From 17b47da3d8988c5723fb6083e48ed94080442e1d Mon Sep 17 00:00:00 2001 From: scivision Date: Thu, 9 Feb 2023 21:53:02 -0500 Subject: Tests: Add test for file(DOWNLOAD) with TLS_VERIFY Occasionally curl updates introduce errors in https verification. Add an explicit test for this capability, activated by an undocumented option that we can use in CI to specify a URL to test. Co-authored-by: Brad King Fixes: #24405 Issue: #24147 Issue: #24398 --- Tests/RunCMake/CMakeLists.txt | 10 +++++++++- Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake | 5 +++++ Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt | 1 + Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake | 6 ++++++ Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt | 1 + Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake | 6 ++++++ 6 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt create mode 100644 Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake create mode 100644 Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt create mode 100644 Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake diff --git a/Tests/RunCMake/CMakeLists.txt b/Tests/RunCMake/CMakeLists.txt index a7a8295..930122c 100644 --- a/Tests/RunCMake/CMakeLists.txt +++ b/Tests/RunCMake/CMakeLists.txt @@ -469,7 +469,15 @@ add_RunCMake_test(ctest_fixtures) add_RunCMake_test(define_property) add_RunCMake_test(file -DCYGWIN=${CYGWIN} -DMSYS=${MSYS}) add_RunCMake_test(file-CHMOD -DMSYS=${MSYS}) -add_RunCMake_test(file-DOWNLOAD -DCMake_TEST_NO_NETWORK=${CMake_TEST_NO_NETWORK}) +foreach(var + CMake_TEST_NO_NETWORK + CMake_TEST_TLS_VERIFY_URL + ) + if(DEFINED ${var}) + list(APPEND file-DOWNLOAD_ARGS -D${var}=${${var}}) + endif() +endforeach() +add_RunCMake_test(file-DOWNLOAD) add_RunCMake_test(file-RPATH -DCMAKE_SYSTEM_NAME=${CMAKE_SYSTEM_NAME}) add_RunCMake_test(find_file) add_RunCMake_test(find_library -DCYGWIN=${CYGWIN} -DMSYS=${MSYS}) diff --git a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake index 565f440..d757eea 100644 --- a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake +++ b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake @@ -24,3 +24,8 @@ run_cmake(SHOW_PROGRESS) if(NOT CMake_TEST_NO_NETWORK) run_cmake(bad-hostname) endif() + +if(CMake_TEST_TLS_VERIFY_URL) + run_cmake(TLS_VERIFY-bad) + run_cmake_with_options(TLS_VERIFY-good -Durl=${CMake_TEST_TLS_VERIFY_URL}) +endif() diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt new file mode 100644 index 0000000..8f5d437 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt @@ -0,0 +1 @@ +-- (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake new file mode 100644 index 0000000..333f990 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake @@ -0,0 +1,6 @@ +file(DOWNLOAD https://expired.badssl.com TLS_VERIFY 1 STATUS status LOG log) +message(STATUS "${status}") +list(GET status 0 code) +if(NOT code MATCHES "^(35|60)$") + message("${log}") +endif() diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt new file mode 100644 index 0000000..348bb17 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good-stdout.txt @@ -0,0 +1 @@ +-- 0;"No error" diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake new file mode 100644 index 0000000..279eb69 --- /dev/null +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-good.cmake @@ -0,0 +1,6 @@ +file(DOWNLOAD ${url} TLS_VERIFY 1 STATUS status LOG log) +message(STATUS "${status}") +list(GET status 0 code) +if(NOT code EQUAL 0) + message("${log}") +endif() -- cgit v0.12 From 3350c1745132cda0adeb1d87b39834db526537e6 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 10 Feb 2023 12:13:31 -0500 Subject: ci: Enable file(DOWNLOAD) TLS_VERIFY test case in CI jobs --- .gitlab/ci/configure_debian10_aarch64_ninja.cmake | 1 + .gitlab/ci/configure_debian10_ninja.cmake | 1 + .gitlab/ci/configure_fedora37_makefiles.cmake | 1 + .gitlab/ci/configure_fedora37_ninja.cmake | 1 + .gitlab/ci/configure_macos_arm64_ninja.cmake | 1 + .gitlab/ci/configure_macos_x86_64_makefiles.cmake | 1 + .gitlab/ci/configure_macos_x86_64_ninja.cmake | 1 + .gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake | 1 + .gitlab/ci/configure_windows_vs2022_x64_ninja.cmake | 1 + 9 files changed, 9 insertions(+) diff --git a/.gitlab/ci/configure_debian10_aarch64_ninja.cmake b/.gitlab/ci/configure_debian10_aarch64_ninja.cmake index 808f91d..7407959 100644 --- a/.gitlab/ci/configure_debian10_aarch64_ninja.cmake +++ b/.gitlab/ci/configure_debian10_aarch64_ninja.cmake @@ -74,6 +74,7 @@ set(CMake_TEST_IPO_WORKS_CXX "ON" CACHE BOOL "") set(CMake_TEST_IPO_WORKS_Fortran "ON" CACHE BOOL "") set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "") set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake") diff --git a/.gitlab/ci/configure_debian10_ninja.cmake b/.gitlab/ci/configure_debian10_ninja.cmake index acada17..e8d6d55 100644 --- a/.gitlab/ci/configure_debian10_ninja.cmake +++ b/.gitlab/ci/configure_debian10_ninja.cmake @@ -80,6 +80,7 @@ set(CMake_TEST_IPO_WORKS_CXX "ON" CACHE BOOL "") set(CMake_TEST_IPO_WORKS_Fortran "ON" CACHE BOOL "") set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "") set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") if (NOT "$ENV{SWIFTC}" STREQUAL "") diff --git a/.gitlab/ci/configure_fedora37_makefiles.cmake b/.gitlab/ci/configure_fedora37_makefiles.cmake index 6cd3d35..725cc46 100644 --- a/.gitlab/ci/configure_fedora37_makefiles.cmake +++ b/.gitlab/ci/configure_fedora37_makefiles.cmake @@ -80,6 +80,7 @@ if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() set(CMake_TEST_Qt5 "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(CMake_TEST_UseSWIG "ON" CACHE BOOL "") include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake") diff --git a/.gitlab/ci/configure_fedora37_ninja.cmake b/.gitlab/ci/configure_fedora37_ninja.cmake index 3defa5a..5b40677 100644 --- a/.gitlab/ci/configure_fedora37_ninja.cmake +++ b/.gitlab/ci/configure_fedora37_ninja.cmake @@ -2,6 +2,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") # "Release" flags without "-DNDEBUG" so we get assertions. set(CMAKE_C_FLAGS_RELEASE "-O3" CACHE STRING "") diff --git a/.gitlab/ci/configure_macos_arm64_ninja.cmake b/.gitlab/ci/configure_macos_arm64_ninja.cmake index 1a41bc3..f59b43c 100644 --- a/.gitlab/ci/configure_macos_arm64_ninja.cmake +++ b/.gitlab/ci/configure_macos_arm64_ninja.cmake @@ -2,5 +2,6 @@ set(CMake_TEST_FindOpenMP "ON" CACHE BOOL "") set(CMake_TEST_FindOpenMP_C "ON" CACHE BOOL "") set(CMake_TEST_FindOpenMP_CXX "ON" CACHE BOOL "") set(CMake_TEST_GUI "ON" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake index 113fe56..3c5d8fe 100644 --- a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake +++ b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake @@ -5,6 +5,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_macos_x86_64_ninja.cmake b/.gitlab/ci/configure_macos_x86_64_ninja.cmake index 113fe56..3c5d8fe 100644 --- a/.gitlab/ci/configure_macos_x86_64_ninja.cmake +++ b/.gitlab/ci/configure_macos_x86_64_ninja.cmake @@ -5,6 +5,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "") if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake") diff --git a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake index 722e009..a12ee6c 100644 --- a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake +++ b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake @@ -1,5 +1,6 @@ # Qt host tools are not yet available natively on windows-arm64. set(CMake_TEST_GUI "OFF" CACHE BOOL "") +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") set(BUILD_QtDialog "OFF" CACHE BOOL "") set(CMAKE_PREFIX_PATH "" CACHE STRING "") diff --git a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake index f5a6d80..5bf0be8 100644 --- a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake +++ b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake @@ -1,6 +1,7 @@ if (NOT "$ENV{CMAKE_CI_NIGHTLY}" STREQUAL "") set(CMake_TEST_ISPC "ON" CACHE STRING "") endif() +set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "") include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake") include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_vs_common_ninja.cmake") -- cgit v0.12