From 7398993f5b0444d6c7997d5bf14f96c982d07021 Mon Sep 17 00:00:00 2001 From: Michael Hirsch Date: Thu, 29 Apr 2021 10:45:05 -0400 Subject: Help: Document CMAKE_TLS_VERIFY variable explicitly Previously it was mentioned only in the `file` and `ExternalProject` documentation. --- Help/command/file.rst | 2 +- Help/manual/cmake-variables.7.rst | 1 + Help/variable/CMAKE_TLS_VERIFY.rst | 17 +++++++++++++++++ Modules/ExternalProject.cmake | 2 +- 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 Help/variable/CMAKE_TLS_VERIFY.rst diff --git a/Help/command/file.rst b/Help/command/file.rst index e170526..f46e55a 100644 --- a/Help/command/file.rst +++ b/Help/command/file.rst @@ -1070,7 +1070,7 @@ If neither ``NETRC`` option is given CMake will check variables For ``https://`` URLs CMake must be built with OpenSSL support. ``TLS/SSL`` certificates are not checked by default. Set ``TLS_VERIFY`` to ``ON`` to check certificates. If neither ``TLS`` option is given CMake will check -variables ``CMAKE_TLS_VERIFY`` and ``CMAKE_TLS_CAINFO``, respectively. +variables :variable:`CMAKE_TLS_VERIFY` and ``CMAKE_TLS_CAINFO``, respectively. Additional options to ``DOWNLOAD`` are: diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst index 37ef053..c4aaa59 100644 --- a/Help/manual/cmake-variables.7.rst +++ b/Help/manual/cmake-variables.7.rst @@ -245,6 +245,7 @@ Variables that Change Behavior /variable/CMAKE_SYSTEM_LIBRARY_PATH /variable/CMAKE_SYSTEM_PREFIX_PATH /variable/CMAKE_SYSTEM_PROGRAM_PATH + /variable/CMAKE_TLS_VERIFY /variable/CMAKE_USER_MAKE_RULES_OVERRIDE /variable/CMAKE_WARN_DEPRECATED /variable/CMAKE_WARN_ON_ABSOLUTE_INSTALL_DESTINATION diff --git a/Help/variable/CMAKE_TLS_VERIFY.rst b/Help/variable/CMAKE_TLS_VERIFY.rst new file mode 100644 index 0000000..24f8a25 --- /dev/null +++ b/Help/variable/CMAKE_TLS_VERIFY.rst @@ -0,0 +1,17 @@ +CMAKE_TLS_VERIFY +---------------- + +Specify the default value for the :command:`file(DOWNLOAD)` and +:command:`file(UPLOAD)` commands' ``TLS_VERIFY`` options. +If not set, the default is *off*. + +This setting is also used by the :module:`ExternalProject` module +for internal calls to :command:`file(DOWNLOAD)`. + +TLS verification can help provide confidence that one is connecting +to the desired server. When downloading known content, one should +also use file hashes to verify it. + +.. code-block:: cmake + + set(CMAKE_TLS_VERIFY TRUE) diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index 56525080..45b6124 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -212,7 +212,7 @@ External Project Definition ``TLS_VERIFY `` Specifies whether certificate verification should be performed for https URLs. If this option is not provided, the default behavior is - determined by the ``CMAKE_TLS_VERIFY`` variable (see + determined by the :variable:`CMAKE_TLS_VERIFY` variable (see :command:`file(DOWNLOAD)`). If that is also not set, certificate verification will not be performed. In situations where ``URL_HASH`` cannot be provided, this option can be an alternative verification -- cgit v0.12