diff options
Diffstat (limited to 'Source')
-rw-r--r-- | Source/cmFileCommand.cxx | 58 | ||||
-rw-r--r-- | Source/cmFileCommand.h | 12 |
2 files changed, 25 insertions, 45 deletions
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index bb12980..4d9eb79 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) long inactivity_timeout = 0; std::string verboseLog; std::string statusVar; - std::string caFile; - bool checkSSL = false; - bool verifySSL = false; + bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY"); + const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO"); std::string expectedHash; std::string hashMatchMSG; cmsys::auto_ptr<cmCryptoHash> hash; @@ -2723,30 +2722,29 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) } statusVar = *i; } - else if(*i == "SSL_VERIFY") + else if(*i == "TLS_VERIFY") { ++i; if(i != args.end()) { - verifySSL = cmSystemTools::IsOn(i->c_str()); - checkSSL = true; + tls_verify = cmSystemTools::IsOn(i->c_str()); } else { - this->SetError("SSL_VERIFY missing bool value."); + this->SetError("TLS_VERIFY missing bool value."); return false; } } - else if(*i == "SSL_CAINFO_FILE") + else if(*i == "TLS_CAINFO") { ++i; if(i != args.end()) { - caFile = *i; + cainfo = i->c_str(); } else { - this->SetError("SSL_CAFILE missing file value."); + this->SetError("TLS_CAFILE missing file value."); return false; } } @@ -2865,41 +2863,23 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args) cmFileCommandCurlDebugCallback); check_curl_result(res, "DOWNLOAD cannot set debug function: "); - // check to see if SSL verification is requested - const char* verifyValue = - this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER"); - // if there is a cmake variable or if the command has SSL_VERIFY requested - if(verifyValue || checkSSL) + // check to see if TLS verification is requested + if(tls_verify) { - // the args to the command come first - bool verify = verifySSL; - if(!verify && verifyValue) - { - verify = cmSystemTools::IsOn(verifyValue); - } - if(verify) - { - res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); - check_curl_result(res, "Unable to set SSL Verify on: "); - } - else - { - res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - check_curl_result(res, "Unable to set SSL Verify off: "); - } + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); + check_curl_result(res, "Unable to set TLS/SSL Verify on: "); } - // check to see if a CAINFO file has been specified - const char* cainfo = - this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE"); - // command arg comes first - if(caFile.size()) + else { - cainfo = caFile.c_str(); + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + check_curl_result(res, "Unable to set TLS/SSL Verify off: "); } - if(cainfo) + // check to see if a CAINFO file has been specified + // command arg comes first + if(cainfo && *cainfo) { res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); - check_curl_result(res, "Unable to set SSL Verify CAINFO: "); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } cmFileCommandVectorOfChar chunkDebug; diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h index 413e2f4..bd6f612 100644 --- a/Source/cmFileCommand.h +++ b/Source/cmFileCommand.h @@ -85,7 +85,7 @@ public: " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n" " [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n" " [EXPECTED_MD5 sum]\n" - " [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n" + " [TLS_VERIFY on|off] [TLS_CAINFO file])\n" " file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n" "WRITE will write a message into a file called 'filename'. It " @@ -177,12 +177,12 @@ public: "If SHOW_PROGRESS is specified, progress information will be printed " "as status messages until the operation is complete. " "For https URLs CMake must be built with OpenSSL. " - "SSL certificates are not checked by default. " - "Set SSL_VERIFY to ON to check certificates and/or use " + "TLS/SSL certificates are not checked by default. " + "Set TLS_VERIFY to ON to check certificates and/or use " "EXPECTED_HASH to verify downloaded content. " - "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. " - "If either SSL option is not given CMake will check variables " - "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, " + "Set TLS_CAINFO to specify a custom Certificate Authority file. " + "If either TLS option is not given CMake will check variables " + "CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, " "respectively." "\n" "UPLOAD will upload the given file to the given URL. " |