From 6c44abb6e0e0fa1a9bfe47a772a574e5698fd2e2 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 14:16:23 -0400 Subject: Tests: Update cmake_minimum_required version in RunCMake ctest cases This was missed in commit 1edf138506 (Tests/RunCMake: Update cmake_minimum_required versions, 2023-02-06, v3.27.0-rc1~508^2~1). --- Tests/RunCMake/CTestCommandLine/CMakeLists.txt.in | 2 +- Tests/RunCMake/ctest_cmake_error/CMakeLists.txt.in | 2 +- Tests/RunCMake/ctest_submit/CMakeLists.txt.in | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Tests/RunCMake/CTestCommandLine/CMakeLists.txt.in b/Tests/RunCMake/CTestCommandLine/CMakeLists.txt.in index 5437800..e4a6f5f 100644 --- a/Tests/RunCMake/CTestCommandLine/CMakeLists.txt.in +++ b/Tests/RunCMake/CTestCommandLine/CMakeLists.txt.in @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.1) +cmake_minimum_required(VERSION 3.5) project(CTestCommandLine@CASE_NAME@ NONE) include(CTest) add_test(NAME RunCMakeVersion COMMAND "${CMAKE_COMMAND}" --version) diff --git a/Tests/RunCMake/ctest_cmake_error/CMakeLists.txt.in b/Tests/RunCMake/ctest_cmake_error/CMakeLists.txt.in index 1babd72..da7ec1a 100644 --- a/Tests/RunCMake/ctest_cmake_error/CMakeLists.txt.in +++ b/Tests/RunCMake/ctest_cmake_error/CMakeLists.txt.in @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.1) +cmake_minimum_required(VERSION 3.5) project(CTestCoverage@CASE_NAME@ NONE) include(CTest) add_test(NAME RunCMakeVersion COMMAND "${CMAKE_COMMAND}" --version) diff --git a/Tests/RunCMake/ctest_submit/CMakeLists.txt.in b/Tests/RunCMake/ctest_submit/CMakeLists.txt.in index 96e6c13..5ee64be 100644 --- a/Tests/RunCMake/ctest_submit/CMakeLists.txt.in +++ b/Tests/RunCMake/ctest_submit/CMakeLists.txt.in @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.1) +cmake_minimum_required(VERSION 3.5) project(CTestSubmit@CASE_NAME@ NONE) include(CTest) add_test(NAME RunCMakeVersion COMMAND "${CMAKE_COMMAND}" --version) -- cgit v0.12 From bed32f400ee32488f1cd99fa8d3573d6991b4be0 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 11:42:04 -0400 Subject: file(DOWNLOAD|UPLOAD): Document TLS_VERSION fallback to environment variable This was missed by commit 434fe8a34b (file(DOWNLOAD|UPLOAD): Add CMAKE_TLS_VERSION environment variable, 2024-02-26). --- Help/command/file.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Help/command/file.rst b/Help/command/file.rst index c0d020e..ee7d05d 100644 --- a/Help/command/file.rst +++ b/Help/command/file.rst @@ -1102,8 +1102,9 @@ Transfer Specify minimum TLS version for ``https://`` URLs. If this option is not specified, the value of the - :variable:`CMAKE_TLS_VERSION` variable will be used instead. - See that variable for allowed values. + :variable:`CMAKE_TLS_VERSION` variable or :envvar:`CMAKE_TLS_VERSION` + environment variable will be used instead. + See :variable:`CMAKE_TLS_VERSION` for allowed values. ``TLS_VERIFY `` Specify whether to verify the server certificate for ``https://`` URLs. -- cgit v0.12 From 93886f5c7d5e8b62e93d6ab8a14ab9125b4af655 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 12:13:41 -0400 Subject: file(DOWNLOAD|UPLOAD): Avoid unnecessary CMAKE_TLS_VERIFY variable lookup If the `TLS_VERIFY` option is given explicitly, we do not need to check the variable. --- CTestCustom.cmake.in | 1 + Source/cmFileCommand.cxx | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CTestCustom.cmake.in b/CTestCustom.cmake.in index 3ba8f54..a81ee4b 100644 --- a/CTestCustom.cmake.in +++ b/CTestCustom.cmake.in @@ -85,6 +85,7 @@ list(APPEND CTEST_CUSTOM_WARNING_EXCEPTION "[0-9]+ Warning\\(s\\) detected" # SunPro # Ignore false positive on `cm::optional` usage from GCC + "cmFileCommand.cxx:[0-9]*:[0-9]*: warning: '\\*\\(\\(void\\*\\)& tls_verify \\+2\\)' may be used uninitialized in this function \\[-Wmaybe-uninitialized\\]" "cmGlobalNinjaGenerator.cxx:[0-9]*:[0-9]*: warning: '.*cm::optional::_mem\\)\\)' may be used uninitialized \\[-Wmaybe-uninitialized\\]" "cmGlobalNinjaGenerator.cxx:[0-9]*:[0-9]*: note: '.*cm::optional::_mem\\)\\)' was declared here" "cmGlobalNinjaGenerator.cxx:[0-9]*:[0-9]*: warning: '\\*\\(\\(void\\*\\)& modmap_fmt \\+4\\)' may be used uninitialized in this function \\[-Wmaybe-uninitialized\\]" diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index 115c332..ac1d22b 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -1866,7 +1866,7 @@ bool HandleDownloadCommand(std::vector const& args, std::string logVar; std::string statusVar; cm::optional tls_version; - bool tls_verify = status.GetMakefile().IsOn("CMAKE_TLS_VERIFY"); + cm::optional tls_verify; cmValue cainfo = status.GetMakefile().GetDefinition("CMAKE_TLS_CAINFO"); std::string netrc_level = status.GetMakefile().GetSafeDefinition("CMAKE_NETRC"); @@ -2031,6 +2031,12 @@ bool HandleDownloadCommand(std::vector const& args, ++i; } + if (!tls_verify) { + if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERIFY")) { + tls_verify = v.IsOn(); + } + } + if (!tls_version) { if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) { tls_version = *v; @@ -2133,7 +2139,7 @@ bool HandleDownloadCommand(std::vector const& args, } // check to see if TLS verification is requested - if (tls_verify) { + if (tls_verify && *tls_verify) { res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); check_curl_result(res, "DOWNLOAD cannot set TLS/SSL Verify on: "); } else { @@ -2322,7 +2328,7 @@ bool HandleUploadCommand(std::vector const& args, std::string statusVar; bool showProgress = false; cm::optional tls_version; - bool tls_verify = status.GetMakefile().IsOn("CMAKE_TLS_VERIFY"); + cm::optional tls_verify; cmValue cainfo = status.GetMakefile().GetDefinition("CMAKE_TLS_CAINFO"); std::string userpwd; std::string netrc_level = @@ -2428,6 +2434,12 @@ bool HandleUploadCommand(std::vector const& args, ++i; } + if (!tls_verify) { + if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERIFY")) { + tls_verify = v.IsOn(); + } + } + if (!tls_version) { if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) { tls_version = *v; @@ -2498,7 +2510,7 @@ bool HandleUploadCommand(std::vector const& args, } // check to see if TLS verification is requested - if (tls_verify) { + if (tls_verify && *tls_verify) { res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1); check_curl_result(res, "UPLOAD cannot set TLS/SSL Verify on: "); } else { -- cgit v0.12 From 8b0169fe2b807204d606eeabb701e8f410944647 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 12:41:10 -0400 Subject: file(DOWNLOAD|UPLOAD): Add test covering CMAKE_TLS_VERIFY cmake variable --- .../file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt | 6 ++++- Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake | 29 +++++++++++++++++----- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt index 8f5d437..72ab8f4 100644 --- a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt @@ -1 +1,5 @@ --- (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") +-- def-0: 0;"No error" +-- var-0: 0;"No error" +-- var-1: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") +-- opt-0: 0;"No error" +-- opt-1: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake index 333f990..ed19bd6 100644 --- a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake @@ -1,6 +1,23 @@ -file(DOWNLOAD https://expired.badssl.com TLS_VERIFY 1 STATUS status LOG log) -message(STATUS "${status}") -list(GET status 0 code) -if(NOT code MATCHES "^(35|60)$") - message("${log}") -endif() +function(download case) + file(DOWNLOAD https://expired.badssl.com ${ARGN} STATUS status LOG log) + message(STATUS "${case}: ${status}") + if(case MATCHES "1$" AND NOT status MATCHES "^(35|60);") + message("${log}") + endif() +endfunction() + +# The default is OFF. +unset(CMAKE_TLS_VERIFY) +download(def-0) + +# The cmake variable overrides the default. +set(CMAKE_TLS_VERIFY 0) +download(var-0) +set(CMAKE_TLS_VERIFY 1) +download(var-1) + +# The explicit argument overrides the cmake variable. +set(CMAKE_TLS_VERIFY 1) +download(opt-0 TLS_VERIFY 0) +set(CMAKE_TLS_VERIFY 0) +download(opt-1 TLS_VERIFY 1) -- cgit v0.12 From 46faaf9667cff75008e91a5e379e7409c9b365c4 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 11:50:07 -0400 Subject: file(DOWNLOAD|UPLOAD): Add CMAKE_TLS_VERIFY environment variable Issue: #23608 --- Help/envvar/CMAKE_TLS_VERIFY.rst | 11 +++++++++++ Help/manual/cmake-env-variables.7.rst | 1 + Help/release/dev/curl-tls-version.rst | 4 ++++ Help/variable/CMAKE_TLS_VERIFY.rst | 4 +++- Source/cmFileCommand.cxx | 12 ++++++++++++ Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt | 2 ++ Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake | 15 +++++++++++++-- 7 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 Help/envvar/CMAKE_TLS_VERIFY.rst diff --git a/Help/envvar/CMAKE_TLS_VERIFY.rst b/Help/envvar/CMAKE_TLS_VERIFY.rst new file mode 100644 index 0000000..a0ed323 --- /dev/null +++ b/Help/envvar/CMAKE_TLS_VERIFY.rst @@ -0,0 +1,11 @@ +CMAKE_TLS_VERIFY +---------------- + +.. versionadded:: 3.30 + +.. include:: ENV_VAR.txt + +Specify the default value for the :command:`file(DOWNLOAD)` and +:command:`file(UPLOAD)` commands' ``TLS_VERIFY`` option. +This environment variable is used if the option is not given +and the :variable:`CMAKE_TLS_VERIFY` cmake variable is not set. diff --git a/Help/manual/cmake-env-variables.7.rst b/Help/manual/cmake-env-variables.7.rst index 5273194..e693e4c 100644 --- a/Help/manual/cmake-env-variables.7.rst +++ b/Help/manual/cmake-env-variables.7.rst @@ -27,6 +27,7 @@ Environment Variables that Change Behavior /envvar/CMAKE_MAXIMUM_RECURSION_DEPTH /envvar/CMAKE_PREFIX_PATH /envvar/CMAKE_PROGRAM_PATH + /envvar/CMAKE_TLS_VERIFY /envvar/CMAKE_TLS_VERSION /envvar/SSL_CERT_DIR /envvar/SSL_CERT_FILE diff --git a/Help/release/dev/curl-tls-version.rst b/Help/release/dev/curl-tls-version.rst index 636fa3c..26d03ad 100644 --- a/Help/release/dev/curl-tls-version.rst +++ b/Help/release/dev/curl-tls-version.rst @@ -10,6 +10,10 @@ curl-tls-version for connections to ``https://`` URLs by the :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands. +* The :envvar:`CMAKE_TLS_VERIFY` environment variable was added as a fallback + to the existing :variable:`CMAKE_TLS_VERIFY` variable. It specifies + whether to verify the server certificate for ``https://`` URLs by default. + * The :module:`ExternalProject` module's :command:`ExternalProject_Add` command gained a ``TLS_VERSION `` option, and support for the :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION` diff --git a/Help/variable/CMAKE_TLS_VERIFY.rst b/Help/variable/CMAKE_TLS_VERIFY.rst index b22f1ce..5871ac7 100644 --- a/Help/variable/CMAKE_TLS_VERIFY.rst +++ b/Help/variable/CMAKE_TLS_VERIFY.rst @@ -3,7 +3,9 @@ CMAKE_TLS_VERIFY Specify the default value for the :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands' ``TLS_VERIFY`` options. -If not set, the default is *off*. +If this variable is not set, the commands check the +:envvar:`CMAKE_TLS_VERIFY` environment variable. +If neither is set, the default is *off*. This variable is also used by the :module:`ExternalProject` and :module:`FetchContent` modules for internal calls to :command:`file(DOWNLOAD)`. diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index ac1d22b..0369051 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2036,6 +2036,12 @@ bool HandleDownloadCommand(std::vector const& args, tls_verify = v.IsOn(); } } + if (!tls_verify) { + if (cm::optional v = + cmSystemTools::GetEnvVar("CMAKE_TLS_VERIFY")) { + tls_verify = cmIsOn(*v); + } + } if (!tls_version) { if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) { @@ -2439,6 +2445,12 @@ bool HandleUploadCommand(std::vector const& args, tls_verify = v.IsOn(); } } + if (!tls_verify) { + if (cm::optional v = + cmSystemTools::GetEnvVar("CMAKE_TLS_VERIFY")) { + tls_verify = cmIsOn(*v); + } + } if (!tls_version) { if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) { diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt index 72ab8f4..fbff3b9 100644 --- a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad-stdout.txt @@ -1,4 +1,6 @@ -- def-0: 0;"No error" +-- env-0: 0;"No error" +-- env-1: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") -- var-0: 0;"No error" -- var-1: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error") -- opt-0: 0;"No error" diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake index ed19bd6..a90c2f4 100644 --- a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake +++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake @@ -7,17 +7,28 @@ function(download case) endfunction() # The default is OFF. +unset(ENV{CMAKE_TLS_VERIFY}) unset(CMAKE_TLS_VERIFY) download(def-0) -# The cmake variable overrides the default. +# The environment variable overrides the default. +set(ENV{CMAKE_TLS_VERIFY} 0) +download(env-0) +set(ENV{CMAKE_TLS_VERIFY} 1) +download(env-1) + +# The cmake variable overrides the environment variable. +set(ENV{CMAKE_TLS_VERIFY} 1) set(CMAKE_TLS_VERIFY 0) download(var-0) +set(ENV{CMAKE_TLS_VERIFY} 0) set(CMAKE_TLS_VERIFY 1) download(var-1) -# The explicit argument overrides the cmake variable. +# The explicit argument overrides the cmake variable and the environment variable. +set(ENV{CMAKE_TLS_VERIFY} 1) set(CMAKE_TLS_VERIFY 1) download(opt-0 TLS_VERIFY 0) +set(ENV{CMAKE_TLS_VERIFY} 0) set(CMAKE_TLS_VERIFY 0) download(opt-1 TLS_VERIFY 1) -- cgit v0.12 From e8404502b1b46163bc34707f0a09981a8c20aec2 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 14:29:27 -0400 Subject: ExternalProject: Revise TLS_VERIFY wording to use TLS_VERSION pattern --- Modules/ExternalProject.cmake | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index b821f1a..847ea92 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -242,19 +242,22 @@ URL ``TLS_VERIFY `` Specifies whether certificate verification should be performed for - ``https://`` URLs. If this option is not provided, the default behavior - is determined by the :variable:`CMAKE_TLS_VERIFY` variable (see - :command:`file(DOWNLOAD)`). If that is also not set, certificate - verification will not be performed. In situations where ``URL_HASH`` - cannot be provided, this option can be an alternative verification - measure. + ``https://`` URLs. If this option is not provided, the value of the + :variable:`CMAKE_TLS_VERIFY` variable will be used instead (see + :command:`file(DOWNLOAD)`). + If that is also not set, certificate verification will not be performed. + In situations where ``URL_HASH`` cannot be provided, this option can + be an alternative verification measure. + + This option also applies to ``git clone`` invocations, although the + default behavior is different. If neither the ``TLS_VERIFY`` option + or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior + will be determined by git's default (true) or a ``http.sslVerify`` + git config option the user may have set at a global level. .. versionchanged:: 3.6 - This option also applies to ``git clone`` invocations, although the - default behavior is different. If neither the ``TLS_VERIFY`` option - or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior - will be determined by git's default (true) or a ``http.sslVerify`` - git config option the user may have set at a global level. + + Previously this option did not apply to ``git clone`` invocations. ``TLS_CAINFO `` Specify a custom certificate authority file to use if ``TLS_VERIFY`` -- cgit v0.12 From 0d250dd0211e3941de51e4b612b6259718fb111a Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 12:25:00 -0400 Subject: ExternalProject: Honor CMAKE_TLS_VERIFY environment variable Issue: #23608 --- Help/envvar/CMAKE_TLS_VERIFY.rst | 4 ++++ Modules/ExternalProject.cmake | 28 +++++++++++++++++++--------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/Help/envvar/CMAKE_TLS_VERIFY.rst b/Help/envvar/CMAKE_TLS_VERIFY.rst index a0ed323..9571cb8 100644 --- a/Help/envvar/CMAKE_TLS_VERIFY.rst +++ b/Help/envvar/CMAKE_TLS_VERIFY.rst @@ -9,3 +9,7 @@ Specify the default value for the :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands' ``TLS_VERIFY`` option. This environment variable is used if the option is not given and the :variable:`CMAKE_TLS_VERIFY` cmake variable is not set. + +This variable is also used by the :module:`ExternalProject` and +:module:`FetchContent` modules for internal calls to +:command:`file(DOWNLOAD)` and ``git clone``. diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index 847ea92..3323b18 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -243,22 +243,28 @@ URL ``TLS_VERIFY `` Specifies whether certificate verification should be performed for ``https://`` URLs. If this option is not provided, the value of the - :variable:`CMAKE_TLS_VERIFY` variable will be used instead (see - :command:`file(DOWNLOAD)`). - If that is also not set, certificate verification will not be performed. + :variable:`CMAKE_TLS_VERIFY` variable or the :envvar:`CMAKE_TLS_VERIFY` + environment variable will be used instead (see :command:`file(DOWNLOAD)`). + If neither of those is set, certificate verification will not be performed. In situations where ``URL_HASH`` cannot be provided, this option can be an alternative verification measure. This option also applies to ``git clone`` invocations, although the - default behavior is different. If neither the ``TLS_VERIFY`` option - or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior - will be determined by git's default (true) or a ``http.sslVerify`` - git config option the user may have set at a global level. + default behavior is different. If none of the ``TLS_VERIFY`` option, + :variable:`CMAKE_TLS_VERIFY` variable, or :envvar:`CMAKE_TLS_VERIFY` + environment variable is specified, the behavior will be determined by + git's default (true) or a ``http.sslVerify`` git config option the + user may have set at a global level. .. versionchanged:: 3.6 Previously this option did not apply to ``git clone`` invocations. + .. versionchanged:: 3.30 + + Previously the :envvar:`CMAKE_TLS_VERIFY` environment variable + was not checked. + ``TLS_CAINFO `` Specify a custom certificate authority file to use if ``TLS_VERIFY`` is enabled. If this option is not specified, the value of the @@ -1397,8 +1403,12 @@ endfunction() function(_ep_get_tls_verify name tls_verify_var) get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY) - if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY) - set(tls_verify "${CMAKE_TLS_VERIFY}") + if("x${tls_verify}" STREQUAL "x") + if(NOT "x${CMAKE_TLS_VERIFY}" STREQUAL "x") + set(tls_verify "${CMAKE_TLS_VERIFY}") + elseif(NOT "x$ENV{CMAKE_TLS_VERIFY}" STREQUAL "x") + set(tls_verify "$ENV{CMAKE_TLS_VERIFY}") + endif() endif() set("${tls_verify_var}" "${tls_verify}" PARENT_SCOPE) endfunction() -- cgit v0.12 From c295df53c64dfc4a2225622c714898e2bdcb570e Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 13:02:13 -0400 Subject: ctest: Test fallback to CMake options for TLS server verification --- .../CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-result.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stderr.txt | 2 ++ .../CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stdout.txt | 1 + Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake.cmake | 1 + .../CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-result.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stderr.txt | 2 ++ .../CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stdout.txt | 1 + Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake.cmake | 1 + Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 4 +++- Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-result.txt | 1 + Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stderr.txt | 2 ++ Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-result.txt | 1 + Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stderr.txt | 2 ++ Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 6 +++++- 17 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake.cmake create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake.cmake create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stdout.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stdout.txt diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stdout.txt new file mode 100644 index 0000000..be5d335 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-cmake.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stdout.txt new file mode 100644 index 0000000..fa95148 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-cmake.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index e56a4cb..34408cf 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -503,7 +503,9 @@ set(ENV{CMAKE_TLS_VERSION} 1.1) # Test fallback to env variable. run_FailDrop(TLSVersion-1.1-env) unset(ENV{CMAKE_TLS_VERSION}) run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) -run_FailDrop(TLSVerify-OFF -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable. +run_FailDrop(TLSVerify-ON-cmake -DCMAKE_TLS_VERIFY=ON) # Test fallback to CMake variable. +run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF) +run_FailDrop(TLSVerify-OFF-cmake -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable. run_cmake_command(EmptyDirCoverage-ctest ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stdout.txt new file mode 100644 index 0000000..4f5120e --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-cmake-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from CMAKE_TLS_VERIFY:TLSVerify:OFF +SetCTestConfiguration:TLSVerify:OFF +.* + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt index 4f5120e..9053f6c 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt @@ -1,4 +1,4 @@ -SetCTestConfiguration from CMAKE_TLS_VERIFY:TLSVerify:OFF +SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY SetCTestConfiguration:TLSVerify:OFF .* Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stdout.txt new file mode 100644 index 0000000..015728c --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-cmake-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from CMAKE_TLS_VERIFY:TLSVerify:ON +SetCTestConfiguration:TLSVerify:ON +.* + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index ad51960..8e88a87 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -67,6 +67,10 @@ block() unset(ENV{CMAKE_TLS_VERSION}) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)") run_ctest(FailDrop-TLSVerify-ON -VV) - set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable. + set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY ON)") # Test fallback to CMake variable. + run_ctest(FailDrop-TLSVerify-ON-cmake -VV) + set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)") run_ctest(FailDrop-TLSVerify-OFF -VV) + set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable. + run_ctest(FailDrop-TLSVerify-OFF-cmake -VV) endblock() -- cgit v0.12 From 713994426427154100b0f457838dfc671b1d832f Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 29 Mar 2024 12:48:11 -0400 Subject: ctest: Fall back to CMake environment variable for TLS server verification Use `ENV{CMAKE_TLS_VERIFY}` if `CTEST_TLS_VERIFY` or `CMAKE_TLS_VERIFY` is not set. Issue: #23608 --- Help/variable/CTEST_TLS_VERIFY.rst | 4 ++-- Modules/CTestTargets.cmake | 8 ++++++-- Source/CTest/cmCTestSubmitCommand.cxx | 9 +++++++++ .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt | 2 ++ .../CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt | 1 + Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake | 1 + .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt | 2 ++ .../CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt | 1 + Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake | 1 + Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 7 +++++++ .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt | 1 + .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt | 2 ++ .../RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt | 1 + Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt | 2 ++ Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 8 ++++++++ 19 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst index bce4969..9b3d96c 100644 --- a/Help/variable/CTEST_TLS_VERIFY.rst +++ b/Help/variable/CTEST_TLS_VERIFY.rst @@ -9,5 +9,5 @@ before including the :module:`CTest` module. The value is a boolean indicating whether to verify the server certificate when submitting to a dashboard via ``https://`` URLs. -If ``CTEST_TLS_VERIFY`` is not set, :variable:`CMAKE_TLS_VERIFY` is -used instead. +If ``CTEST_TLS_VERIFY`` is not set, the :variable:`CMAKE_TLS_VERIFY` variable +or :envvar:`CMAKE_TLS_VERIFY` environment variable is used instead. diff --git a/Modules/CTestTargets.cmake b/Modules/CTestTargets.cmake index f672410..5e8a07d 100644 --- a/Modules/CTestTargets.cmake +++ b/Modules/CTestTargets.cmake @@ -28,8 +28,12 @@ block() set(CTEST_TLS_VERSION "$ENV{CMAKE_TLS_VERSION}") endif() endif() - if(NOT DEFINED CTEST_TLS_VERIFY AND DEFINED CMAKE_TLS_VERIFY) - set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}") + if(NOT DEFINED CTEST_TLS_VERIFY) + if(DEFINED CMAKE_TLS_VERIFY) + set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}") + elseif(DEFINED ENV{CMAKE_TLS_VERIFY}) + set(CTEST_TLS_VERIFY "$ENV{CMAKE_TLS_VERIFY}") + endif() endif() if(CTEST_NEW_FORMAT) configure_file( diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx index 0b21b24..029f81f 100644 --- a/Source/CTest/cmCTestSubmitCommand.cxx +++ b/Source/CTest/cmCTestSubmitCommand.cxx @@ -88,6 +88,15 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler() this->Quiet); this->CTest->SetCTestConfiguration("TLSVerify", *tlsVerifyVar, this->Quiet); + } else if (cm::optional tlsVerifyEnv = + cmSystemTools::GetEnvVar("CMAKE_TLS_VERIFY")) { + cmCTestOptionalLog( + this->CTest, HANDLER_VERBOSE_OUTPUT, + "SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:" + << *tlsVerifyEnv << std::endl, + this->Quiet); + this->CTest->SetCTestConfiguration("TLSVerify", *tlsVerifyEnv, + this->Quiet); } } this->CTest->SetCTestConfigurationFromCMakeVariable( diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt new file mode 100644 index 0000000..be5d335 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-env.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt new file mode 100644 index 0000000..fa95148 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-env.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index 34408cf..851439e 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -491,6 +491,7 @@ run_ctest(check-configuration-type) function(run_FailDrop case) set(RunCMake_TEST_BINARY_DIR ${RunCMake_BINARY_DIR}/FailDrop-${case}-build) run_cmake_with_options(FailDrop-${case} ${ARGN}) + unset(ENV{CMAKE_TLS_VERIFY}) # Test that env variable is saved in ctest config file. unset(ENV{CMAKE_TLS_VERSION}) # Test that env variable is saved in ctest config file. set(RunCMake_TEST_NO_CLEAN 1) run_cmake_command(FailDrop-${case}-ctest @@ -504,8 +505,14 @@ run_FailDrop(TLSVersion-1.1-env) unset(ENV{CMAKE_TLS_VERSION}) run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) run_FailDrop(TLSVerify-ON-cmake -DCMAKE_TLS_VERIFY=ON) # Test fallback to CMake variable. +set(ENV{CMAKE_TLS_VERIFY} 1) # Test fallback to env variable. +run_FailDrop(TLSVerify-ON-env) +unset(ENV{CMAKE_TLS_VERIFY}) run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF) run_FailDrop(TLSVerify-OFF-cmake -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable. +set(ENV{CMAKE_TLS_VERIFY} 0) # Test fallback to env variable. +run_FailDrop(TLSVerify-OFF-env) +unset(ENV{CMAKE_TLS_VERIFY}) run_cmake_command(EmptyDirCoverage-ctest ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt new file mode 100644 index 0000000..582030a --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-env-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:OFF +SetCTestConfiguration:TLSVerify:OFF +.* + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt new file mode 100644 index 0000000..add2b4c --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-env-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from ENV{CMAKE_TLS_VERIFY}:TLSVerify:ON +SetCTestConfiguration:TLSVerify:ON +.* + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index 8e88a87..3c77ddb 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -69,8 +69,16 @@ block() run_ctest(FailDrop-TLSVerify-ON -VV) set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY ON)") # Test fallback to CMake variable. run_ctest(FailDrop-TLSVerify-ON-cmake -VV) + set(ENV{CMAKE_TLS_VERIFY} ON) # Test fallback to env variable. + set(CASE_TEST_PREFIX_CODE "") + run_ctest(FailDrop-TLSVerify-ON-env -VV) + unset(ENV{CMAKE_TLS_VERIFY}) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)") run_ctest(FailDrop-TLSVerify-OFF -VV) set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable. run_ctest(FailDrop-TLSVerify-OFF-cmake -VV) + set(ENV{CMAKE_TLS_VERIFY} OFF) # Test fallback to env variable. + set(CASE_TEST_PREFIX_CODE "") + run_ctest(FailDrop-TLSVerify-OFF-env -VV) + unset(ENV{CMAKE_TLS_VERIFY}) endblock() -- cgit v0.12