From 131d91a1f91116e85281d11d175290fdb211f664 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 14 Sep 2012 15:40:09 -0400 Subject: Rename SSL terminology to TLS TLS has superseded SSL so rename the recently added file(DOWNLOAD) and ExternalProject options using the newer terminology. Drop "CURLOPT" from names because curl is an implementation detail. --- Modules/ExternalProject.cmake | 40 ++++++++++++++++++++-------------------- Source/cmFileCommand.cxx | 34 +++++++++++++++++----------------- Source/cmFileCommand.h | 12 ++++++------ 3 files changed, 43 insertions(+), 43 deletions(-) diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index d2e00a8..3923685 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -26,8 +26,8 @@ # [URL /.../src.tgz] # Full path or URL of source # [URL_HASH ALGO=value] # Hash of file at URL # [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5 -# [SSL_VERIFYPEER bool] # Should certificate for https be checked -# [CAINFO_FILE file] # Path to a certificate authority file +# [TLS_VERIFY bool] # Should certificate for https be checked +# [TLS_CAINFO file] # Path to a certificate authority file # [TIMEOUT seconds] # Time allowed for file download operations # #--Update/Patch step---------- # [UPDATE_COMMAND cmd...] # Source work-tree update command @@ -401,7 +401,7 @@ endif() endfunction() -function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file) +function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo) if(timeout) set(timeout_args TIMEOUT ${timeout}) set(timeout_msg "${timeout} seconds") @@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash set(hash_args "# no EXPECTED_HASH") endif() # check for curl globals in the project - if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER) - set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})") + if(DEFINED CMAKE_TLS_VERIFY) + set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})") endif() - if(DEFINED CMAKE_CURLOPT_CAINFO_FILE) - set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")") + if(DEFINED CMAKE_TLS_CAINFO) + set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")") endif() # now check for curl locals so that the local values # will override the globals - # check for ssl_verify argument - string(LENGTH "${ssl_verify}" ssl_verify_len) - if(ssl_verify_len GREATER 0) - set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})") + # check for tls_verify argument + string(LENGTH "${tls_verify}" tls_verify_len) + if(tls_verify_len GREATER 0) + set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})") endif() - # check for cainfo_file argument - string(LENGTH "${cainfo_file}" cainfo_file_len) - if(cainfo_file_len GREATER 0) - set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")") + # check for tls_cainfo argument + string(LENGTH "${tls_cainfo}" tls_cainfo_len) + if(tls_cainfo_len GREATER 0) + set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")") endif() file(WRITE ${script_filename} @@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash dst='${local}' timeout='${timeout_msg}'\") -${ssl_verify} -${ssl_cainfo} +${tls_verify} +${tls_cainfo} file(DOWNLOAD \"${remote}\" @@ -1307,10 +1307,10 @@ function(_ep_add_download_command name) string(REPLACE ";" "-" fname "${fname}") set(file ${download_dir}/${fname}) get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT) - get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER) - get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE) + get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY) + get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO) _ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake" - "${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}") + "${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}") set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake COMMAND) set(comment "Performing download step (download, verify and extract) for '${name}'") diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index bb12980..1cb2ece 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2668,8 +2668,8 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) std::string verboseLog; std::string statusVar; std::string caFile; - bool checkSSL = false; - bool verifySSL = false; + bool checkTLS = false; + bool verifyTLS = false; std::string expectedHash; std::string hashMatchMSG; cmsys::auto_ptr hash; @@ -2723,21 +2723,21 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) } statusVar = *i; } - else if(*i == "SSL_VERIFY") + else if(*i == "TLS_VERIFY") { ++i; if(i != args.end()) { - verifySSL = cmSystemTools::IsOn(i->c_str()); - checkSSL = true; + verifyTLS = cmSystemTools::IsOn(i->c_str()); + checkTLS = true; } else { - this->SetError("SSL_VERIFY missing bool value."); + this->SetError("TLS_VERIFY missing bool value."); return false; } } - else if(*i == "SSL_CAINFO_FILE") + else if(*i == "TLS_CAINFO") { ++i; if(i != args.end()) @@ -2746,7 +2746,7 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) } else { - this->SetError("SSL_CAFILE missing file value."); + this->SetError("TLS_CAFILE missing file value."); return false; } } @@ -2865,14 +2865,14 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) cmFileCommandCurlDebugCallback); check_curl_result(res, "DOWNLOAD cannot set debug function: "); - // check to see if SSL verification is requested + // check to see if TLS verification is requested const char* verifyValue = - this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER"); - // if there is a cmake variable or if the command has SSL_VERIFY requested - if(verifyValue || checkSSL) + this->Makefile->GetDefinition("CMAKE_TLS_VERIFY"); + // if there is a cmake variable or if the command has TLS_VERIFY requested + if(verifyValue || checkTLS) { // the args to the command come first - bool verify = verifySSL; + bool verify = verifyTLS; if(!verify && verifyValue) { verify = cmSystemTools::IsOn(verifyValue); @@ -2880,17 +2880,17 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) if(verify) { res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); - check_curl_result(res, "Unable to set SSL Verify on: "); + check_curl_result(res, "Unable to set TLS/SSL Verify on: "); } else { res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - check_curl_result(res, "Unable to set SSL Verify off: "); + check_curl_result(res, "Unable to set TLS/SSL Verify off: "); } } // check to see if a CAINFO file has been specified const char* cainfo = - this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE"); + this->Makefile->GetDefinition("CMAKE_TLS_CAINFO"); // command arg comes first if(caFile.size()) { @@ -2899,7 +2899,7 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) if(cainfo) { res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); - check_curl_result(res, "Unable to set SSL Verify CAINFO: "); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } cmFileCommandVectorOfChar chunkDebug; diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h index 413e2f4..bd6f612 100644 --- a/Source/cmFileCommand.h +++ b/Source/cmFileCommand.h @@ -85,7 +85,7 @@ public: " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n" " [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n" " [EXPECTED_MD5 sum]\n" - " [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n" + " [TLS_VERIFY on|off] [TLS_CAINFO file])\n" " file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n" " [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n" "WRITE will write a message into a file called 'filename'. It " @@ -177,12 +177,12 @@ public: "If SHOW_PROGRESS is specified, progress information will be printed " "as status messages until the operation is complete. " "For https URLs CMake must be built with OpenSSL. " - "SSL certificates are not checked by default. " - "Set SSL_VERIFY to ON to check certificates and/or use " + "TLS/SSL certificates are not checked by default. " + "Set TLS_VERIFY to ON to check certificates and/or use " "EXPECTED_HASH to verify downloaded content. " - "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. " - "If either SSL option is not given CMake will check variables " - "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, " + "Set TLS_CAINFO to specify a custom Certificate Authority file. " + "If either TLS option is not given CMake will check variables " + "CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, " "respectively." "\n" "UPLOAD will upload the given file to the given URL. " -- cgit v0.12 From 7369a8faee40574e7f87eeaa5e7718d0da407ffe Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 14 Sep 2012 15:57:18 -0400 Subject: file(DOWNLOAD): Make TLS options behave as documented The logic added in commit e1c89f08 (file(DOWNLOAD): Add options for SSL, 2012-08-21) did not actually provide the documented behavior. Simplify the implementation to read the variable values first and then replace them with the explicit argument values if encountered. Always set the curl option CURLOPT_SSL_VERIFYPEER to either on or off explicitly instead of depending on the curl default behavior. --- Source/cmFileCommand.cxx | 46 +++++++++++++--------------------------------- 1 file changed, 13 insertions(+), 33 deletions(-) diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index 1cb2ece..4d9eb79 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) long inactivity_timeout = 0; std::string verboseLog; std::string statusVar; - std::string caFile; - bool checkTLS = false; - bool verifyTLS = false; + bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY"); + const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO"); std::string expectedHash; std::string hashMatchMSG; cmsys::auto_ptr hash; @@ -2728,8 +2727,7 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) ++i; if(i != args.end()) { - verifyTLS = cmSystemTools::IsOn(i->c_str()); - checkTLS = true; + tls_verify = cmSystemTools::IsOn(i->c_str()); } else { @@ -2742,7 +2740,7 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) ++i; if(i != args.end()) { - caFile = *i; + cainfo = i->c_str(); } else { @@ -2866,37 +2864,19 @@ cmFileCommand::HandleDownloadCommand(std::vector const& args) check_curl_result(res, "DOWNLOAD cannot set debug function: "); // check to see if TLS verification is requested - const char* verifyValue = - this->Makefile->GetDefinition("CMAKE_TLS_VERIFY"); - // if there is a cmake variable or if the command has TLS_VERIFY requested - if(verifyValue || checkTLS) + if(tls_verify) { - // the args to the command come first - bool verify = verifyTLS; - if(!verify && verifyValue) - { - verify = cmSystemTools::IsOn(verifyValue); - } - if(verify) - { - res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); - check_curl_result(res, "Unable to set TLS/SSL Verify on: "); - } - else - { - res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - check_curl_result(res, "Unable to set TLS/SSL Verify off: "); - } + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); + check_curl_result(res, "Unable to set TLS/SSL Verify on: "); } - // check to see if a CAINFO file has been specified - const char* cainfo = - this->Makefile->GetDefinition("CMAKE_TLS_CAINFO"); - // command arg comes first - if(caFile.size()) + else { - cainfo = caFile.c_str(); + res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + check_curl_result(res, "Unable to set TLS/SSL Verify off: "); } - if(cainfo) + // check to see if a CAINFO file has been specified + // command arg comes first + if(cainfo && *cainfo) { res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); -- cgit v0.12