From 713182de3980a7f4559f5cf67f47a27949a29096 Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 12 Mar 2024 10:35:00 -0400 Subject: Tests: Make RunCMake.ctest_submit invalid host name case more robust Use a well-defined `.invalid` top-level domain. This follows the pattern from commit 65a3c68259 (Tests: Make CMake.FileDownload invalid host name case more robust, 2020-01-21, v3.17.0-rc1~120^2). Add the invalid name to `ENV{no_proxy}` because DNS lookup failure is expected. This follows the pattern from commit c0b1f5f30c (Tests: Add host to ENV{no_proxy} when DNS lookup failure is expected, 2021-01-29, v3.20.0-rc1~79^2). --- Tests/RunCMake/ctest_submit/CDashSubmitHeaders-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/CDashSubmitQuiet-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/CTestConfig.cmake.in | 4 ---- Tests/RunCMake/ctest_submit/FILESNoBuildId-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/FILESNoBuildId-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/FailDrop-http-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/FailDrop-http-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/FailDrop-https-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/FailDrop-https-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/PARTSDone-stderr.txt | 2 +- Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 5 ++++- 13 files changed, 15 insertions(+), 16 deletions(-) diff --git a/Tests/RunCMake/ctest_submit/CDashSubmitHeaders-stderr.txt b/Tests/RunCMake/ctest_submit/CDashSubmitHeaders-stderr.txt index a8f10b5..74f37c0 100644 --- a/Tests/RunCMake/ctest_submit/CDashSubmitHeaders-stderr.txt +++ b/Tests/RunCMake/ctest_submit/CDashSubmitHeaders-stderr.txt @@ -1 +1 @@ - *Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) + *Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) diff --git a/Tests/RunCMake/ctest_submit/CDashSubmitQuiet-stderr.txt b/Tests/RunCMake/ctest_submit/CDashSubmitQuiet-stderr.txt index 4825d7a..ad6dcf4 100644 --- a/Tests/RunCMake/ctest_submit/CDashSubmitQuiet-stderr.txt +++ b/Tests/RunCMake/ctest_submit/CDashSubmitQuiet-stderr.txt @@ -1,3 +1,3 @@ *Error when uploading file: .*/Configure.xml - *Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) + *Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) *Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stderr.txt b/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stderr.txt index a8f10b5..74f37c0 100644 --- a/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stderr.txt +++ b/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stderr.txt @@ -1 +1 @@ - *Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) + *Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) diff --git a/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stdout.txt b/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stdout.txt index 11a4edf..d0c4e1a 100644 --- a/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stdout.txt +++ b/Tests/RunCMake/ctest_submit/CDashSubmitVerbose-stdout.txt @@ -1 +1 @@ -Upload file: .* to http:\/\/-no-site-\?FileName=test-site___test-build-name___.*-Experimental___XML___Configure.xml&build=test-build-name&site=test-site&stamp=.*-Experimental&subproject=mysubproj&MD5=.* Size: .* +Upload file: .* to http:\/\/badhostname.invalid\?FileName=test-site___test-build-name___.*-Experimental___XML___Configure.xml&build=test-build-name&site=test-site&stamp=.*-Experimental&subproject=mysubproj&MD5=.* Size: .* diff --git a/Tests/RunCMake/ctest_submit/CTestConfig.cmake.in b/Tests/RunCMake/ctest_submit/CTestConfig.cmake.in index c35397c..140e4be 100644 --- a/Tests/RunCMake/ctest_submit/CTestConfig.cmake.in +++ b/Tests/RunCMake/ctest_submit/CTestConfig.cmake.in @@ -3,7 +3,3 @@ # so that any ctest_submit calls fail with an error message. set(CTEST_DROP_METHOD "@CASE_DROP_METHOD@") set(CTEST_DROP_SITE "@CASE_DROP_SITE@") - -# do not use proxy for lookup of invalid site (DNS failure by proxy looks -# different than DNS failure without proxy) -set(ENV{no_proxy} "$ENV{no_proxy},@CASE_DROP_SITE@") diff --git a/Tests/RunCMake/ctest_submit/FILESNoBuildId-stderr.txt b/Tests/RunCMake/ctest_submit/FILESNoBuildId-stderr.txt index a8f10b5..74f37c0 100644 --- a/Tests/RunCMake/ctest_submit/FILESNoBuildId-stderr.txt +++ b/Tests/RunCMake/ctest_submit/FILESNoBuildId-stderr.txt @@ -1 +1 @@ - *Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) + *Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) diff --git a/Tests/RunCMake/ctest_submit/FILESNoBuildId-stdout.txt b/Tests/RunCMake/ctest_submit/FILESNoBuildId-stdout.txt index 929b254..a8f4759 100644 --- a/Tests/RunCMake/ctest_submit/FILESNoBuildId-stdout.txt +++ b/Tests/RunCMake/ctest_submit/FILESNoBuildId-stdout.txt @@ -1 +1 @@ -Upload file: .* to http:\/\/-no-site-\?FileName=test-site___test-build-name___.*-Experimental___XML___RunCMakeTest.cmake&MD5=.* Size: .* +Upload file: .* to http:\/\/badhostname.invalid\?FileName=test-site___test-build-name___.*-Experimental___XML___RunCMakeTest.cmake&MD5=.* Size: .* diff --git a/Tests/RunCMake/ctest_submit/FailDrop-http-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-http-stderr.txt index f52d2d8..b83da8d 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-http-stderr.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-http-stderr.txt @@ -1,2 +1,2 @@ -Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-http-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-http-stdout.txt index c9111b0..bd7d6b6 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-http-stdout.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-http-stdout.txt @@ -1,2 +1,2 @@ Submit files - SubmitURL: http://-no-site- + SubmitURL: http://badhostname.invalid diff --git a/Tests/RunCMake/ctest_submit/FailDrop-https-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-https-stderr.txt index 259f7d0..e3df62f 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-https-stderr.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-https-stderr.txt @@ -1,2 +1,2 @@ -Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-https-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-https-stdout.txt index 2c67eb9..f97f63c 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-https-stdout.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-https-stdout.txt @@ -1,2 +1,2 @@ Submit files - SubmitURL: https://-no-site- + SubmitURL: https://badhostname.invalid diff --git a/Tests/RunCMake/ctest_submit/PARTSDone-stderr.txt b/Tests/RunCMake/ctest_submit/PARTSDone-stderr.txt index 0020a0f..86cd817 100644 --- a/Tests/RunCMake/ctest_submit/PARTSDone-stderr.txt +++ b/Tests/RunCMake/ctest_submit/PARTSDone-stderr.txt @@ -1,3 +1,3 @@ *Error when uploading file: .*/Done.xml - *Error message was: ([Cc]ould *n.t resolve host:? '?-no-site-'?.*|The requested URL returned error:.*) + *Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?.*|The requested URL returned error:.*) *Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index 78856b4..ad35bf5 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -2,9 +2,12 @@ include(RunCTest) # Default case parameters. set(CASE_DROP_METHOD "http") -set(CASE_DROP_SITE "-no-site-") +set(CASE_DROP_SITE "badhostname.invalid") set(CASE_CTEST_SUBMIT_ARGS "") +# Do not use any proxy for lookup of an invalid site. +# DNS failure by proxy looks different than DNS failure without proxy. +set(ENV{no_proxy} "$ENV{no_proxy},badhostname.invalid") function(run_ctest_submit CASE_NAME) set(CASE_CTEST_SUBMIT_ARGS "${ARGN}") -- cgit v0.12 From fbae527191695a2efb62d95c80abd3f6c2655f8d Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 5 Mar 2024 19:26:05 -0500 Subject: Help: Factor out CMAKE_TLS_VERSION allowed values --- Help/variable/CMAKE_TLS_VERSION-VALUES.txt | 7 +++++++ Help/variable/CMAKE_TLS_VERSION.rst | 8 +------- 2 files changed, 8 insertions(+), 7 deletions(-) create mode 100644 Help/variable/CMAKE_TLS_VERSION-VALUES.txt diff --git a/Help/variable/CMAKE_TLS_VERSION-VALUES.txt b/Help/variable/CMAKE_TLS_VERSION-VALUES.txt new file mode 100644 index 0000000..47fd2bc --- /dev/null +++ b/Help/variable/CMAKE_TLS_VERSION-VALUES.txt @@ -0,0 +1,7 @@ +* ``1.0`` + +* ``1.1`` + +* ``1.2`` + +* ``1.3`` diff --git a/Help/variable/CMAKE_TLS_VERSION.rst b/Help/variable/CMAKE_TLS_VERSION.rst index ed93081..3e7f2ce 100644 --- a/Help/variable/CMAKE_TLS_VERSION.rst +++ b/Help/variable/CMAKE_TLS_VERSION.rst @@ -10,13 +10,7 @@ If this variable is not set, the commands check the The value may be one of: -* ``1.0`` - -* ``1.1`` - -* ``1.2`` - -* ``1.3`` +.. include:: CMAKE_TLS_VERSION-VALUES.txt This variable is also used by the :module:`ExternalProject` and :module:`FetchContent` modules for internal calls to -- cgit v0.12 From 9e5b954adb0f5f29f12b4e581cda228e6c436239 Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 29 Feb 2024 14:29:39 -0500 Subject: Help: Format ctest(1) CurlOptions values as a definition list --- Help/manual/ctest.1.rst | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst index 0e90ab6..dff77f9 100644 --- a/Help/manual/ctest.1.rst +++ b/Help/manual/ctest.1.rst @@ -1454,12 +1454,19 @@ Configuration settings include: ``CurlOptions`` Specify a semicolon-separated list of options to control the Curl library that CTest uses internally to connect to the - server. Possible options are ``CURLOPT_SSL_VERIFYPEER_OFF`` - and ``CURLOPT_SSL_VERIFYHOST_OFF``. + server. * `CTest Script`_ variable: :variable:`CTEST_CURL_OPTIONS` * :module:`CTest` module variable: ``CTEST_CURL_OPTIONS`` + Possible options are: + + ``CURLOPT_SSL_VERIFYPEER_OFF`` + Disable the ``CURLOPT_SSL_VERIFYPEER`` curl option. + + ``CURLOPT_SSL_VERIFYHOST_OFF`` + Disable the ``CURLOPT_SSL_VERIFYHOST`` curl option. + ``DropLocation`` Legacy option. When ``SubmitURL`` is not set, it is constructed from ``DropMethod``, ``DropSiteUser``, ``DropSitePassword``, ``DropSite``, and -- cgit v0.12 From cf4253ed6095e818b89ff04ffe684e93d01bc4a5 Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 29 Feb 2024 14:41:01 -0500 Subject: cmCurl: Improve signature of cmCurlParseTLSVersion Avoid requiring caller to allocate a string. --- Source/cmCurl.cxx | 2 +- Source/cmCurl.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index ae242ee..e57e55d 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -34,7 +34,7 @@ } \ } while (false) -cm::optional cmCurlParseTLSVersion(std::string const& tls_version) +cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) { cm::optional v; if (tls_version == "1.0"_s) { diff --git a/Source/cmCurl.h b/Source/cmCurl.h index b895a30..9675e08 100644 --- a/Source/cmCurl.h +++ b/Source/cmCurl.h @@ -7,10 +7,11 @@ #include #include +#include #include -cm::optional cmCurlParseTLSVersion(std::string const& tls_version); +cm::optional cmCurlParseTLSVersion(cm::string_view tls_version); std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile = {}); std::string cmCurlSetNETRCOption(::CURL* curl, const std::string& netrc_level, const std::string& netrc_file); -- cgit v0.12 From fc639823d23d1090b8b8dcb4dd65005b41c6a8de Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 29 Feb 2024 14:44:30 -0500 Subject: cmCurl: Factor out compatibility code for curl < 7.52 --- Source/cmCurl.cxx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index e57e55d..5127110 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -34,6 +34,11 @@ } \ } while (false) +// curl versions before 7.52.0 did not provide TLS 1.3 support +#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400 +# define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST +#endif + cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) { cm::optional v; @@ -44,12 +49,7 @@ cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) } else if (tls_version == "1.2"_s) { v = CURL_SSLVERSION_TLSv1_2; } else if (tls_version == "1.3"_s) { - // curl version 7.52.0 introduced TLS 1.3 support -#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM >= 0x073400 v = CURL_SSLVERSION_TLSv1_3; -#else - v = CURL_SSLVERSION_LAST; -#endif } return v; } -- cgit v0.12 From cb2f73aa7721ec8363324d896386e70160891cde Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 29 Feb 2024 14:49:53 -0500 Subject: cmCurl: Add helper to print curl tls version --- Source/cmCurl.cxx | 20 ++++++++++++++++++++ Source/cmCurl.h | 1 + 2 files changed, 21 insertions(+) diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index 5127110..dbb5e39 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -54,6 +54,26 @@ cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) return v; } +cm::optional cmCurlPrintTLSVersion(int curl_tls_version) +{ + cm::optional s; + switch (curl_tls_version) { + case CURL_SSLVERSION_TLSv1_0: + s = "CURL_SSLVERSION_TLSv1_0"_s; + break; + case CURL_SSLVERSION_TLSv1_1: + s = "CURL_SSLVERSION_TLSv1_1"_s; + break; + case CURL_SSLVERSION_TLSv1_2: + s = "CURL_SSLVERSION_TLSv1_2"_s; + break; + case CURL_SSLVERSION_TLSv1_3: + s = "CURL_SSLVERSION_TLSv1_3"_s; + break; + } + return s; +} + std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile) { std::string e; diff --git a/Source/cmCurl.h b/Source/cmCurl.h index 9675e08..8b8c88b 100644 --- a/Source/cmCurl.h +++ b/Source/cmCurl.h @@ -12,6 +12,7 @@ #include cm::optional cmCurlParseTLSVersion(cm::string_view tls_version); +cm::optional cmCurlPrintTLSVersion(int curl_tls_version); std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile = {}); std::string cmCurlSetNETRCOption(::CURL* curl, const std::string& netrc_level, const std::string& netrc_file); -- cgit v0.12 From add81210dffb53a1baed3f9264a3f0b073bc5fd5 Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 7 Mar 2024 13:12:32 -0500 Subject: cmCurl: Assert that we cover all TLS versions supported by our vendored curl --- Source/cmCurl.cxx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index dbb5e39..ddd5f69 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -39,6 +39,14 @@ # define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST #endif +// Make sure we keep up with new TLS versions supported by curl. +// Do this only for our vendored curl to avoid breaking builds +// against external future versions of curl. +#if !defined(CMAKE_USE_SYSTEM_CURL) +static_assert(CURL_SSLVERSION_LAST == 8, + "A new CURL_SSLVERSION_ may be available!"); +#endif + cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) { cm::optional v; -- cgit v0.12 From 7f668bb94fcf4a556495bbfa34a7c64b63747112 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 1 Mar 2024 10:45:29 -0500 Subject: cmCTestCurl: Use inline member initialization --- Source/CTest/cmCTestCurl.cxx | 8 +------- Source/CTest/cmCTestCurl.h | 12 ++++++------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index 8f7d581..e90b494 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -13,17 +13,11 @@ #include "cmSystemTools.h" cmCTestCurl::cmCTestCurl(cmCTest* ctest) + : CTest(ctest) { - this->CTest = ctest; this->SetProxyType(); - this->UseHttp10 = false; // In windows, this will init the winsock stuff ::curl_global_init(CURL_GLOBAL_ALL); - // default is to verify https - this->VerifyPeerOff = false; - this->VerifyHostOff = false; - this->Quiet = false; - this->TimeOutSeconds = 0; this->Curl = curl_easy_init(); } diff --git a/Source/CTest/cmCTestCurl.h b/Source/CTest/cmCTestCurl.h index d9aa916..44c1828 100644 --- a/Source/CTest/cmCTestCurl.h +++ b/Source/CTest/cmCTestCurl.h @@ -40,14 +40,14 @@ protected: private: cmCTest* CTest; - CURL* Curl; + CURL* Curl = nullptr; std::vector HttpHeaders; std::string HTTPProxyAuth; std::string HTTPProxy; curl_proxytype HTTPProxyType; - bool VerifyHostOff; - bool VerifyPeerOff; - bool UseHttp10; - bool Quiet; - int TimeOutSeconds; + bool VerifyHostOff = false; + bool VerifyPeerOff = false; + bool UseHttp10 = false; + bool Quiet = false; + int TimeOutSeconds = 0; }; -- cgit v0.12 From 8a3a486fb50d179be34e3b2165008f5495112a19 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 1 Mar 2024 10:47:38 -0500 Subject: cmCTestCurl: Factor out helper struct for curl options --- Source/CTest/cmCTestCurl.cxx | 9 ++++++--- Source/CTest/cmCTestCurl.h | 13 ++++++++----- Source/CTest/cmCTestSubmitHandler.cxx | 21 +++------------------ 3 files changed, 17 insertions(+), 26 deletions(-) diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index e90b494..d3a0a13 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -9,11 +9,13 @@ #include "cmCTest.h" #include "cmCurl.h" +#include "cmList.h" #include "cmStringAlgorithms.h" #include "cmSystemTools.h" cmCTestCurl::cmCTestCurl(cmCTest* ctest) : CTest(ctest) + , CurlOpts(ctest) { this->SetProxyType(); // In windows, this will init the winsock stuff @@ -53,8 +55,9 @@ size_t curlDebugCallback(CURL* /*unused*/, curl_infotype /*unused*/, } } -void cmCTestCurl::SetCurlOptions(std::vector const& args) +cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest) { + cmList args{ ctest->GetCTestConfiguration("CurlOptions") }; for (std::string const& arg : args) { if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") { this->VerifyPeerOff = true; @@ -71,10 +74,10 @@ bool cmCTestCurl::InitCurl() return false; } cmCurlSetCAInfo(this->Curl); - if (this->VerifyPeerOff) { + if (this->CurlOpts.VerifyPeerOff) { curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER, 0); } - if (this->VerifyHostOff) { + if (this->CurlOpts.VerifyHostOff) { curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYHOST, 0); } if (!this->HTTPProxy.empty()) { diff --git a/Source/CTest/cmCTestCurl.h b/Source/CTest/cmCTestCurl.h index 44c1828..ea60f19 100644 --- a/Source/CTest/cmCTestCurl.h +++ b/Source/CTest/cmCTestCurl.h @@ -11,6 +11,13 @@ class cmCTest; +struct cmCTestCurlOpts +{ + cmCTestCurlOpts(cmCTest* ctest); + bool VerifyPeerOff = false; + bool VerifyHostOff = false; +}; + class cmCTestCurl { public: @@ -22,9 +29,6 @@ public: std::string const& fields, std::string& response); bool HttpRequest(std::string const& url, std::string const& fields, std::string& response); - // currently only supports CURLOPT_SSL_VERIFYPEER_OFF - // and CURLOPT_SSL_VERIFYHOST_OFF - void SetCurlOptions(std::vector const& args); void SetHttpHeaders(std::vector const& v) { this->HttpHeaders = v; @@ -40,13 +44,12 @@ protected: private: cmCTest* CTest; + cmCTestCurlOpts CurlOpts; CURL* Curl = nullptr; std::vector HttpHeaders; std::string HTTPProxyAuth; std::string HTTPProxy; curl_proxytype HTTPProxyType; - bool VerifyHostOff = false; - bool VerifyPeerOff = false; bool UseHttp10 = false; bool Quiet = false; int TimeOutSeconds = 0; diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx index db8a054..654fbfa 100644 --- a/Source/CTest/cmCTestSubmitHandler.cxx +++ b/Source/CTest/cmCTestSubmitHandler.cxx @@ -22,7 +22,6 @@ #include "cmCurl.h" #include "cmDuration.h" #include "cmGeneratedFileStream.h" -#include "cmList.h" #include "cmState.h" #include "cmStringAlgorithms.h" #include "cmSystemTools.h" @@ -172,30 +171,19 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP( /* In windows, this will init the winsock stuff */ ::curl_global_init(CURL_GLOBAL_ALL); - std::string curlopt(this->CTest->GetCTestConfiguration("CurlOptions")); - cmList args{ curlopt }; - bool verifyPeerOff = false; - bool verifyHostOff = false; - for (std::string const& arg : args) { - if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") { - verifyPeerOff = true; - } - if (arg == "CURLOPT_SSL_VERIFYHOST_OFF") { - verifyHostOff = true; - } - } + cmCTestCurlOpts curlOpts(this->CTest); for (std::string const& file : files) { /* get a curl handle */ curl = curl_easy_init(); if (curl) { cmCurlSetCAInfo(curl); - if (verifyPeerOff) { + if (curlOpts.VerifyPeerOff) { cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT, " Set CURLOPT_SSL_VERIFYPEER to off\n", this->Quiet); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); } - if (verifyHostOff) { + if (curlOpts.VerifyHostOff) { cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT, " Set CURLOPT_SSL_VERIFYHOST to off\n", this->Quiet); @@ -518,9 +506,6 @@ int cmCTestSubmitHandler::HandleCDashUploadFile(std::string const& file, } cmCTestCurl curl(this->CTest); curl.SetQuiet(this->Quiet); - std::string curlopt(this->CTest->GetCTestConfiguration("CurlOptions")); - cmList args{ curlopt }; - curl.SetCurlOptions(args); auto submitInactivityTimeout = this->GetSubmitInactivityTimeout(); if (submitInactivityTimeout != 0) { curl.SetTimeOutSeconds(submitInactivityTimeout); -- cgit v0.12 From 51728a6dd3955eadb596b8eb7b74681f529d39cb Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 5 Mar 2024 19:50:23 -0500 Subject: CTest: Create scope to isolate defaults for DartConfiguration.tcl --- Modules/CTestTargets.cmake | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Modules/CTestTargets.cmake b/Modules/CTestTargets.cmake index 99ef8e5..2e11d64 100644 --- a/Modules/CTestTargets.cmake +++ b/Modules/CTestTargets.cmake @@ -20,15 +20,17 @@ mark_as_advanced(CMAKE_CTEST_COMMAND) # Use CTest # configure files -if(CTEST_NEW_FORMAT) - configure_file( - ${CMAKE_ROOT}/Modules/DartConfiguration.tcl.in - ${PROJECT_BINARY_DIR}/CTestConfiguration.ini ) -else() - configure_file( - ${CMAKE_ROOT}/Modules/DartConfiguration.tcl.in - ${PROJECT_BINARY_DIR}/DartConfiguration.tcl ) -endif() +block() + if(CTEST_NEW_FORMAT) + configure_file( + ${CMAKE_ROOT}/Modules/DartConfiguration.tcl.in + ${PROJECT_BINARY_DIR}/CTestConfiguration.ini ) + else() + configure_file( + ${CMAKE_ROOT}/Modules/DartConfiguration.tcl.in + ${PROJECT_BINARY_DIR}/DartConfiguration.tcl ) + endif() +endblock() # # Section 3: -- cgit v0.12 From 0aba13a2f3169687943d4b7d0f05ed65e46ca137 Mon Sep 17 00:00:00 2001 From: Brad King Date: Fri, 1 Mar 2024 10:56:03 -0500 Subject: ctest: Add explicit options for TLS server verification Add a dedicated `TLSVerify` ctest option and a `CTEST_TLS_VERIFY` variable to control it. Deprecate `CurlOptions` because it exposes internal implementation details. --- Help/manual/cmake-variables.7.rst | 1 + Help/manual/ctest.1.rst | 13 +++++++++++ Help/release/dev/curl-tls-version.rst | 4 ++++ Help/variable/CTEST_CURL_OPTIONS.rst | 4 ++++ Help/variable/CTEST_TLS_VERIFY.rst | 10 +++++++++ Modules/DartConfiguration.tcl.in | 2 ++ Source/CTest/cmCTestCurl.cxx | 25 ++++++++++++++-------- Source/CTest/cmCTestCurl.h | 4 +++- Source/CTest/cmCTestSubmitCommand.cxx | 2 ++ Source/CTest/cmCTestSubmitHandler.cxx | 10 ++++++--- .../FailDrop-TLSVerify-OFF-ctest-result.txt | 1 + .../FailDrop-TLSVerify-OFF-ctest-stderr.txt | 2 ++ .../FailDrop-TLSVerify-OFF-ctest-stdout.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-OFF.cmake | 1 + .../FailDrop-TLSVerify-ON-ctest-result.txt | 1 + .../FailDrop-TLSVerify-ON-ctest-stderr.txt | 2 ++ .../FailDrop-TLSVerify-ON-ctest-stdout.txt | 1 + .../CTestCommandLine/FailDrop-TLSVerify-ON.cmake | 1 + .../CTestCommandLine/FailDrop-common.cmake | 3 +++ Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 15 +++++++++++++ .../ctest_submit/FailDrop-TLSVerify-OFF-result.txt | 1 + .../ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt | 2 ++ .../ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt | 4 ++++ .../ctest_submit/FailDrop-TLSVerify-ON-result.txt | 1 + .../ctest_submit/FailDrop-TLSVerify-ON-stderr.txt | 2 ++ .../ctest_submit/FailDrop-TLSVerify-ON-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 8 +++++++ Tests/RunCMake/ctest_submit/test.cmake.in | 1 + 28 files changed, 113 insertions(+), 13 deletions(-) create mode 100644 Help/variable/CTEST_TLS_VERIFY.rst create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst index d08ee2c..7728cb4 100644 --- a/Help/manual/cmake-variables.7.rst +++ b/Help/manual/cmake-variables.7.rst @@ -728,6 +728,7 @@ Variables for CTest /variable/CTEST_SVN_UPDATE_OPTIONS /variable/CTEST_TEST_LOAD /variable/CTEST_TEST_TIMEOUT + /variable/CTEST_TLS_VERIFY /variable/CTEST_UPDATE_COMMAND /variable/CTEST_UPDATE_OPTIONS /variable/CTEST_UPDATE_VERSION_ONLY diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst index dff77f9..45ff6da 100644 --- a/Help/manual/ctest.1.rst +++ b/Help/manual/ctest.1.rst @@ -1452,6 +1452,10 @@ Configuration settings include: * :module:`CTest` module variable: ``CTEST_SUBMIT_RETRY_DELAY`` ``CurlOptions`` + .. deprecated:: 3.30 + + Use ``TLSVerify`` instead. + Specify a semicolon-separated list of options to control the Curl library that CTest uses internally to connect to the server. @@ -1547,6 +1551,15 @@ Configuration settings include: * `CTest Script`_ variable: :variable:`CTEST_SUBMIT_INACTIVITY_TIMEOUT` * :module:`CTest` module variable: ``CTEST_SUBMIT_INACTIVITY_TIMEOUT`` +``TLSVerify`` + .. versionadded:: 3.30 + + Specify a boolean value indicating whether to verify the server + certificate when submitting to a dashboard via ``https://`` URLs. + + * `CTest Script`_ variable: :variable:`CTEST_TLS_VERIFY` + * :module:`CTest` module variable: ``CTEST_TLS_VERIFY`` + ``TriggerSite`` Legacy option. Not used. diff --git a/Help/release/dev/curl-tls-version.rst b/Help/release/dev/curl-tls-version.rst index 4b7fe44..6adf189 100644 --- a/Help/release/dev/curl-tls-version.rst +++ b/Help/release/dev/curl-tls-version.rst @@ -15,3 +15,7 @@ curl-tls-version :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION` environment variable, to specify the minimum TLS version for connections to ``https://`` URLs. + +* The :command:`ctest_submit` command and :option:`ctest -T Submit ` + step gained a ``TLSVerify`` option to control negotiation with + ``https://`` URLs. See the :variable:`CTEST_TLS_VERIFY` variable. diff --git a/Help/variable/CTEST_CURL_OPTIONS.rst b/Help/variable/CTEST_CURL_OPTIONS.rst index 14af4e4..45e84ed 100644 --- a/Help/variable/CTEST_CURL_OPTIONS.rst +++ b/Help/variable/CTEST_CURL_OPTIONS.rst @@ -1,6 +1,10 @@ CTEST_CURL_OPTIONS ------------------ +.. deprecated:: 3.30 + + Use the :variable:`CTEST_TLS_VERIFY` variable instead. + .. versionadded:: 3.1 Specify the CTest ``CurlOptions`` setting diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst new file mode 100644 index 0000000..22133bd --- /dev/null +++ b/Help/variable/CTEST_TLS_VERIFY.rst @@ -0,0 +1,10 @@ +CTEST_TLS_VERIFY +---------------- + +.. versionadded:: 3.30 + +Specify the CTest ``TLSVerify`` setting in a :manual:`ctest(1)` +:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code +before including the :module:`CTest` module. The value is a boolean +indicating whether to verify the server certificate when submitting +to a dashboard via ``https://`` URLs. diff --git a/Modules/DartConfiguration.tcl.in b/Modules/DartConfiguration.tcl.in index afa36f7..eb0f0ba 100644 --- a/Modules/DartConfiguration.tcl.in +++ b/Modules/DartConfiguration.tcl.in @@ -95,6 +95,8 @@ TimeOut: @DART_TESTING_TIMEOUT@ # so would cause the system load to exceed this value. TestLoad: @CTEST_TEST_LOAD@ +TLSVerify: @CTEST_TLS_VERIFY@ + UseLaunchers: @CTEST_USE_LAUNCHERS@ CurlOptions: @CTEST_CURL_OPTIONS@ # warning, if you add new options here that have to do with submit, diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index d3a0a13..e5963c6 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -12,6 +12,7 @@ #include "cmList.h" #include "cmStringAlgorithms.h" #include "cmSystemTools.h" +#include "cmValue.h" cmCTestCurl::cmCTestCurl(cmCTest* ctest) : CTest(ctest) @@ -57,13 +58,18 @@ size_t curlDebugCallback(CURL* /*unused*/, curl_infotype /*unused*/, cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest) { - cmList args{ ctest->GetCTestConfiguration("CurlOptions") }; - for (std::string const& arg : args) { - if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") { - this->VerifyPeerOff = true; - } - if (arg == "CURLOPT_SSL_VERIFYHOST_OFF") { - this->VerifyHostOff = true; + std::string tlsVerify = ctest->GetCTestConfiguration("TLSVerify"); + if (!tlsVerify.empty()) { + this->TLSVerifyOpt = cmIsOn(tlsVerify); + } else { + cmList args{ ctest->GetCTestConfiguration("CurlOptions") }; + for (std::string const& arg : args) { + if (arg == "CURLOPT_SSL_VERIFYPEER_OFF") { + this->TLSVerifyOpt = false; + } + if (arg == "CURLOPT_SSL_VERIFYHOST_OFF") { + this->VerifyHostOff = true; + } } } } @@ -74,8 +80,9 @@ bool cmCTestCurl::InitCurl() return false; } cmCurlSetCAInfo(this->Curl); - if (this->CurlOpts.VerifyPeerOff) { - curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER, 0); + if (this->CurlOpts.TLSVerifyOpt) { + curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER, + *this->CurlOpts.TLSVerifyOpt ? 1 : 0); } if (this->CurlOpts.VerifyHostOff) { curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/Source/CTest/cmCTestCurl.h b/Source/CTest/cmCTestCurl.h index ea60f19..b027e43 100644 --- a/Source/CTest/cmCTestCurl.h +++ b/Source/CTest/cmCTestCurl.h @@ -7,6 +7,8 @@ #include #include +#include + #include class cmCTest; @@ -14,7 +16,7 @@ class cmCTest; struct cmCTestCurlOpts { cmCTestCurlOpts(cmCTest* ctest); - bool VerifyPeerOff = false; + cm::optional TLSVerifyOpt; bool VerifyHostOff = false; }; diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx index a92f9f2..90542e9 100644 --- a/Source/CTest/cmCTestSubmitCommand.cxx +++ b/Source/CTest/cmCTestSubmitCommand.cxx @@ -56,6 +56,8 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler() } this->CTest->SetCTestConfigurationFromCMakeVariable( + this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet); + this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "CurlOptions", "CTEST_CURL_OPTIONS", this->Quiet); this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "SubmitInactivityTimeout", diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx index 654fbfa..431f108 100644 --- a/Source/CTest/cmCTestSubmitHandler.cxx +++ b/Source/CTest/cmCTestSubmitHandler.cxx @@ -8,6 +8,7 @@ #include #include +#include #include #include @@ -177,11 +178,14 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP( curl = curl_easy_init(); if (curl) { cmCurlSetCAInfo(curl); - if (curlOpts.VerifyPeerOff) { + if (curlOpts.TLSVerifyOpt) { cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT, - " Set CURLOPT_SSL_VERIFYPEER to off\n", + " Set CURLOPT_SSL_VERIFYPEER to " + << (*curlOpts.TLSVerifyOpt ? "on" : "off") + << "\n", this->Quiet); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, + *curlOpts.TLSVerifyOpt ? 1 : 0); } if (curlOpts.VerifyHostOff) { cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT, diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt new file mode 100644 index 0000000..be5d335 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-OFF.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt new file mode 100644 index 0000000..fa95148 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVerify-ON.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake new file mode 100644 index 0000000..134d26d --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-common.cmake @@ -0,0 +1,3 @@ +set(SUBMIT_URL "https://badhostname.invalid") +set(CTEST_SUBMIT_RETRY_COUNT 0 CACHE STRING "") +include(CTest) diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index 03aa690..c7f772c 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -1,6 +1,10 @@ include(RunCMake) include(RunCTest) +# Do not use any proxy for lookup of an invalid site. +# DNS failure by proxy looks different than DNS failure without proxy. +set(ENV{no_proxy} "$ENV{no_proxy},badhostname.invalid") + set(RunCMake_TEST_TIMEOUT 60) run_cmake_command(repeat-opt-bad1 @@ -484,6 +488,17 @@ run_NoTests() # Check the configuration type variable is passed run_ctest(check-configuration-type) +function(run_FailDrop case) + set(RunCMake_TEST_BINARY_DIR ${RunCMake_BINARY_DIR}/FailDrop-${case}-build) + run_cmake_with_options(FailDrop-${case} ${ARGN}) + set(RunCMake_TEST_NO_CLEAN 1) + run_cmake_command(FailDrop-${case}-ctest + ${CMAKE_CTEST_COMMAND} -M Experimental -T Submit -VV + ) +endfunction() +run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) +run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF) + run_cmake_command(EmptyDirCoverage-ctest ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage ) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt new file mode 100644 index 0000000..9053f6c --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY +SetCTestConfiguration:TLSVerify:OFF +.* + Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt new file mode 100644 index 0000000..c2764c3 --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-ON-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY +SetCTestConfiguration:TLSVerify:ON +.* + Set CURLOPT_SSL_VERIFYPEER to on diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index ad35bf5..4d2d95b 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -4,6 +4,7 @@ include(RunCTest) set(CASE_DROP_METHOD "http") set(CASE_DROP_SITE "badhostname.invalid") set(CASE_CTEST_SUBMIT_ARGS "") +set(CASE_TEST_PREFIX_CODE "") # Do not use any proxy for lookup of an invalid site. # DNS failure by proxy looks different than DNS failure without proxy. @@ -54,3 +55,10 @@ endfunction() run_ctest_submit_FailDrop(http) run_ctest_submit_FailDrop(https) +block() + set(CASE_DROP_METHOD "https") + set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)") + run_ctest(FailDrop-TLSVerify-ON -VV) + set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)") + run_ctest(FailDrop-TLSVerify-OFF -VV) +endblock() diff --git a/Tests/RunCMake/ctest_submit/test.cmake.in b/Tests/RunCMake/ctest_submit/test.cmake.in index 0f4885f..6026c35 100644 --- a/Tests/RunCMake/ctest_submit/test.cmake.in +++ b/Tests/RunCMake/ctest_submit/test.cmake.in @@ -1,4 +1,5 @@ cmake_minimum_required(VERSION 3.5) +@CASE_TEST_PREFIX_CODE@ set(CTEST_SITE "test-site") set(CTEST_BUILD_NAME "test-build-name") -- cgit v0.12 From 6671f17f65a2d4907f1b598dc2823209714f7ac2 Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 29 Feb 2024 14:25:04 -0500 Subject: ctest: Add explicit options for TLS version Add a dedicated `TLSVersion` ctest option and a `CTEST_TLS_VERSION` variable to control it. Issue: #25701 --- Help/manual/cmake-variables.7.rst | 1 + Help/manual/ctest.1.rst | 9 +++++++++ Help/release/dev/curl-tls-version.rst | 5 +++-- Help/variable/CTEST_TLS_VERSION.rst | 13 +++++++++++++ Modules/DartConfiguration.tcl.in | 1 + Source/CTest/cmCTestCurl.cxx | 7 +++++++ Source/CTest/cmCTestCurl.h | 1 + Source/CTest/cmCTestSubmitCommand.cxx | 2 ++ Source/CTest/cmCTestSubmitHandler.cxx | 10 ++++++++++ .../FailDrop-TLSVersion-1.1-ctest-result.txt | 1 + .../FailDrop-TLSVersion-1.1-ctest-stderr.txt | 2 ++ .../FailDrop-TLSVersion-1.1-ctest-stdout.txt | 1 + .../RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1.cmake | 1 + Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 1 + .../ctest_submit/FailDrop-TLSVersion-1.1-result.txt | 1 + .../ctest_submit/FailDrop-TLSVersion-1.1-stderr.txt | 2 ++ .../ctest_submit/FailDrop-TLSVersion-1.1-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 2 ++ 18 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 Help/variable/CTEST_TLS_VERSION.rst create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1.cmake create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stdout.txt diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst index 7728cb4..4bb0ec8 100644 --- a/Help/manual/cmake-variables.7.rst +++ b/Help/manual/cmake-variables.7.rst @@ -729,6 +729,7 @@ Variables for CTest /variable/CTEST_TEST_LOAD /variable/CTEST_TEST_TIMEOUT /variable/CTEST_TLS_VERIFY + /variable/CTEST_TLS_VERSION /variable/CTEST_UPDATE_COMMAND /variable/CTEST_UPDATE_OPTIONS /variable/CTEST_UPDATE_VERSION_ONLY diff --git a/Help/manual/ctest.1.rst b/Help/manual/ctest.1.rst index 45ff6da..c9ab31e 100644 --- a/Help/manual/ctest.1.rst +++ b/Help/manual/ctest.1.rst @@ -1551,6 +1551,15 @@ Configuration settings include: * `CTest Script`_ variable: :variable:`CTEST_SUBMIT_INACTIVITY_TIMEOUT` * :module:`CTest` module variable: ``CTEST_SUBMIT_INACTIVITY_TIMEOUT`` +``TLSVersion`` + .. versionadded:: 3.30 + + Specify a minimum TLS version allowed when submitting to a dashboard + via ``https://`` URLs. + + * `CTest Script`_ variable: :variable:`CTEST_TLS_VERSION` + * :module:`CTest` module variable: ``CTEST_TLS_VERSION`` + ``TLSVerify`` .. versionadded:: 3.30 diff --git a/Help/release/dev/curl-tls-version.rst b/Help/release/dev/curl-tls-version.rst index 6adf189..636fa3c 100644 --- a/Help/release/dev/curl-tls-version.rst +++ b/Help/release/dev/curl-tls-version.rst @@ -17,5 +17,6 @@ curl-tls-version to ``https://`` URLs. * The :command:`ctest_submit` command and :option:`ctest -T Submit ` - step gained a ``TLSVerify`` option to control negotiation with - ``https://`` URLs. See the :variable:`CTEST_TLS_VERIFY` variable. + step gained ``TLSVersion`` and ``TLSVerify`` options to control negotiation + with ``https://`` URLs. See the :variable:`CTEST_TLS_VERSION` and + :variable:`CTEST_TLS_VERIFY` variables. diff --git a/Help/variable/CTEST_TLS_VERSION.rst b/Help/variable/CTEST_TLS_VERSION.rst new file mode 100644 index 0000000..c19d2a4 --- /dev/null +++ b/Help/variable/CTEST_TLS_VERSION.rst @@ -0,0 +1,13 @@ +CTEST_TLS_VERSION +----------------- + +.. versionadded:: 3.30 + +Specify the CTest ``TLSVersion`` setting in a :manual:`ctest(1)` +:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code +before including the :module:`CTest` module. The value is a minimum +TLS version allowed when submitting to a dashboard via ``https://`` URLs. + +The value may be one of: + +.. include:: CMAKE_TLS_VERSION-VALUES.txt diff --git a/Modules/DartConfiguration.tcl.in b/Modules/DartConfiguration.tcl.in index eb0f0ba..67d9f8f 100644 --- a/Modules/DartConfiguration.tcl.in +++ b/Modules/DartConfiguration.tcl.in @@ -96,6 +96,7 @@ TimeOut: @DART_TESTING_TIMEOUT@ TestLoad: @CTEST_TEST_LOAD@ TLSVerify: @CTEST_TLS_VERIFY@ +TLSVersion: @CTEST_TLS_VERSION@ UseLaunchers: @CTEST_USE_LAUNCHERS@ CurlOptions: @CTEST_CURL_OPTIONS@ diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index e5963c6..3a5806b 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -58,6 +58,9 @@ size_t curlDebugCallback(CURL* /*unused*/, curl_infotype /*unused*/, cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest) { + this->TLSVersionOpt = + cmCurlParseTLSVersion(ctest->GetCTestConfiguration("TLSVersion")); + std::string tlsVerify = ctest->GetCTestConfiguration("TLSVerify"); if (!tlsVerify.empty()) { this->TLSVerifyOpt = cmIsOn(tlsVerify); @@ -80,6 +83,10 @@ bool cmCTestCurl::InitCurl() return false; } cmCurlSetCAInfo(this->Curl); + if (this->CurlOpts.TLSVersionOpt) { + curl_easy_setopt(this->Curl, CURLOPT_SSLVERSION, + *this->CurlOpts.TLSVersionOpt); + } if (this->CurlOpts.TLSVerifyOpt) { curl_easy_setopt(this->Curl, CURLOPT_SSL_VERIFYPEER, *this->CurlOpts.TLSVerifyOpt ? 1 : 0); diff --git a/Source/CTest/cmCTestCurl.h b/Source/CTest/cmCTestCurl.h index b027e43..7836f4b 100644 --- a/Source/CTest/cmCTestCurl.h +++ b/Source/CTest/cmCTestCurl.h @@ -16,6 +16,7 @@ class cmCTest; struct cmCTestCurlOpts { cmCTestCurlOpts(cmCTest* ctest); + cm::optional TLSVersionOpt; cm::optional TLSVerifyOpt; bool VerifyHostOff = false; }; diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx index 90542e9..616ad4a 100644 --- a/Source/CTest/cmCTestSubmitCommand.cxx +++ b/Source/CTest/cmCTestSubmitCommand.cxx @@ -56,6 +56,8 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler() } this->CTest->SetCTestConfigurationFromCMakeVariable( + this->Makefile, "TLSVersion", "CTEST_TLS_VERSION", this->Quiet); + this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet); this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "CurlOptions", "CTEST_CURL_OPTIONS", this->Quiet); diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx index 431f108..74cbeef 100644 --- a/Source/CTest/cmCTestSubmitHandler.cxx +++ b/Source/CTest/cmCTestSubmitHandler.cxx @@ -178,6 +178,16 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP( curl = curl_easy_init(); if (curl) { cmCurlSetCAInfo(curl); + if (curlOpts.TLSVersionOpt) { + cm::optional tlsVersionStr = + cmCurlPrintTLSVersion(*curlOpts.TLSVersionOpt); + cmCTestOptionalLog( + this->CTest, HANDLER_VERBOSE_OUTPUT, + " Set CURLOPT_SSLVERSION to " + << (tlsVersionStr ? *tlsVersionStr : "unknown value") << "\n", + this->Quiet); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, *curlOpts.TLSVersionOpt); + } if (curlOpts.TLSVerifyOpt) { cmCTestOptionalLog(this->CTest, HANDLER_VERBOSE_OUTPUT, " Set CURLOPT_SSL_VERIFYPEER to " diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stdout.txt new file mode 100644 index 0000000..e83d934 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index c7f772c..27a6fab 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -496,6 +496,7 @@ function(run_FailDrop case) ${CMAKE_CTEST_COMMAND} -M Experimental -T Submit -VV ) endfunction() +run_FailDrop(TLSVersion-1.1 -DCTEST_TLS_VERSION=1.1) run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stdout.txt new file mode 100644 index 0000000..be83798 --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfigurationFromCMakeVariable:TLSVersion:CTEST_TLS_VERSION +SetCTestConfiguration:TLSVersion:1\.1 +.* + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index 4d2d95b..5ac568f 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -57,6 +57,8 @@ run_ctest_submit_FailDrop(http) run_ctest_submit_FailDrop(https) block() set(CASE_DROP_METHOD "https") + set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERSION 1.1)") + run_ctest(FailDrop-TLSVersion-1.1 -VV) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)") run_ctest(FailDrop-TLSVerify-ON -VV) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)") -- cgit v0.12 From 56e319ce4ad7367c87380128c44728c8474fef53 Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 5 Mar 2024 19:58:41 -0500 Subject: ctest: Fall back to CMake options for TLS server verification Use `CMAKE_TLS_VERIFY` if `CTEST_TLS_VERIFY` is not set. --- Help/variable/CTEST_TLS_VERIFY.rst | 3 +++ Modules/CTestTargets.cmake | 3 +++ Source/CTest/cmCTestSubmitCommand.cxx | 15 +++++++++++++-- Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 2 +- .../ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt | 2 +- Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 2 +- 6 files changed, 22 insertions(+), 5 deletions(-) diff --git a/Help/variable/CTEST_TLS_VERIFY.rst b/Help/variable/CTEST_TLS_VERIFY.rst index 22133bd..bce4969 100644 --- a/Help/variable/CTEST_TLS_VERIFY.rst +++ b/Help/variable/CTEST_TLS_VERIFY.rst @@ -8,3 +8,6 @@ Specify the CTest ``TLSVerify`` setting in a :manual:`ctest(1)` before including the :module:`CTest` module. The value is a boolean indicating whether to verify the server certificate when submitting to a dashboard via ``https://`` URLs. + +If ``CTEST_TLS_VERIFY`` is not set, :variable:`CMAKE_TLS_VERIFY` is +used instead. diff --git a/Modules/CTestTargets.cmake b/Modules/CTestTargets.cmake index 2e11d64..3fcf702 100644 --- a/Modules/CTestTargets.cmake +++ b/Modules/CTestTargets.cmake @@ -21,6 +21,9 @@ mark_as_advanced(CMAKE_CTEST_COMMAND) # configure files block() + if(NOT DEFINED CTEST_TLS_VERIFY AND DEFINED CMAKE_TLS_VERIFY) + set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}") + endif() if(CTEST_NEW_FORMAT) configure_file( ${CMAKE_ROOT}/Modules/DartConfiguration.tcl.in diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx index 616ad4a..ec5f702 100644 --- a/Source/CTest/cmCTestSubmitCommand.cxx +++ b/Source/CTest/cmCTestSubmitCommand.cxx @@ -57,8 +57,19 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler() this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "TLSVersion", "CTEST_TLS_VERSION", this->Quiet); - this->CTest->SetCTestConfigurationFromCMakeVariable( - this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet); + if (!this->CTest->SetCTestConfigurationFromCMakeVariable( + this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet)) { + if (cmValue tlsVerifyVar = + this->Makefile->GetDefinition("CMAKE_TLS_VERIFY")) { + cmCTestOptionalLog( + this->CTest, HANDLER_VERBOSE_OUTPUT, + "SetCTestConfiguration from CMAKE_TLS_VERIFY:TLSVerify:" + << *tlsVerifyVar << std::endl, + this->Quiet); + this->CTest->SetCTestConfiguration("TLSVerify", *tlsVerifyVar, + this->Quiet); + } + } this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "CurlOptions", "CTEST_CURL_OPTIONS", this->Quiet); this->CTest->SetCTestConfigurationFromCMakeVariable( diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index 27a6fab..c3e573a 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -498,7 +498,7 @@ function(run_FailDrop case) endfunction() run_FailDrop(TLSVersion-1.1 -DCTEST_TLS_VERSION=1.1) run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) -run_FailDrop(TLSVerify-OFF -DCTEST_TLS_VERIFY=OFF) +run_FailDrop(TLSVerify-OFF -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable. run_cmake_command(EmptyDirCoverage-ctest ${CMAKE_CTEST_COMMAND} -C Debug -M Experimental -T Coverage diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt index 9053f6c..4f5120e 100644 --- a/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVerify-OFF-stdout.txt @@ -1,4 +1,4 @@ -SetCTestConfigurationFromCMakeVariable:TLSVerify:CTEST_TLS_VERIFY +SetCTestConfiguration from CMAKE_TLS_VERIFY:TLSVerify:OFF SetCTestConfiguration:TLSVerify:OFF .* Set CURLOPT_SSL_VERIFYPEER to off diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index 5ac568f..46b0ba8 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -61,6 +61,6 @@ block() run_ctest(FailDrop-TLSVersion-1.1 -VV) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)") run_ctest(FailDrop-TLSVerify-ON -VV) - set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY OFF)") + set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable. run_ctest(FailDrop-TLSVerify-OFF -VV) endblock() -- cgit v0.12 From aeb8bcc055597910b436a400feea7666fb0bb1c2 Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 5 Mar 2024 19:48:45 -0500 Subject: ctest: Fall back to CMake options for TLS version Use `CMAKE_TLS_VERSION` or `ENV{CMAKE_TLS_VERSION}` if `CTEST_TLS_VERSION` is not set. Issue: #25701 --- Help/variable/CTEST_TLS_VERSION.rst | 3 +++ Modules/CTestTargets.cmake | 7 +++++++ Source/CTest/cmCTestSubmitCommand.cxx | 24 ++++++++++++++++++++-- .../FailDrop-TLSVersion-1.1-cmake-ctest-result.txt | 1 + .../FailDrop-TLSVersion-1.1-cmake-ctest-stderr.txt | 2 ++ .../FailDrop-TLSVersion-1.1-cmake-ctest-stdout.txt | 1 + .../FailDrop-TLSVersion-1.1-cmake.cmake | 1 + .../FailDrop-TLSVersion-1.1-env-ctest-result.txt | 1 + .../FailDrop-TLSVersion-1.1-env-ctest-stderr.txt | 2 ++ .../FailDrop-TLSVersion-1.1-env-ctest-stdout.txt | 1 + .../FailDrop-TLSVersion-1.1-env.cmake | 1 + Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake | 5 +++++ .../FailDrop-TLSVersion-1.1-cmake-result.txt | 1 + .../FailDrop-TLSVersion-1.1-cmake-stderr.txt | 2 ++ .../FailDrop-TLSVersion-1.1-cmake-stdout.txt | 4 ++++ .../FailDrop-TLSVersion-1.1-env-result.txt | 1 + .../FailDrop-TLSVersion-1.1-env-stderr.txt | 2 ++ .../FailDrop-TLSVersion-1.1-env-stdout.txt | 4 ++++ Tests/RunCMake/ctest_submit/RunCMakeTest.cmake | 6 ++++++ 19 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake.cmake create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-result.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stderr.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stdout.txt create mode 100644 Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env.cmake create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stdout.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-result.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stderr.txt create mode 100644 Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stdout.txt diff --git a/Help/variable/CTEST_TLS_VERSION.rst b/Help/variable/CTEST_TLS_VERSION.rst index c19d2a4..f8123df 100644 --- a/Help/variable/CTEST_TLS_VERSION.rst +++ b/Help/variable/CTEST_TLS_VERSION.rst @@ -11,3 +11,6 @@ TLS version allowed when submitting to a dashboard via ``https://`` URLs. The value may be one of: .. include:: CMAKE_TLS_VERSION-VALUES.txt + +If ``CTEST_TLS_VERSION`` is not set, the :variable:`CMAKE_TLS_VERSION` variable +or :envvar:`CMAKE_TLS_VERSION` environment variable is used instead. diff --git a/Modules/CTestTargets.cmake b/Modules/CTestTargets.cmake index 3fcf702..f672410 100644 --- a/Modules/CTestTargets.cmake +++ b/Modules/CTestTargets.cmake @@ -21,6 +21,13 @@ mark_as_advanced(CMAKE_CTEST_COMMAND) # configure files block() + if(NOT DEFINED CTEST_TLS_VERSION) + if(DEFINED CMAKE_TLS_VERSION) + set(CTEST_TLS_VERSION "${CMAKE_TLS_VERSION}") + elseif(DEFINED ENV{CMAKE_TLS_VERSION}) + set(CTEST_TLS_VERSION "$ENV{CMAKE_TLS_VERSION}") + endif() + endif() if(NOT DEFINED CTEST_TLS_VERIFY AND DEFINED CMAKE_TLS_VERIFY) set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}") endif() diff --git a/Source/CTest/cmCTestSubmitCommand.cxx b/Source/CTest/cmCTestSubmitCommand.cxx index ec5f702..0b21b24 100644 --- a/Source/CTest/cmCTestSubmitCommand.cxx +++ b/Source/CTest/cmCTestSubmitCommand.cxx @@ -55,8 +55,28 @@ cmCTestGenericHandler* cmCTestSubmitCommand::InitializeHandler() this->Makefile, "DropLocation", "CTEST_DROP_LOCATION", this->Quiet); } - this->CTest->SetCTestConfigurationFromCMakeVariable( - this->Makefile, "TLSVersion", "CTEST_TLS_VERSION", this->Quiet); + if (!this->CTest->SetCTestConfigurationFromCMakeVariable( + this->Makefile, "TLSVersion", "CTEST_TLS_VERSION", this->Quiet)) { + if (cmValue tlsVersionVar = + this->Makefile->GetDefinition("CMAKE_TLS_VERSION")) { + cmCTestOptionalLog( + this->CTest, HANDLER_VERBOSE_OUTPUT, + "SetCTestConfiguration from CMAKE_TLS_VERSION:TLSVersion:" + << *tlsVersionVar << std::endl, + this->Quiet); + this->CTest->SetCTestConfiguration("TLSVersion", *tlsVersionVar, + this->Quiet); + } else if (cm::optional tlsVersionEnv = + cmSystemTools::GetEnvVar("CMAKE_TLS_VERSION")) { + cmCTestOptionalLog( + this->CTest, HANDLER_VERBOSE_OUTPUT, + "SetCTestConfiguration from ENV{CMAKE_TLS_VERSION}:TLSVersion:" + << *tlsVersionEnv << std::endl, + this->Quiet); + this->CTest->SetCTestConfiguration("TLSVersion", *tlsVersionEnv, + this->Quiet); + } + } if (!this->CTest->SetCTestConfigurationFromCMakeVariable( this->Makefile, "TLSVerify", "CTEST_TLS_VERIFY", this->Quiet)) { if (cmValue tlsVerifyVar = diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stdout.txt new file mode 100644 index 0000000..e83d934 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-cmake.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-result.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-result.txt new file mode 100644 index 0000000..d197c91 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-result.txt @@ -0,0 +1 @@ +[^0] diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stderr.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stdout.txt b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stdout.txt new file mode 100644 index 0000000..e83d934 --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env-ctest-stdout.txt @@ -0,0 +1 @@ + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env.cmake b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env.cmake new file mode 100644 index 0000000..e0368fc --- /dev/null +++ b/Tests/RunCMake/CTestCommandLine/FailDrop-TLSVersion-1.1-env.cmake @@ -0,0 +1 @@ +include(FailDrop-common.cmake) diff --git a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake index c3e573a..e56a4cb 100644 --- a/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake +++ b/Tests/RunCMake/CTestCommandLine/RunCMakeTest.cmake @@ -491,12 +491,17 @@ run_ctest(check-configuration-type) function(run_FailDrop case) set(RunCMake_TEST_BINARY_DIR ${RunCMake_BINARY_DIR}/FailDrop-${case}-build) run_cmake_with_options(FailDrop-${case} ${ARGN}) + unset(ENV{CMAKE_TLS_VERSION}) # Test that env variable is saved in ctest config file. set(RunCMake_TEST_NO_CLEAN 1) run_cmake_command(FailDrop-${case}-ctest ${CMAKE_CTEST_COMMAND} -M Experimental -T Submit -VV ) endfunction() run_FailDrop(TLSVersion-1.1 -DCTEST_TLS_VERSION=1.1) +run_FailDrop(TLSVersion-1.1-cmake -DCMAKE_TLS_VERSION=1.1) # Test fallback to CMake variable. +set(ENV{CMAKE_TLS_VERSION} 1.1) # Test fallback to env variable. +run_FailDrop(TLSVersion-1.1-env) +unset(ENV{CMAKE_TLS_VERSION}) run_FailDrop(TLSVerify-ON -DCTEST_TLS_VERIFY=ON) run_FailDrop(TLSVerify-OFF -DCMAKE_TLS_VERIFY=OFF) # Test fallback to CMake variable. diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stdout.txt new file mode 100644 index 0000000..ed3677a --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-cmake-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from CMAKE_TLS_VERSION:TLSVersion:1\.1 +SetCTestConfiguration:TLSVersion:1\.1 +.* + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-result.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-result.txt new file mode 100644 index 0000000..b57e2de --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-result.txt @@ -0,0 +1 @@ +(-1|255) diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stderr.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stderr.txt new file mode 100644 index 0000000..e3df62f --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stderr.txt @@ -0,0 +1,2 @@ +Error message was: ([Cc]ould *n.t resolve host:? '?badhostname.invalid'?|The requested URL returned error:|Protocol "https" (not supported or disabled|not supported|disabled)|.* was built with SSL disabled).* + Problems when submitting via HTTP diff --git a/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stdout.txt b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stdout.txt new file mode 100644 index 0000000..c31b4bc --- /dev/null +++ b/Tests/RunCMake/ctest_submit/FailDrop-TLSVersion-1.1-env-stdout.txt @@ -0,0 +1,4 @@ +SetCTestConfiguration from ENV{CMAKE_TLS_VERSION}:TLSVersion:1\.1 +SetCTestConfiguration:TLSVersion:1\.1 +.* + Set CURLOPT_SSLVERSION to CURL_SSLVERSION_TLSv1_1 diff --git a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake index 46b0ba8..ad51960 100644 --- a/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake +++ b/Tests/RunCMake/ctest_submit/RunCMakeTest.cmake @@ -59,6 +59,12 @@ block() set(CASE_DROP_METHOD "https") set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERSION 1.1)") run_ctest(FailDrop-TLSVersion-1.1 -VV) + set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERSION 1.1)") # Test fallback to CMake variable. + run_ctest(FailDrop-TLSVersion-1.1-cmake -VV) + set(ENV{CMAKE_TLS_VERSION} 1.1) # Test fallback to env variable. + set(CASE_TEST_PREFIX_CODE "") + run_ctest(FailDrop-TLSVersion-1.1-env -VV) + unset(ENV{CMAKE_TLS_VERSION}) set(CASE_TEST_PREFIX_CODE "set(CTEST_TLS_VERIFY ON)") run_ctest(FailDrop-TLSVerify-ON -VV) set(CASE_TEST_PREFIX_CODE "set(CMAKE_TLS_VERIFY OFF)") # Test fallback to CMake variable. -- cgit v0.12