Help: Document CMAKE_TLS_VERIFY variable explicitly

Previously it was mentioned only in the `file` and `ExternalProject` documentation.
2021-04-29 10:45:05 -04:00 · 2021-04-29 10:45:05 -04:00 · 7398993f5b
commit 7398993f5b
parent 9edff7f43e
4 changed files with 20 additions and 2 deletions
--- a/Help/command/file.rst
+++ b/Help/command/file.rst
@ -1070,7 +1070,7 @@ If neither ``NETRC`` option is given CMake will check variables
 For ``https://`` URLs CMake must be built with OpenSSL support.  ``TLS/SSL``
 certificates are not checked by default.  Set ``TLS_VERIFY`` to ``ON`` to
 check certificates. If neither ``TLS`` option is given CMake will check
-variables ``CMAKE_TLS_VERIFY`` and ``CMAKE_TLS_CAINFO``, respectively.
+variables :variable:`CMAKE_TLS_VERIFY` and ``CMAKE_TLS_CAINFO``, respectively.

 Additional options to ``DOWNLOAD`` are:

--- a/Help/manual/cmake-variables.7.rst
+++ b/Help/manual/cmake-variables.7.rst
@ -245,6 +245,7 @@ Variables that Change Behavior
   /variable/CMAKE_SYSTEM_LIBRARY_PATH
   /variable/CMAKE_SYSTEM_PREFIX_PATH
   /variable/CMAKE_SYSTEM_PROGRAM_PATH
+   /variable/CMAKE_TLS_VERIFY
   /variable/CMAKE_USER_MAKE_RULES_OVERRIDE
   /variable/CMAKE_WARN_DEPRECATED
   /variable/CMAKE_WARN_ON_ABSOLUTE_INSTALL_DESTINATION
--- a/Help/variable/CMAKE_TLS_VERIFY.rst
+++ b/Help/variable/CMAKE_TLS_VERIFY.rst
@ -0,0 +1,17 @@
+CMAKE_TLS_VERIFY
+----------------
+
+Specify the default value for the :command:`file(DOWNLOAD)` and
+:command:`file(UPLOAD)` commands' ``TLS_VERIFY`` options.
+If not set, the default is *off*.
+
+This setting is also used by the :module:`ExternalProject` module
+for internal calls to :command:`file(DOWNLOAD)`.
+
+TLS verification can help provide confidence that one is connecting
+to the desired server.  When downloading known content, one should
+also use file hashes to verify it.
+
+.. code-block:: cmake
+
+  set(CMAKE_TLS_VERIFY TRUE)
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@ -212,7 +212,7 @@ External Project Definition
      ``TLS_VERIFY <bool>``
        Specifies whether certificate verification should be performed for
        https URLs. If this option is not provided, the default behavior is
-        determined by the ``CMAKE_TLS_VERIFY`` variable (see
+        determined by the :variable:`CMAKE_TLS_VERIFY` variable (see
        :command:`file(DOWNLOAD)`). If that is also not set, certificate
        verification will not be performed. In situations where ``URL_HASH``
        cannot be provided, this option can be an alternative verification