[Cmake-commits] CMake branch, next, updated. v2.8.9-554-gd36a52b
Brad King
brad.king at kitware.com
Mon Sep 17 09:14:46 EDT 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".
The branch, next has been updated
via d36a52b1202b9603729bc3a946f893c472ea1101 (commit)
via 7369a8faee40574e7f87eeaa5e7718d0da407ffe (commit)
via 131d91a1f91116e85281d11d175290fdb211f664 (commit)
from 2258ae07deaca0338911f8b548cf6c6ef023a026 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=d36a52b1202b9603729bc3a946f893c472ea1101
commit d36a52b1202b9603729bc3a946f893c472ea1101
Merge: 2258ae0 7369a8f
Author: Brad King <brad.king at kitware.com>
AuthorDate: Mon Sep 17 09:14:44 2012 -0400
Commit: CMake Topic Stage <kwrobot at kitware.com>
CommitDate: Mon Sep 17 09:14:44 2012 -0400
Merge topic 'cleanup-TLS-and-SSL-interface' into next
7369a8f file(DOWNLOAD): Make TLS options behave as documented
131d91a Rename SSL terminology to TLS
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=7369a8faee40574e7f87eeaa5e7718d0da407ffe
commit 7369a8faee40574e7f87eeaa5e7718d0da407ffe
Author: Brad King <brad.king at kitware.com>
AuthorDate: Fri Sep 14 15:57:18 2012 -0400
Commit: Brad King <brad.king at kitware.com>
CommitDate: Mon Sep 17 09:03:45 2012 -0400
file(DOWNLOAD): Make TLS options behave as documented
The logic added in commit e1c89f08 (file(DOWNLOAD): Add options for SSL,
2012-08-21) did not actually provide the documented behavior. Simplify
the implementation to read the variable values first and then replace
them with the explicit argument values if encountered. Always set the
curl option CURLOPT_SSL_VERIFYPEER to either on or off explicitly
instead of depending on the curl default behavior.
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 1cb2ece..4d9eb79 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -2667,9 +2667,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
long inactivity_timeout = 0;
std::string verboseLog;
std::string statusVar;
- std::string caFile;
- bool checkTLS = false;
- bool verifyTLS = false;
+ bool tls_verify = this->Makefile->IsOn("CMAKE_TLS_VERIFY");
+ const char* cainfo = this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
std::string expectedHash;
std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash;
@@ -2728,8 +2727,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
++i;
if(i != args.end())
{
- verifyTLS = cmSystemTools::IsOn(i->c_str());
- checkTLS = true;
+ tls_verify = cmSystemTools::IsOn(i->c_str());
}
else
{
@@ -2742,7 +2740,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
++i;
if(i != args.end())
{
- caFile = *i;
+ cainfo = i->c_str();
}
else
{
@@ -2866,37 +2864,19 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
// check to see if TLS verification is requested
- const char* verifyValue =
- this->Makefile->GetDefinition("CMAKE_TLS_VERIFY");
- // if there is a cmake variable or if the command has TLS_VERIFY requested
- if(verifyValue || checkTLS)
+ if(tls_verify)
{
- // the args to the command come first
- bool verify = verifyTLS;
- if(!verify && verifyValue)
- {
- verify = cmSystemTools::IsOn(verifyValue);
- }
- if(verify)
- {
- res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
- check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
- }
- else
- {
- res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
- check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
- }
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
+ check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
}
- // check to see if a CAINFO file has been specified
- const char* cainfo =
- this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
- // command arg comes first
- if(caFile.size())
+ else
{
- cainfo = caFile.c_str();
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+ check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
}
- if(cainfo)
+ // check to see if a CAINFO file has been specified
+ // command arg comes first
+ if(cainfo && *cainfo)
{
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=131d91a1f91116e85281d11d175290fdb211f664
commit 131d91a1f91116e85281d11d175290fdb211f664
Author: Brad King <brad.king at kitware.com>
AuthorDate: Fri Sep 14 15:40:09 2012 -0400
Commit: Brad King <brad.king at kitware.com>
CommitDate: Fri Sep 14 15:40:09 2012 -0400
Rename SSL terminology to TLS
TLS has superseded SSL so rename the recently added file(DOWNLOAD) and
ExternalProject options using the newer terminology. Drop "CURLOPT"
from names because curl is an implementation detail.
diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake
index d2e00a8..3923685 100644
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@@ -26,8 +26,8 @@
# [URL /.../src.tgz] # Full path or URL of source
# [URL_HASH ALGO=value] # Hash of file at URL
# [URL_MD5 md5] # Equivalent to URL_HASH MD5=md5
-# [SSL_VERIFYPEER bool] # Should certificate for https be checked
-# [CAINFO_FILE file] # Path to a certificate authority file
+# [TLS_VERIFY bool] # Should certificate for https be checked
+# [TLS_CAINFO file] # Path to a certificate authority file
# [TIMEOUT seconds] # Time allowed for file download operations
# #--Update/Patch step----------
# [UPDATE_COMMAND cmd...] # Source work-tree update command
@@ -401,7 +401,7 @@ endif()
endfunction()
-function(_ep_write_downloadfile_script script_filename remote local timeout hash ssl_verify cainfo_file)
+function(_ep_write_downloadfile_script script_filename remote local timeout hash tls_verify tls_cainfo)
if(timeout)
set(timeout_args TIMEOUT ${timeout})
set(timeout_msg "${timeout} seconds")
@@ -416,25 +416,25 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
set(hash_args "# no EXPECTED_HASH")
endif()
# check for curl globals in the project
- if(DEFINED CMAKE_CURLOPT_SSL_VERIFYPEER)
- set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${CMAKE_CURLOPT_SSL_VERIFYPEER})")
+ if(DEFINED CMAKE_TLS_VERIFY)
+ set(tls_verify "set(CMAKE_TLS_VERIFY ${CMAKE_TLS_VERIFY})")
endif()
- if(DEFINED CMAKE_CURLOPT_CAINFO_FILE)
- set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${CMAKE_CURLOPT_CAINFO_FILE}\")")
+ if(DEFINED CMAKE_TLS_CAINFO)
+ set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${CMAKE_TLS_CAINFO}\")")
endif()
# now check for curl locals so that the local values
# will override the globals
- # check for ssl_verify argument
- string(LENGTH "${ssl_verify}" ssl_verify_len)
- if(ssl_verify_len GREATER 0)
- set(ssl_verify "set(CMAKE_CURLOPT_SSL_VERIFYPEER ${ssl_verify})")
+ # check for tls_verify argument
+ string(LENGTH "${tls_verify}" tls_verify_len)
+ if(tls_verify_len GREATER 0)
+ set(tls_verify "set(CMAKE_TLS_VERIFY ${tls_verify})")
endif()
- # check for cainfo_file argument
- string(LENGTH "${cainfo_file}" cainfo_file_len)
- if(cainfo_file_len GREATER 0)
- set(ssl_cainfo "set(CMAKE_CURLOPT_CAINFO_FILE \"${cainfo_file}\")")
+ # check for tls_cainfo argument
+ string(LENGTH "${tls_cainfo}" tls_cainfo_len)
+ if(tls_cainfo_len GREATER 0)
+ set(tls_cainfo "set(CMAKE_TLS_CAINFO \"${tls_cainfo}\")")
endif()
file(WRITE ${script_filename}
@@ -443,8 +443,8 @@ function(_ep_write_downloadfile_script script_filename remote local timeout hash
dst='${local}'
timeout='${timeout_msg}'\")
-${ssl_verify}
-${ssl_cainfo}
+${tls_verify}
+${tls_cainfo}
file(DOWNLOAD
\"${remote}\"
@@ -1307,10 +1307,10 @@ function(_ep_add_download_command name)
string(REPLACE ";" "-" fname "${fname}")
set(file ${download_dir}/${fname})
get_property(timeout TARGET ${name} PROPERTY _EP_TIMEOUT)
- get_property(ssl_verify TARGET ${name} PROPERTY _EP_SSL_VERIFYPEER)
- get_property(cainfo_file TARGET ${name} PROPERTY _EP_CAINFO_FILE)
+ get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
+ get_property(tls_cainfo TARGET ${name} PROPERTY _EP_TLS_CAINFO)
_ep_write_downloadfile_script("${stamp_dir}/download-${name}.cmake"
- "${url}" "${file}" "${timeout}" "${hash}" "${ssl_verify}" "${cainfo_file}")
+ "${url}" "${file}" "${timeout}" "${hash}" "${tls_verify}" "${tls_cainfo}")
set(cmd ${CMAKE_COMMAND} -P ${stamp_dir}/download-${name}.cmake
COMMAND)
set(comment "Performing download step (download, verify and extract) for '${name}'")
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index bb12980..1cb2ece 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -2668,8 +2668,8 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
std::string verboseLog;
std::string statusVar;
std::string caFile;
- bool checkSSL = false;
- bool verifySSL = false;
+ bool checkTLS = false;
+ bool verifyTLS = false;
std::string expectedHash;
std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash;
@@ -2723,21 +2723,21 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
statusVar = *i;
}
- else if(*i == "SSL_VERIFY")
+ else if(*i == "TLS_VERIFY")
{
++i;
if(i != args.end())
{
- verifySSL = cmSystemTools::IsOn(i->c_str());
- checkSSL = true;
+ verifyTLS = cmSystemTools::IsOn(i->c_str());
+ checkTLS = true;
}
else
{
- this->SetError("SSL_VERIFY missing bool value.");
+ this->SetError("TLS_VERIFY missing bool value.");
return false;
}
}
- else if(*i == "SSL_CAINFO_FILE")
+ else if(*i == "TLS_CAINFO")
{
++i;
if(i != args.end())
@@ -2746,7 +2746,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
else
{
- this->SetError("SSL_CAFILE missing file value.");
+ this->SetError("TLS_CAFILE missing file value.");
return false;
}
}
@@ -2865,14 +2865,14 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
cmFileCommandCurlDebugCallback);
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
- // check to see if SSL verification is requested
+ // check to see if TLS verification is requested
const char* verifyValue =
- this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
- // if there is a cmake variable or if the command has SSL_VERIFY requested
- if(verifyValue || checkSSL)
+ this->Makefile->GetDefinition("CMAKE_TLS_VERIFY");
+ // if there is a cmake variable or if the command has TLS_VERIFY requested
+ if(verifyValue || checkTLS)
{
// the args to the command come first
- bool verify = verifySSL;
+ bool verify = verifyTLS;
if(!verify && verifyValue)
{
verify = cmSystemTools::IsOn(verifyValue);
@@ -2880,17 +2880,17 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
if(verify)
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
- check_curl_result(res, "Unable to set SSL Verify on: ");
+ check_curl_result(res, "Unable to set TLS/SSL Verify on: ");
}
else
{
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
- check_curl_result(res, "Unable to set SSL Verify off: ");
+ check_curl_result(res, "Unable to set TLS/SSL Verify off: ");
}
}
// check to see if a CAINFO file has been specified
const char* cainfo =
- this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
+ this->Makefile->GetDefinition("CMAKE_TLS_CAINFO");
// command arg comes first
if(caFile.size())
{
@@ -2899,7 +2899,7 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
if(cainfo)
{
res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
- check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
}
cmFileCommandVectorOfChar chunkDebug;
diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h
index 413e2f4..bd6f612 100644
--- a/Source/cmFileCommand.h
+++ b/Source/cmFileCommand.h
@@ -85,7 +85,7 @@ public:
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
" [EXPECTED_MD5 sum]\n"
- " [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
+ " [TLS_VERIFY on|off] [TLS_CAINFO file])\n"
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
"WRITE will write a message into a file called 'filename'. It "
@@ -177,12 +177,12 @@ public:
"If SHOW_PROGRESS is specified, progress information will be printed "
"as status messages until the operation is complete. "
"For https URLs CMake must be built with OpenSSL. "
- "SSL certificates are not checked by default. "
- "Set SSL_VERIFY to ON to check certificates and/or use "
+ "TLS/SSL certificates are not checked by default. "
+ "Set TLS_VERIFY to ON to check certificates and/or use "
"EXPECTED_HASH to verify downloaded content. "
- "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
- "If either SSL option is not given CMake will check variables "
- "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
+ "Set TLS_CAINFO to specify a custom Certificate Authority file. "
+ "If either TLS option is not given CMake will check variables "
+ "CMAKE_TLS_VERIFY and CMAKE_TLS_CAINFO, "
"respectively."
"\n"
"UPLOAD will upload the given file to the given URL. "
-----------------------------------------------------------------------
Summary of changes:
Modules/ExternalProject.cmake | 40 ++++++++++++++--------------
Source/cmFileCommand.cxx | 58 +++++++++++++---------------------------
Source/cmFileCommand.h | 12 ++++----
3 files changed, 45 insertions(+), 65 deletions(-)
hooks/post-receive
--
CMake
More information about the Cmake-commits
mailing list