echo/CMake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmCurl: Honor OpenSSL certificate environment variables

Browse Source 
Honor the OpenSSL environment variables used to specify the location of
the TLS certificates, as specified in the `curl(1)` man page.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Maxim Cournoyer 2022-09-13 17:03:45 -04:00 committed by Brad King
parent 355b12af79
commit 10bf34a2d9
5 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Help/envvar/SSL_CERT_DIR.rst Normal file
View File

@ -0,0 +1,9 @@
SSL_CERT_DIR
------------
.. versionadded:: 3.25
.. include:: ENV_VAR.txt
Specify default directory containing CA certificates. It overrides
the default CA directory used.

9
Help/envvar/SSL_CERT_FILE.rst Normal file
View File

@ -0,0 +1,9 @@
SSL_CERT_FILE
-------------
.. versionadded:: 3.25
.. include:: ENV_VAR.txt
Specify the file name containing CA certificates. It overrides the
default, os-specific CA file used.

2
Help/manual/cmake-env-variables.7.rst
View File

@ -21,6 +21,8 @@ Environment Variables that Change Behavior
:maxdepth: 1 :maxdepth: 1
/envvar/CMAKE_PREFIX_PATH /envvar/CMAKE_PREFIX_PATH
/envvar/SSL_CERT_DIR
/envvar/SSL_CERT_FILE
Environment Variables that Control the Build Environment Variables that Control the Build
============================================ ============================================

6
Help/release/dev/env-tls-certs.rst Normal file
View File

@ -0,0 +1,6 @@
env-tls-certs
-------------
* The :envvar:`SSL_CERT_FILE` and :envvar:`SSL_CERT_DIR` environment
variables are now used to find certificate authorities for TLS/SSL
operations.

11
Source/cmCurl.cxx
View File

@ -34,10 +34,21 @@
std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile) std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile)
{ {
std::string e; std::string e;
std::string env_ca;
if (!cafile.empty()) { if (!cafile.empty()) {
::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str()); ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
} }
/* Honor the user-configurable OpenSSL environment variables. */
else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca) &&
cmSystemTools::FileExists(env_ca, true)) {
::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, env_ca.c_str());
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
} else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca) &&
cmSystemTools::FileIsDirectory(env_ca)) {
::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAPATH, env_ca.c_str());
check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
}
#ifdef CMAKE_FIND_CAFILE #ifdef CMAKE_FIND_CAFILE
# define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt" # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) { else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) {