMake dependency scanning limitation. This must // duplicate the above list of headers. #if 0 # include "CommandLineArguments.hxx.in" # include "Configure.hxx.in" -# include "String.hxx.in" #endif #include <iostream> #include <map> #include <set> #include <sstream> +#include <string> #include <vector> #include <cstdio> @@ -52,14 +51,14 @@ struct CommandLineArgumentsCallbackStructure const char* Help; }; -class CommandLineArgumentsVectorOfStrings : public std::vector<kwsys::String> +class CommandLineArgumentsVectorOfStrings : public std::vector<std::string> { }; -class CommandLineArgumentsSetOfStrings : public std::set<kwsys::String> +class CommandLineArgumentsSetOfStrings : public std::set<std::string> { }; class CommandLineArgumentsMapOfStrucs - : public std::map<kwsys::String, CommandLineArgumentsCallbackStructure> + : public std::map<std::string, CommandLineArgumentsCallbackStructure> { }; @@ -70,7 +69,7 @@ public: using VectorOfStrings = CommandLineArgumentsVectorOfStrings; using CallbacksMap = CommandLineArgumentsMapOfStrucs; - using String = kwsys::String; + using String = std::string; using SetOfStrings = CommandLineArgumentsSetOfStrings; VectorOfStrings Argv; @@ -306,7 +305,7 @@ void CommandLineArguments::GetUnusedArguments(int* argc, char*** argv) // Copy everything after the LastArgument, since that was not parsed. for (cc = 0; cc < this->Internals->UnusedArguments.size(); cc++) { - kwsys::String& str = this->Internals->UnusedArguments[cc]; + std::string& str = this->Internals->UnusedArguments[cc]; args[cnt] = new char[str.size() + 1]; strcpy(args[cnt], str.c_str()); cnt++; diff --git a/Source/kwsys/String.hxx.in b/Source/kwsys/String.hxx.in deleted file mode 100644 index c36f4ce..0000000 --- a/Source/kwsys/String.hxx.in +++ /dev/null @@ -1,57 +0,0 @@ -/* Distributed under the OSI-approved BSD 3-Clause License. See accompanying - file Copyright.txt or https://cmake.org/licensing#kwsys for details. */ -#ifndef @KWSYS_NAMESPACE@_String_hxx -#define @KWSYS_NAMESPACE@_String_hxx - -#include <string> - -namespace @KWSYS_NAMESPACE@ { - -/** \class String - * \brief Short-name version of the STL basic_string class template. - * - * The standard library "string" type is actually a typedef for - * "basic_string<..long argument list..>". This string class is - * simply a subclass of this type with the same interface so that the - * name is shorter in debugging symbols and error messages. - */ -class String : public std::string -{ - /** The original string type. */ - typedef std::string stl_string; - -public: - /** String member types. */ - typedef stl_string::value_type value_type; - typedef stl_string::pointer pointer; - typedef stl_string::reference reference; - typedef stl_string::const_reference const_reference; - typedef stl_string::size_type size_type; - typedef stl_string::difference_type difference_type; - typedef stl_string::iterator iterator; - typedef stl_string::const_iterator const_iterator; - typedef stl_string::reverse_iterator reverse_iterator; - typedef stl_string::const_reverse_iterator const_reverse_iterator; - - /** String constructors. */ - String() - : stl_string() - { - } - String(const value_type* s) - : stl_string(s) - { - } - String(const value_type* s, size_type n) - : stl_string(s, n) - { - } - String(const stl_string& s, size_type pos = 0, size_type n = npos) - : stl_string(s, pos, n) - { - } -}; // End Class: String - -} // namespace @KWSYS_NAMESPACE@ - -#endif diff --git a/Tests/RunCMake/CMakeLists.txt b/Tests/RunCMake/CMakeLists.txt index a7a8295..930122c 100644 --- a/Tests/RunCMake/CMakeLists.txt +++ b/Tests/RunCMake/CMakeLists.txt @@ -469,7 +469,15 @@ add_RunCMake_test(ctest_fixtures) add_RunCMake_test(define_property) add_RunCMake_test(file -DCYGWIN=${CYGWIN} -DMSYS=${MSYS}) add_RunCMake_test(file-CHMOD -DMSYS=${MSYS}) -add_RunCMake_test(file-DOWNLOAD -DCMake_TEST_NO_NETWORK=${CMake_TEST_NO_NETWORK}) +foreach(var + CMake_TEST_NO_NETWORK + CMake_TEST_TLS_VERIFY_URL + ) + if(DEFINED ${var}) + list(APPEND file-DOWNLOAD_ARGS -D${var}=${${var}}) + endif() +endforeach() +add_RunCMake_test(file-DOWNLOAD) add_RunCMake_test(file-RPATH -DCMAKE_SYSTEM_NAME=${CMAKE_SYSTEM_NAME}) add_RunCMake_test(find_file) add_RunCMake_test(find_library -DCYGWIN=${CYGWIN} -DMSYS=${MSYS}) diff --git a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake index 565f440..d757eea 100644 --- a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake +++ b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake @@ -24,3 +24,8 @@ run_cmake(SHOW_PROGRESS) if(NOT CMake_TEST_NO_NETWORK) run_cmake(bad-hostname) endif() + +if(CMake_TEST_TLS_VERIFY_URL) + run_cmake(TLS_VERIFY-bad) + run_cmake_with_options(TLS_VERIFY-good -Durl=${CMake_TEST_TLS_VERIFY_URL}) +endif() diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt new file mode 100644 index 0000000..8f5d437 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt @@ -0,0 +1 @@ +-- (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake new file mode 100644 index 0000000..333f990 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake @@ -0,0 +1,6 @@ +file(DOWNLOAD https://expired.badssl.com TLS_VERIFY 1 STATUS status LOG log) +message(STATUS "${status}") +list(GET status 0 code) +if(NOT code MATCHES "^(35|60)$") + message("${log}") +endif() diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt new file mode 100644 index 0000000..348bb17 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt @@ -0,0 +1 @@ +-- 0;"No error" diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake new file mode 100644 index 0000000..279eb69 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake @@ -0,0 +1,6 @@ +file(DOWNLOAD ${url} TLS_VERIFY 1 STATUS status LOG log) +message(STATUS "${status}") +list(GET status 0 code) +if(NOT code EQUAL 0) + message("${log}") +endif() diff --git a/Utilities/cmcurl/lib/vtls/sectransp.c b/Utilities/cmcurl/lib/vtls/sectransp.c index ab79654..d903c53 100644 --- a/Utilities/cmcurl/lib/vtls/sectransp.c +++ b/Utilities/cmcurl/lib/vtls/sectransp.c @@ -136,6 +136,15 @@ /* The last #include file should be: */ #include "memdebug.h" + +#define DEBUG_CF 0 + +#if DEBUG_CF +#define CF_DEBUGF(x) x +#else +#define CF_DEBUGF(x) do { } while(0) +#endif + /* From MacTypes.h (which we can't include because it isn't present in iOS: */ #define ioErr -36 #define paramErr -50 @@ -838,6 +847,8 @@ static OSStatus bio_cf_in_read(SSLConnectionRef connection, DEBUGASSERT(data); nread = Curl_conn_cf_recv(cf->next, data, buf, *dataLength, &result); + CF_DEBUGF(infof(data, CFMSG(cf, "bio_read(len=%zu) -> %zd, result=%d"), + *dataLength, nread, result)); if(nread < 0) { switch(result) { case CURLE_OK: @@ -851,6 +862,9 @@ static OSStatus bio_cf_in_read(SSLConnectionRef connection, } nread = 0; } + else if((size_t)nread < *dataLength) { + rtn = errSSLWouldBlock; + } *dataLength = nread; return rtn; } @@ -865,22 +879,27 @@ static OSStatus bio_cf_out_write(SSLConnectionRef connection, struct Curl_easy *data = connssl->call_data; ssize_t nwritten; CURLcode result; - OSStatus ortn = noErr; + OSStatus rtn = noErr; DEBUGASSERT(data); nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, &result); + CF_DEBUGF(infof(data, CFMSG(cf, "bio_send(len=%zu) -> %zd, result=%d"), + *dataLength, nwritten, result)); if(nwritten <= 0) { if(result == CURLE_AGAIN) { - ortn = errSSLWouldBlock; + rtn = errSSLWouldBlock; backend->ssl_direction = true; } else { - ortn = ioErr; + rtn = ioErr; } nwritten = 0; } + else if((size_t)nwritten < *dataLength) { + rtn = errSSLWouldBlock; + } *dataLength = nwritten; - return ortn; + return rtn; } #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -1638,6 +1657,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, DEBUGASSERT(backend); + CF_DEBUGF(infof(data, CFMSG(cf, "connect_step1"))); GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); #endif /* CURL_BUILD_MAC */ @@ -2231,7 +2251,8 @@ static int append_cert_to_array(struct Curl_easy *data, return CURLE_OK; } -static CURLcode verify_cert_buf(struct Curl_easy *data, +static CURLcode verify_cert_buf(struct Curl_cfilter *cf, + struct Curl_easy *data, const unsigned char *certbuf, size_t buflen, SSLContextRef ctx) { @@ -2239,7 +2260,12 @@ static CURLcode verify_cert_buf(struct Curl_easy *data, long res; unsigned char *der; size_t derlen, offset = 0; - + OSStatus ret; + SecTrustResultType trust_eval; + CFMutableArrayRef array = NULL; + SecTrustRef trust = NULL; + CURLcode result = CURLE_PEER_FAILED_VERIFICATION; + (void)cf; /* * Certbuf now contains the contents of the certificate file, which can be * - a single DER certificate, @@ -2249,11 +2275,11 @@ static CURLcode verify_cert_buf(struct Curl_easy *data, * Go through certbuf, and convert any PEM certificate in it into DER * format. */ - CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeArrayCallBacks); + array = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); if(!array) { failf(data, "SSL: out of memory creating CA certificate array"); - return CURLE_OUT_OF_MEMORY; + result = CURLE_OUT_OF_MEMORY; + goto out; } while(offset < buflen) { @@ -2265,10 +2291,10 @@ static CURLcode verify_cert_buf(struct Curl_easy *data, */ res = pem_to_der((const char *)certbuf + offset, &der, &derlen); if(res < 0) { - CFRelease(array); failf(data, "SSL: invalid CA certificate #%d (offset %zu) in bundle", n, offset); - return CURLE_SSL_CACERT_BADFILE; + result = CURLE_SSL_CACERT_BADFILE; + goto out; } offset += res; @@ -2276,8 +2302,9 @@ static CURLcode verify_cert_buf(struct Curl_easy *data, /* This is not a PEM file, probably a certificate in DER format. */ rc = append_cert_to_array(data, certbuf, buflen, array); if(rc != CURLE_OK) { - CFRelease(array); - return rc; + CF_DEBUGF(infof(data, CFMSG(cf, "append_cert for CA failed"))); + result = rc; + goto out; } break; } @@ -2289,63 +2316,73 @@ static CURLcode verify_cert_buf(struct Curl_easy *data, rc = append_cert_to_array(data, der, derlen, array); free(der); if(rc != CURLE_OK) { - CFRelease(array); - return rc; + CF_DEBUGF(infof(data, CFMSG(cf, "append_cert for CA failed"))); + result = rc; + goto out; } } - SecTrustRef trust; - OSStatus ret = SSLCopyPeerTrust(ctx, &trust); + ret = SSLCopyPeerTrust(ctx, &trust); if(!trust) { failf(data, "SSL: error getting certificate chain"); - CFRelease(array); - return CURLE_PEER_FAILED_VERIFICATION; + goto out; } else if(ret != noErr) { - CFRelease(array); failf(data, "SSLCopyPeerTrust() returned error %d", ret); - return CURLE_PEER_FAILED_VERIFICATION; + goto out; } + CF_DEBUGF(infof(data, CFMSG(cf, "setting %d trust anchors"), n)); ret = SecTrustSetAnchorCertificates(trust, array); if(ret != noErr) { - CFRelease(array); - CFRelease(trust); failf(data, "SecTrustSetAnchorCertificates() returned error %d", ret); - return CURLE_PEER_FAILED_VERIFICATION; + goto out; } ret = SecTrustSetAnchorCertificatesOnly(trust, true); if(ret != noErr) { - CFRelease(array); - CFRelease(trust); failf(data, "SecTrustSetAnchorCertificatesOnly() returned error %d", ret); - return CURLE_PEER_FAILED_VERIFICATION; + goto out; } - SecTrustResultType trust_eval = 0; + trust_eval = 0; ret = SecTrustEvaluate(trust, &trust_eval); - CFRelease(array); - CFRelease(trust); if(ret != noErr) { failf(data, "SecTrustEvaluate() returned error %d", ret); - return CURLE_PEER_FAILED_VERIFICATION; + goto out; } switch(trust_eval) { case kSecTrustResultUnspecified: + /* what does this really mean? */ + CF_DEBUGF(infof(data, CFMSG(cf, "trust result: Unspecified"))); + result = CURLE_OK; + goto out; case kSecTrustResultProceed: - return CURLE_OK; + CF_DEBUGF(infof(data, CFMSG(cf, "trust result: Proceed"))); + result = CURLE_OK; + goto out; case kSecTrustResultRecoverableTrustFailure: + failf(data, "SSL: peer not verified: RecoverableTrustFailure"); + goto out; case kSecTrustResultDeny: + failf(data, "SSL: peer not verified: Deny"); + goto out; default: - failf(data, "SSL: certificate verification failed (result: %d)", - trust_eval); - return CURLE_PEER_FAILED_VERIFICATION; + failf(data, "SSL: perr not verified: result=%d", trust_eval); + goto out; } + +out: + if(trust) + CFRelease(trust); + if(array) + CFRelease(array); + return result; } -static CURLcode verify_cert(struct Curl_easy *data, const char *cafile, +static CURLcode verify_cert(struct Curl_cfilter *cf, + struct Curl_easy *data, const char *cafile, const struct curl_blob *ca_info_blob, SSLContextRef ctx) { @@ -2354,6 +2391,7 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile, size_t buflen; if(ca_info_blob) { + CF_DEBUGF(infof(data, CFMSG(cf, "verify_peer, CA from config blob"))); certbuf = (unsigned char *)malloc(ca_info_blob->len + 1); if(!certbuf) { return CURLE_OUT_OF_MEMORY; @@ -2363,6 +2401,8 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile, certbuf[ca_info_blob->len]='\0'; } else if(cafile) { + CF_DEBUGF(infof(data, CFMSG(cf, "verify_peer, CA from file '%s'"), + cafile)); if(read_cert(cafile, &certbuf, &buflen) < 0) { failf(data, "SSL: failed to read or invalid CA certificate"); return CURLE_SSL_CACERT_BADFILE; @@ -2371,7 +2411,7 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile, else return CURLE_SSL_CACERT_BADFILE; - result = verify_cert_buf(data, certbuf, buflen, ctx); + result = verify_cert_buf(cf, data, certbuf, buflen, ctx); free(certbuf); return result; } @@ -2498,8 +2538,10 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); DEBUGASSERT(backend); + CF_DEBUGF(infof(data, CFMSG(cf, "connect_step2"))); /* Here goes nothing: */ +check_handshake: err = SSLHandshake(backend->ssl_ctx); if(err != noErr) { @@ -2514,14 +2556,14 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, case -9841: if((conn_config->CAfile || conn_config->ca_info_blob) && conn_config->verifypeer) { - CURLcode result = verify_cert(data, conn_config->CAfile, + CURLcode result = verify_cert(cf, data, conn_config->CAfile, conn_config->ca_info_blob, backend->ssl_ctx); if(result) return result; } /* the documentation says we need to call SSLHandshake() again */ - return sectransp_connect_step2(cf, data); + goto check_handshake; /* Problem with encrypt / decrypt */ case errSSLPeerDecodeError: @@ -2961,6 +3003,7 @@ static CURLcode sectransp_connect_step3(struct Curl_cfilter *cf, { struct ssl_connect_data *connssl = cf->ctx; + CF_DEBUGF(infof(data, CFMSG(cf, "connect_step3"))); /* There is no step 3! * Well, okay, let's collect server certificates, and if verbose mode is on, * let's print the details of the server certificates. */ @@ -3069,6 +3112,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, } if(ssl_connect_done == connssl->connecting_state) { + CF_DEBUGF(infof(data, CFMSG(cf, "connected"))); connssl->state = ssl_connection_complete; *done = TRUE; } @@ -3114,6 +3158,7 @@ static void sectransp_close(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(backend); if(backend->ssl_ctx) { + CF_DEBUGF(infof(data, CFMSG(cf, "close"))); (void)SSLClose(backend->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLCreateContext) @@ -3157,6 +3202,7 @@ static int sectransp_shutdown(struct Curl_cfilter *cf, what = SOCKET_READABLE(cf->conn->sock[cf->sockindex], SSL_SHUTDOWN_TIMEOUT); + CF_DEBUGF(infof(data, CFMSG(cf, "shutdown"))); while(loop--) { if(what < 0) { /* anything that gets here is fatally bad */ @@ -3225,6 +3271,7 @@ static int sectransp_check_cxn(struct Curl_cfilter *cf, DEBUGASSERT(backend); if(backend->ssl_ctx) { + CF_DEBUGF(infof(data, CFMSG(cf, "check connection"))); err = SSLGetSessionState(backend->ssl_ctx, &state); if(err == noErr) return state == kSSLConnected || state == kSSLHandshake; @@ -3245,6 +3292,7 @@ static bool sectransp_data_pending(struct Curl_cfilter *cf, DEBUGASSERT(backend); if(backend->ssl_ctx) { /* SSL is in use */ + CF_DEBUGF(infof(data, CFMSG(cf, "data_pending"))); err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer); if(err == noErr) return buffer > 0UL; @@ -3402,7 +3450,7 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf, case -9841: if((conn_config->CAfile || conn_config->ca_info_blob) && conn_config->verifypeer) { - CURLcode result = verify_cert(data, conn_config->CAfile, + CURLcode result = verify_cert(cf, data, conn_config->CAfile, conn_config->ca_info_blob, backend->ssl_ctx); if(result) @@ -569,7 +569,6 @@ KWSYS_FILES="\ RegularExpression.hxx \ Status.hxx \ String.h \ - String.hxx \ System.h \ SystemTools.hxx \ Terminal.h" |