summaryrefslogtreecommitdiffstats
path: root/Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad.cmake
blob: 106fe4404b43e3b6974a17b4ce1db5bed97e8218 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

function(download case)
  # URL with semantics like https://tls-v1-1.badssl.com:1011 is provided by caller
  file(DOWNLOAD ${url} ${ARGN} STATUS status LOG log)
  message(STATUS "${case}: ${status}")
  if(case MATCHES "1\\.2$" AND NOT status MATCHES "^(35|60);")
    message("${log}")
  endif()
endfunction()

set(CMAKE_TLS_VERIFY 1)

if(CMAKE_HOST_WIN32 OR CMAKE_HOST_APPLE)
  # The OS-native TLS implementations support TLS 1.1.
  set(TEST_TLSv1_1 1)
else()
  # OpenSSL 3.1+ does not support TLS 1.1 or older without setting
  # the security level to 0, which curl (correctly) does not do.
  # https://openssl-library.org/news/openssl-3.1-notes/index.html#major-changes-between-openssl-30-and-openssl-310-14-mar-2023
  set(TEST_TLSv1_1 0)
endif()

if(TEST_TLSv1_1)
  # The default is to allow 1.1.
  unset(ENV{CMAKE_TLS_VERSION})
  unset(CMAKE_TLS_VERSION)
  download(def-1.1)
endif()

# The environment variable overrides the default.
set(ENV{CMAKE_TLS_VERSION} 1.2)
download(env-1.2)
if(TEST_TLSv1_1)
  set(ENV{CMAKE_TLS_VERSION} 1.1)
  download(env-1.1)
endif()

# The cmake variable overrides the environment variable.
set(ENV{CMAKE_TLS_VERSION} 1.1)
set(CMAKE_TLS_VERSION 1.2)
download(var-1.2)
if(TEST_TLSv1_1)
  set(ENV{CMAKE_TLS_VERSION} 1.2)
  set(CMAKE_TLS_VERSION 1.1)
  download(var-1.1)
endif()

# The explicit argument overrides the cmake variable and the environment variable.
set(ENV{CMAKE_TLS_VERSION} 1.1)
set(CMAKE_TLS_VERSION 1.1)
download(opt-1.2 TLS_VERSION 1.2)
if(TEST_TLSv1_1)
  set(ENV{CMAKE_TLS_VERSION} 1.2)
  set(CMAKE_TLS_VERSION 1.2)
  download(opt-1.1 TLS_VERSION 1.1)
endif()
generated by cgit v0.12 at 2025-01-21 01:09:49 (GMT)