echo/CMake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ExternalProject: Honor CMAKE_TLS_VERIFY environment variable

Browse Source 
Issue: #23608
This commit is contained in:
Brad King 2024-03-29 12:25:00 -04:00
parent e8404502b1
commit 0d250dd021
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Help/envvar/CMAKE_TLS_VERIFY.rst
View File

@ -9,3 +9,7 @@ Specify the default value for the :command:`file(DOWNLOAD)` and
:command:`file(UPLOAD)` commands' ``TLS_VERIFY`` option.
This environment variable is used if the option is not given
and the :variable:`CMAKE_TLS_VERIFY` cmake variable is not set.
This variable is also used by the :module:`ExternalProject` and
:module:`FetchContent` modules for internal calls to
:command:`file(DOWNLOAD)` and ``git clone``.

28
Modules/ExternalProject.cmake
View File

@ -243,22 +243,28 @@ URL
``TLS_VERIFY <bool>``
Specifies whether certificate verification should be performed for
``https://`` URLs. If this option is not provided, the value of the
:variable:`CMAKE_TLS_VERIFY` variable will be used instead (see
:command:`file(DOWNLOAD)`).
If that is also not set, certificate verification will not be performed.
:variable:`CMAKE_TLS_VERIFY` variable or the :envvar:`CMAKE_TLS_VERIFY`
environment variable will be used instead (see :command:`file(DOWNLOAD)`).
If neither of those is set, certificate verification will not be performed.
In situations where ``URL_HASH`` cannot be provided, this option can
be an alternative verification measure.
This option also applies to ``git clone`` invocations, although the
default behavior is different. If neither the ``TLS_VERIFY`` option
or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior
will be determined by git's default (true) or a ``http.sslVerify``
git config option the user may have set at a global level.
default behavior is different. If none of the ``TLS_VERIFY`` option,
:variable:`CMAKE_TLS_VERIFY` variable, or :envvar:`CMAKE_TLS_VERIFY`
environment variable is specified, the behavior will be determined by
git's default (true) or a ``http.sslVerify`` git config option the
user may have set at a global level.
.. versionchanged:: 3.6
Previously this option did not apply to ``git clone`` invocations.
.. versionchanged:: 3.30
Previously the :envvar:`CMAKE_TLS_VERIFY` environment variable
was not checked.
``TLS_CAINFO <file>``
Specify a custom certificate authority file to use if ``TLS_VERIFY``
is enabled. If this option is not specified, the value of the
@ -1397,8 +1403,12 @@ endfunction()
function(_ep_get_tls_verify name tls_verify_var)
get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY)
set(tls_verify "${CMAKE_TLS_VERIFY}")
if("x${tls_verify}" STREQUAL "x")
if(NOT "x${CMAKE_TLS_VERIFY}" STREQUAL "x")
set(tls_verify "${CMAKE_TLS_VERIFY}")
elseif(NOT "x$ENV{CMAKE_TLS_VERIFY}" STREQUAL "x")
set(tls_verify "$ENV{CMAKE_TLS_VERIFY}")
endif()
endif()
set("${tls_verify_var}" "${tls_verify}" PARENT_SCOPE)
endfunction()