From 713994426427154100b0f457838dfc671b1d832f Mon Sep 17 00:00:00 2001
From: Brad King <brad.king@kitware.com>
Date: Fri, 29 Mar 2024 12:48:11 -0400
Subject: ctest: Fall back to CMake environment variable for TLS server
 verification

Use `ENV{CMAKE_TLS_VERIFY}` if `CTEST_TLS_VERIFY` or `CMAKE_TLS_VERIFY`
is not set.

Issue: #23608
---
 Help/variable/CTEST_TLS_VERIFY.rst                               | 4 ++--
 Modules/CTestTargets.cmake                                       | 8 ++++++--
 Source/CTest/cmCTestSubmitCommand.cxx                            | 9 +++++++++
 .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt | 1 +
 .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt | 2 ++
 .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt | 1 +
 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake | 1 +
 .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt  | 1 +
 .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt  | 2 ++
 .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt  | 1 +
 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake  | 1 +
 Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake               | 7 +++++++
 .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt  | 1 +
 .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt  | 2 ++
 .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt  | 4 ++++
 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt | 1 +
 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt | 2 ++
 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt | 4 ++++
 Tests/RunCMake/ctest_submit/RunCMakeTest.cmake                   | 8 ++++++++
 19 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt
 create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt
 create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt

diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst
index bce4969..9b3d96c 100644
--- a/Help/variable/CTEST_TLS_VERIFY.rst
+++ b/Help/variable/CTEST_TLS_VERIFY.rst
@@ -9,5 +9,5 @@ before including the :module:`CTest` module.  The value is a boolean
 indicating whether to  verify the server certificate when submitting
 to a dashboard via ``https://`` URLs.
 
-If ``CTEST_TLS_VERIFY`` is not set, :variable:`CMAKE_TLS_VERIFY` is
-used instead.
+If ``CTEST_TLS_VERIFY`` is not set, the :variable:`CMAKE_TLS_VERIFY` variable
+or :envvar:`CMAKE_TLS_VERIFY` environment variable is used instead.
diff --git a/Modules/CTestTargets.cmake b/Modules/CTestTargets.cmake
index f672410..5e8a07d 100644
--- a/Modules/CTestTargets.cmake
+++ b/Modules/CTestTargets.cmake
@@ -28,8 +28,12 @@ block()
       set(CTEST_TLS_VERSION "$ENV{CMAKE_TLS_VERSION}")
     endif()
   endif()
-  if(NOT DEFINED CTEST_TLS_VERIFY AND DEFINED CMAKE_TLS_VERIFY)
-    set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}")
+  if(NOT DEFINED CTEST_TLS_VERIFY)
+    if(DEFINED CMAKE_TLS_VERIFY)
+      set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}")
+    elseif(DEFINED ENV{CMAKE_TLS_VERIFY})
+      set(CTEST_TLS_VERIFY "$ENV{CMAKE_TLS_VERIFY}")
+    endif()
   endif()
   if(CTEST_NEW_FORMAT)
     configure_file(
diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx
index 0b21b24..029f81f 100644
--- a/Source/CTest/cmCTestSubmitCommand.cxx
+++ b/Source/CTest/cmCTestSubmitCommand.cxx
@@ -88,6 +88,15 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler()
         this->Quiet);
       this->CTest->SetCTestConfiguration("TLSVerify", *tlsVerifyVar,
                                          this->Quiet);
+    } else if (cm::optional<std::string> tlsVerifyEnv =
+                 cmSystemTools::GetEnvVar("CMAKE_TLS_VERIFY")) {
+      cmCTestOptionalLog(
+        this->CTest, HANDLER_VERBOSE_OUTPUT,
+        "SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:"
+          << *tlsVerifyEnv << std::endl,
+        this->Quiet);
+      this->CTest->SetCTestConfiguration("TLSVerify", *tlsVerifyEnv,
+                                         this->Quiet);
     }
   }
   this->CTest->SetCTestConfigurationFromCMakeVariable(
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt
new file mode 100644
index 0000000..d197c91
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt
@@ -0,0 +1 @@
+[^0]
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt
new file mode 100644
index 0000000..be5d335
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt
@@ -0,0 +1 @@
+  Set CURLOPT_SSL_VERIFYPEER to off
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake
new file mode 100644
index 0000000..e0368fc
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake
@@ -0,0 +1 @@
+include(FailDrop-common.cmake)
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt
new file mode 100644
index 0000000..d197c91
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt
@@ -0,0 +1 @@
+[^0]
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt
new file mode 100644
index 0000000..fa95148
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt
@@ -0,0 +1 @@
+  Set CURLOPT_SSL_VERIFYPEER to on
diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake
new file mode 100644
index 0000000..e0368fc
--- /dev/null
+++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake
@@ -0,0 +1 @@
+include(FailDrop-common.cmake)
diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
index 34408cf..851439e 100644
--- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
+++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake
@@ -491,6 +491,7 @@ run_ctest(check-configuration-type)
 function(run_FailDrop case)
   set(RunCMake_TEST_BINARY_DIR ${RunCMake_BINARY_DIR}/FailDrop-${case}-build)
   run_cmake_with_options(FailDrop-${case} ${ARGN})
+  unset(ENV{CMAKE_TLS_VERIFY}) # Test that env variable is saved in ctest config file.
   unset(ENV{CMAKE_TLS_VERSION}) # Test that env variable is saved in ctest config file.
   set(RunCMake_TEST_NO_CLEAN 1)
   run_cmake_command(FailDrop-${case}-ctest
@@ -504,8 +505,14 @@ run_FailDrop(TLSVersion-1.1-env)
 unset(ENV{CMAKE_TLS_VERSION})
 run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON)
 run_FailDrop(TLSVerify-ON-cmake -DCMAKE_TLS_VERIFY=ON) # Test fallback to CMake variable.
+set(ENV{CMAKE_TLS_VERIFY} 1) # Test fallback to env variable.
+run_FailDrop(TLSVerify-ON-env)
+unset(ENV{CMAKE_TLS_VERIFY})
 run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF)
 run_FailDrop(TLSVerify-OFF-cmake -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable.
+set(ENV{CMAKE_TLS_VERIFY} 0) # Test fallback to env variable.
+run_FailDrop(TLSVerify-OFF-env)
+unset(ENV{CMAKE_TLS_VERIFY})
 
 run_cmake_command(EmptyDirCoverage-ctest
   ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt
new file mode 100644
index 0000000..b57e2de
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt
@@ -0,0 +1 @@
+(-1|255)
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt
new file mode 100644
index 0000000..582030a
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt
@@ -0,0 +1,4 @@
+SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:OFF
+SetCTestConfiguration:TLSVerify:OFF
+.*
+  Set CURLOPT_SSL_VERIFYPEER to off
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt
new file mode 100644
index 0000000..b57e2de
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt
@@ -0,0 +1 @@
+(-1|255)
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt
new file mode 100644
index 0000000..e3df62f
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt
@@ -0,0 +1,2 @@
+Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).*
+   Problems when submitting via HTTP
diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt
new file mode 100644
index 0000000..add2b4c
--- /dev/null
+++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt
@@ -0,0 +1,4 @@
+SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:ON
+SetCTestConfiguration:TLSVerify:ON
+.*
+  Set CURLOPT_SSL_VERIFYPEER to on
diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
index 8e88a87..3c77ddb 100644
--- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
+++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake
@@ -69,8 +69,16 @@ block()
   run_ctest(FailDrop-TLSVerify-ON -VV)
   set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY ON)") # Test fallback to CMake variable.
   run_ctest(FailDrop-TLSVerify-ON-cmake -VV)
+  set(ENV{CMAKE_TLS_VERIFY} ON) # Test fallback to env variable.
+  set(CASE_TEST_PREFIX_CODE "")
+  run_ctest(FailDrop-TLSVerify-ON-env -VV)
+  unset(ENV{CMAKE_TLS_VERIFY})
   set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)")
   run_ctest(FailDrop-TLSVerify-OFF -VV)
   set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable.
   run_ctest(FailDrop-TLSVerify-OFF-cmake -VV)
+  set(ENV{CMAKE_TLS_VERIFY} OFF) # Test fallback to env variable.
+  set(CASE_TEST_PREFIX_CODE "")
+  run_ctest(FailDrop-TLSVerify-OFF-env -VV)
+  unset(ENV{CMAKE_TLS_VERIFY})
 endblock()
-- 
cgit v0.12