[Cmake-commits] CMake branch, next, updated. v3.1.1-2249-g9ebdc29
Brad King
brad.king at kitware.com
Thu Jan 22 14:45:11 EST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".
The branch, next has been updated
via 9ebdc29f1d380cb37aacf99aded77aea76ac0f79 (commit)
via c2a645b74e203c946eafe0f2fd6996989876f24b (commit)
via 4f313114bab3ffd41e26178624f4e5dd3eb70e74 (commit)
from cdfbe11b7387eeb3594244feace5c99c1d090773 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=9ebdc29f1d380cb37aacf99aded77aea76ac0f79
commit 9ebdc29f1d380cb37aacf99aded77aea76ac0f79
Merge: cdfbe11 c2a645b
Author: Brad King <brad.king at kitware.com>
AuthorDate: Thu Jan 22 14:45:10 2015 -0500
Commit: CMake Topic Stage <kwrobot at kitware.com>
CommitDate: Thu Jan 22 14:45:10 2015 -0500
Merge topic 'curl-default-cainfo' into next
c2a645b7 cmake: Use a default CA path when not using system curl
4f313114 curl: Add CURL_CA_PATH option to CMake build process
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=c2a645b74e203c946eafe0f2fd6996989876f24b
commit c2a645b74e203c946eafe0f2fd6996989876f24b
Author: Brad King <brad.king at kitware.com>
AuthorDate: Thu Jan 22 10:15:31 2015 -0500
Commit: Brad King <brad.king at kitware.com>
CommitDate: Thu Jan 22 14:16:20 2015 -0500
cmake: Use a default CA path when not using system curl
When using system curl, we trust it to be configured with desired CA
certs. When using our own build of curl, we use os-configured CA certs
on Windows and OS X. On other systems, try to achieve this by searching
for common CA cert locations. According to a brief investigation, the
curl packages on popular Linux distros are currently configured as:
* Arch: /etc/ssl/certs/ca-certificates.crt
* Debian with OpenSSL: /etc/ssl/certs
* Debian with GNU TLS: /etc/ssl/certs/ca-certificates.crt
* Debian with NSS: /etc/ssl/certs/ca-certificates.crt
* Fedora: /etc/pki/tls/certs/ca-bundle.crt
* Gentoo with OpenSSL: /etc/ssl/certs
* Gentoo without OpenSSL: /etc/ssl/certs/ca-certificates.crt
Teach CMake and CTest to look for these paths and use them as a CA path
or bundle when no other os-configured or user-specified CAs are
available.
diff --git a/Help/release/dev/curl-default-cainfo.rst b/Help/release/dev/curl-default-cainfo.rst
new file mode 100644
index 0000000..ed45d36
--- /dev/null
+++ b/Help/release/dev/curl-default-cainfo.rst
@@ -0,0 +1,8 @@
+curl-default-cainfo
+-------------------
+
+* When CMake is built with OpenSSL on systems other than Windows
+ and OS X, commands supporting network communication via ``https``,
+ such as :command:`file(DOWNLOAD)`, :command:`file(UPLOAD)`, and
+ :command:`ctest_submit`, now search for OS-configured certificate
+ authorities in a few ``/etc`` paths to be trusted automatically.
diff --git a/Source/CMakeLists.txt b/Source/CMakeLists.txt
index c04cf9a..07839f3 100644
--- a/Source/CMakeLists.txt
+++ b/Source/CMakeLists.txt
@@ -175,6 +175,8 @@ set(SRCS
cmCPackPropertiesGenerator.cxx
cmCryptoHash.cxx
cmCryptoHash.h
+ cmCurl.cxx
+ cmCurl.h
cmCustomCommand.cxx
cmCustomCommand.h
cmCustomCommandGenerator.cxx
@@ -497,6 +499,12 @@ if(WIN32 AND NOT CYGWIN)
install(TARGETS cmcldeps DESTINATION bin)
endif()
+foreach(v CURL_CA_BUNDLE CURL_CA_PATH)
+ if(${v})
+ set_property(SOURCE cmCurl.cxx APPEND PROPERTY COMPILE_DEFINITIONS ${v}="${${v}}")
+ endif()
+endforeach()
+
# create a library used by the command line and the GUI
add_library(CMakeLib ${SRCS})
target_link_libraries(CMakeLib cmsys
diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx
index 11e3343..3d9545f 100644
--- a/Source/CTest/cmCTestSubmitHandler.cxx
+++ b/Source/CTest/cmCTestSubmitHandler.cxx
@@ -26,7 +26,7 @@
#include <cm_jsoncpp_reader.h>
// For curl submission
-#include "cm_curl.h"
+#include "cmCurl.h"
#include "cmCTestCurl.h"
#include <sys/stat.h>
@@ -366,6 +366,7 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(const std::string& localprefix,
curl = curl_easy_init();
if(curl)
{
+ cmCurlSetCAInfo(curl);
if(verifyPeerOff)
{
cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
diff --git a/Source/cmCTest.cxx b/Source/cmCTest.cxx
index 1ef4c92..7968608 100644
--- a/Source/cmCTest.cxx
+++ b/Source/cmCTest.cxx
@@ -9,8 +9,6 @@
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License for more information.
============================================================================*/
-#include "cm_curl.h"
-
#include "cmCTest.h"
#include "cmake.h"
#include "cmMakefile.h"
@@ -26,6 +24,7 @@
#include "cmVersionMacros.h"
#include "cmCTestCommand.h"
#include "cmCTestStartCommand.h"
+#include "cmCurl.h"
#include "cmCTestBuildHandler.h"
#include "cmCTestBuildAndTestHandler.h"
@@ -192,6 +191,7 @@ int cmCTest::HTTPRequest(std::string url, HTTPMethod method,
FILE* file;
::curl_global_init(CURL_GLOBAL_ALL);
curl = ::curl_easy_init();
+ cmCurlSetCAInfo(curl);
//set request options based on method
switch(method)
diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx
new file mode 100644
index 0000000..96d3547
--- /dev/null
+++ b/Source/cmCurl.cxx
@@ -0,0 +1,64 @@
+/*============================================================================
+ CMake - Cross Platform Makefile Generator
+ Copyright 2000-2015 Kitware, Inc., Insight Software Consortium
+
+ Distributed under the OSI-approved BSD License (the "License");
+ see accompanying file Copyright.txt for details.
+
+ This software is distributed WITHOUT ANY WARRANTY; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License for more information.
+============================================================================*/
+#include "cmCurl.h"
+#include "cmSystemTools.h"
+
+#define check_curl_result(result, errstr) \
+ if (result != CURLE_OK) \
+ { \
+ e += e.empty()? "" : "\n"; \
+ e += errstr; \
+ e += ::curl_easy_strerror(result); \
+ }
+
+//----------------------------------------------------------------------------
+std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile)
+{
+ std::string e;
+ if(cafile && *cafile)
+ {
+ ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+#if !defined(CMAKE_USE_SYSTEM_CURL) && \
+ !defined(_WIN32) && !defined(__APPLE__) && \
+ !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
+# define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
+ else if(cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+# undef CMAKE_CAFILE_FEDORA
+ else
+ {
+# define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
+ if(cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ }
+# undef CMAKE_CAFILE_COMMON
+# define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
+ if(cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON))
+ {
+ ::CURLcode res =
+ ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON);
+ check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
+ }
+# undef CMAKE_CAPATH_COMMON
+ }
+#endif
+ return e;
+}
diff --git a/Source/cmCurl.h b/Source/cmCurl.h
new file mode 100644
index 0000000..25d74ae
--- /dev/null
+++ b/Source/cmCurl.h
@@ -0,0 +1,22 @@
+/*============================================================================
+ CMake - Cross Platform Makefile Generator
+ Copyright 2000-2015 Kitware, Inc., Insight Software Consortium
+
+ Distributed under the OSI-approved BSD License (the "License");
+ see accompanying file Copyright.txt for details.
+
+ This software is distributed WITHOUT ANY WARRANTY; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License for more information.
+============================================================================*/
+#ifndef cmCurl_h
+#define cmCurl_h
+
+#include "cmStandardIncludes.h"
+
+#ifdef CMAKE_BUILD_WITH_CMAKE
+# include "cm_curl.h"
+std::string cmCurlSetCAInfo(::CURL *curl, const char* cafile = 0);
+#endif
+
+#endif
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 2c92db2..f125292 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -20,7 +20,7 @@
#include "cmTimestamp.h"
#if defined(CMAKE_BUILD_WITH_CMAKE)
-#include "cm_curl.h"
+#include "cmCurl.h"
#include "cmFileLockResult.h"
#endif
@@ -3068,10 +3068,11 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
// check to see if a CAINFO file has been specified
// command arg comes first
- if(cainfo && *cainfo)
+ std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo);
+ if (!cainfo_err.empty())
{
- res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
- check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+ this->SetError(cainfo_err);
+ return false;
}
cmFileCommandVectorOfChar chunkDebug;
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=4f313114bab3ffd41e26178624f4e5dd3eb70e74
commit 4f313114bab3ffd41e26178624f4e5dd3eb70e74
Author: Brad King <brad.king at kitware.com>
AuthorDate: Wed Jan 21 16:42:18 2015 -0500
Commit: Brad King <brad.king at kitware.com>
CommitDate: Thu Jan 22 11:17:14 2015 -0500
curl: Add CURL_CA_PATH option to CMake build process
Move CMAKE_USE_OPENSSL and CURL_CA_BUNDLE up to the top of CMake so that
CMake's own sources can know their values. Add the CURL_CA_PATH option
at the top and honor it as part of the curl build.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bdc160d..28fd02f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -287,6 +287,13 @@ macro (CMAKE_BUILD_UTILITIES)
if(CMAKE_TESTS_CDASH_SERVER)
set(CMAKE_CURL_TEST_URL "${CMAKE_TESTS_CDASH_SERVER}/user.php")
endif()
+ option(CMAKE_USE_OPENSSL "Use OpenSSL." OFF)
+ mark_as_advanced(CMAKE_USE_OPENSSL)
+ if(CMAKE_USE_OPENSSL)
+ set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
+ set(CURL_CA_PATH "" CACHE PATH "Path to SSL CA Certificate Directory")
+ mark_as_advanced(CURL_CA_BUNDLE CURL_CA_PATH)
+ endif()
add_subdirectory(Utilities/cmcurl)
CMAKE_SET_TARGET_FOLDER(cmcurl "Utilities/3rdParty")
CMAKE_SET_TARGET_FOLDER(LIBCURL "Utilities/3rdParty")
diff --git a/Utilities/cmcurl/CMakeLists.txt b/Utilities/cmcurl/CMakeLists.txt
index 0db741e..08bdff5 100644
--- a/Utilities/cmcurl/CMakeLists.txt
+++ b/Utilities/cmcurl/CMakeLists.txt
@@ -425,9 +425,6 @@ endif()
#-----------------------------------------------------------------------------
-option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" OFF)
-mark_as_advanced(CMAKE_USE_OPENSSL)
-
set(USE_SSLEAY OFF)
set(USE_OPENSSL OFF)
set(HAVE_LIBCRYPTO OFF)
@@ -454,11 +451,13 @@ if(CMAKE_USE_OPENSSL)
check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H)
# Optionally build with a specific CA cert bundle.
- set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
- mark_as_advanced(CURL_CA_BUNDLE)
if(CURL_CA_BUNDLE)
add_definitions(-DCURL_CA_BUNDLE="${CURL_CA_BUNDLE}")
endif()
+ # Optionally build with a specific CA cert dir.
+ if(CURL_CA_PATH)
+ add_definitions(-DCURL_CA_PATH="${CURL_CA_PATH}")
+ endif()
endif(OPENSSL_FOUND)
elseif(WIN32)
# Use Windows SSL/TLS native implementation.
diff --git a/Utilities/cmcurl/lib/curl_config.h.cmake b/Utilities/cmcurl/lib/curl_config.h.cmake
index b5db3b6..a561c3d 100644
--- a/Utilities/cmcurl/lib/curl_config.h.cmake
+++ b/Utilities/cmcurl/lib/curl_config.h.cmake
@@ -3,12 +3,6 @@
/* when building libcurl itself */
#cmakedefine BUILDING_LIBCURL 1
-/* Location of default ca bundle */
-#cmakedefine CURL_CA_BUNDLE ${CURL_CA_BUNDLE}
-
-/* Location of default ca path */
-#cmakedefine CURL_CA_PATH ${CURL_CA_PATH}
-
/* to disable cookies support */
#cmakedefine CURL_DISABLE_COOKIES 1
-----------------------------------------------------------------------
Summary of changes:
CMakeLists.txt | 7 +++
Help/release/dev/curl-default-cainfo.rst | 8 +++
Source/CMakeLists.txt | 8 +++
Source/CTest/cmCTestSubmitHandler.cxx | 3 +-
Source/cmCTest.cxx | 4 +-
Source/cmCurl.cxx | 64 +++++++++++++++++++++++
Utilities/cm_jsoncpp_value.h => Source/cmCurl.h | 15 +++---
Source/cmFileCommand.cxx | 9 ++--
Utilities/cmcurl/CMakeLists.txt | 9 ++--
Utilities/cmcurl/lib/curl_config.h.cmake | 6 ---
10 files changed, 107 insertions(+), 26 deletions(-)
create mode 100644 Help/release/dev/curl-default-cainfo.rst
create mode 100644 Source/cmCurl.cxx
copy Utilities/cm_jsoncpp_value.h => Source/cmCurl.h (71%)
hooks/post-receive
--
CMake
More information about the Cmake-commits
mailing list