From 23a71e4e4d5ca6bdb39e250335074a2b8ab74a02 Mon Sep 17 00:00:00 2001
From: Brad King <brad.king@kitware.com>
Date: Wed, 6 Apr 2016 16:39:46 -0400
Subject: ExternalProject: Tell Git not to verify certs only if TLS_VERIFY is
 OFF

Since commit 272779ce (ExternalProject: Allow TLS_VERIFY for git clones,
2016-04-01) we pass the `-c http.sslVerify=false` option to `git clone`
even if no explicit `TLS_VERIFY` option was set.  This changes behavior
because we used to use the default Git behavior by default.  Revise the
logic to preserve the old default behavior by passing the new option
only if `TLS_VERIFY` was explicitly passed as `OFF`.

While at it, also honor `CMAKE_TLS_VERIFY` if the explicit `TLS_VERIFY`
option is not given.
---
 Modules/ExternalProject.cmake | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake
index 8d8382f..1859890 100644
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@@ -525,7 +525,10 @@ if(error_code)
 endif()
 
 set(git_options)
-if(NOT tls_verify)
+
+# disable cert checking if explicitly told not to do it
+set(tls_verify \"${tls_verify}\")
+if(NOT \"x${tls_verify}\" STREQUAL \"x\" AND NOT tls_verify)
   list(APPEND git_options
     -c http.sslVerify=false)
 endif()
@@ -1784,8 +1787,8 @@ function(_ep_add_download_command name)
     endif()
 
     get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
-    if(NOT tls_verify)
-      set(tls_verify OFF)
+    if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY)
+      set(tls_verify "${CMAKE_TLS_VERIFY}")
     endif()
 
     # For the download step, and the git clone operation, only the repository
@@ -1812,7 +1815,7 @@ function(_ep_add_download_command name)
     #
     _ep_write_gitclone_script(${tmp_dir}/${name}-gitclone.cmake ${source_dir}
       ${GIT_EXECUTABLE} ${git_repository} ${git_tag} ${git_remote_name} "${git_submodules}" ${src_name} ${work_dir}
-      ${stamp_dir}/${name}-gitinfo.txt ${stamp_dir}/${name}-gitclone-lastrun.txt ${tls_verify}
+      ${stamp_dir}/${name}-gitinfo.txt ${stamp_dir}/${name}-gitclone-lastrun.txt "${tls_verify}"
       )
     set(comment "Performing download step (git clone) for '${name}'")
     set(cmd ${CMAKE_COMMAND} -P ${tmp_dir}/${name}-gitclone.cmake)
-- 
cgit v0.12