mirror of
https://github.com/Kitware/CMake.git
synced 2026-02-21 22:50:26 -06:00
Merge topic 'curl-tls-version'
5d2ea8371dTests/RunCMake/file-DOWNLOAD: Add case covering TLS_VERSION valuesc864ffceb7Tests/RunCMake/file-DOWNLOAD: Clarify name of invalid TLS_VERSION case Acked-by: Kitware Robot <kwrobot@kitware.com> Acked-by: buildbot <buildbot@kitware.com> Merge-request: !9845
This commit is contained in:
Brad King
@@ -100,6 +100,7 @@ set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
set(CMake_TEST_UseSWIG "ON" CACHE BOOL "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake")
|
||||
|
||||
@@ -108,6 +108,7 @@ set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
if (NOT "$ENV{SWIFTC}" STREQUAL "")
|
||||
set(CMAKE_Swift_COMPILER "$ENV{SWIFTC}" CACHE FILEPATH "")
|
||||
|
||||
@@ -111,6 +111,7 @@ set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
set(CMake_TEST_UseSWIG "ON" CACHE BOOL "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_external_test.cmake")
|
||||
|
||||
@@ -6,6 +6,7 @@ set(CMake_TEST_MODULE_COMPILATION "named,compile_commands,collation,partitions,i
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
# "Release" flags without "-DNDEBUG" so we get assertions.
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O3" CACHE STRING "")
|
||||
|
||||
@@ -4,6 +4,7 @@ set(CMAKE_USE_SYSTEM_CURL "OFF" CACHE BOOL "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")
|
||||
|
||||
@@ -9,6 +9,7 @@ set(CMake_TEST_GUI "ON" CACHE BOOL "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")
|
||||
|
||||
@@ -9,6 +9,7 @@ endif()
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")
|
||||
|
||||
@@ -12,6 +12,7 @@ endif()
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")
|
||||
|
||||
@@ -6,6 +6,7 @@ set(CMAKE_PREFIX_PATH "" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_wix_common.cmake")
|
||||
|
||||
@@ -12,6 +12,7 @@ endif()
|
||||
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
|
||||
set(CMake_TEST_TLS_VERSION_URL_BAD "https://tls-v1-1.badssl.com:1011" CACHE STRING "")
|
||||
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake")
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_wix_common.cmake")
|
||||
|
||||
@@ -599,6 +599,7 @@ foreach(var
|
||||
CMake_TEST_TLS_VERIFY_URL
|
||||
CMake_TEST_TLS_VERIFY_URL_BAD
|
||||
CMake_TEST_TLS_VERSION
|
||||
CMake_TEST_TLS_VERSION_URL_BAD
|
||||
)
|
||||
if(DEFINED ${var})
|
||||
list(APPEND file-DOWNLOAD_ARGS -D${var}=${${var}})
|
||||
|
||||
@@ -11,6 +11,7 @@ run_cmake(httpheader-not-set)
|
||||
run_cmake(netrc-bad)
|
||||
run_cmake(tls-cainfo-not-set)
|
||||
run_cmake(tls-verify-not-set)
|
||||
run_cmake(TLS_VERSION-invalid)
|
||||
run_cmake(TLS_VERSION-missing)
|
||||
run_cmake(pass-not-set)
|
||||
run_cmake(no-save-hash)
|
||||
@@ -26,10 +27,12 @@ if(NOT CMake_TEST_NO_NETWORK)
|
||||
run_cmake(bad-hostname)
|
||||
endif()
|
||||
|
||||
run_cmake_with_options(TLS_VERSION-bad)
|
||||
if(CMake_TEST_TLS_VERIFY_URL_BAD)
|
||||
run_cmake_with_options(TLS_VERIFY-bad -Durl=${CMake_TEST_TLS_VERIFY_URL_BAD})
|
||||
endif()
|
||||
if(CMake_TEST_TLS_VERSION_URL_BAD)
|
||||
run_cmake_with_options(TLS_VERSION-bad -Durl=${CMake_TEST_TLS_VERSION_URL_BAD})
|
||||
endif()
|
||||
|
||||
if(CMake_TEST_TLS_VERIFY_URL)
|
||||
run_cmake_with_options(TLS_VERIFY-good -Durl=${CMake_TEST_TLS_VERIFY_URL})
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
-- def-1\.1: 0;"No error"
|
||||
-- env-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- env-1\.1: 0;"No error"
|
||||
-- var-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- var-1\.1: 0;"No error"
|
||||
-- opt-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- opt-1\.1: 0;"No error"
|
||||
@@ -0,0 +1,7 @@
|
||||
-- def-1\.1: 0;"No error"
|
||||
-- env-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- env-1\.1: 0;"No error"
|
||||
-- var-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- var-1\.1: 0;"No error"
|
||||
-- opt-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- opt-1\.1: 0;"No error"
|
||||
3
Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad-stdout.txt
Normal file
3
Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad-stdout.txt
Normal file
@@ -0,0 +1,3 @@
|
||||
-- env-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- var-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
-- opt-1\.2: (60;"SSL peer certificate or SSH remote key was not OK"|35;"SSL connect error")
|
||||
@@ -1,10 +1,55 @@
|
||||
# The environment variable provides a default.
|
||||
set(ENV{CMAKE_TLS_VERSION} bad-env)
|
||||
file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
|
||||
function(download case)
|
||||
# URL with semantics like https://tls-v1-1.badssl.com:1011 is provided by caller
|
||||
file(DOWNLOAD ${url} ${ARGN} STATUS status LOG log)
|
||||
message(STATUS "${case}: ${status}")
|
||||
if(case MATCHES "1\\.2$" AND NOT status MATCHES "^(35|60);")
|
||||
message("${log}")
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
set(CMAKE_TLS_VERIFY 1)
|
||||
|
||||
if(CMAKE_HOST_WIN32 OR CMAKE_HOST_APPLE)
|
||||
# The OS-native TLS implementations support TLS 1.1.
|
||||
set(TEST_TLSv1_1 1)
|
||||
else()
|
||||
# OpenSSL 3.1+ does not support TLS 1.1 or older without setting
|
||||
# the security level to 0, which curl (correctly) does not do.
|
||||
# https://openssl-library.org/news/openssl-3.1-notes/index.html#major-changes-between-openssl-30-and-openssl-310-14-mar-2023
|
||||
set(TEST_TLSv1_1 0)
|
||||
endif()
|
||||
|
||||
if(TEST_TLSv1_1)
|
||||
# The default is to allow 1.1.
|
||||
unset(ENV{CMAKE_TLS_VERSION})
|
||||
unset(CMAKE_TLS_VERSION)
|
||||
download(def-1.1)
|
||||
endif()
|
||||
|
||||
# The environment variable overrides the default.
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.2)
|
||||
download(env-1.2)
|
||||
if(TEST_TLSv1_1)
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.1)
|
||||
download(env-1.1)
|
||||
endif()
|
||||
|
||||
# The cmake variable overrides the environment variable.
|
||||
set(CMAKE_TLS_VERSION bad-var)
|
||||
file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.1)
|
||||
set(CMAKE_TLS_VERSION 1.2)
|
||||
download(var-1.2)
|
||||
if(TEST_TLSv1_1)
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.2)
|
||||
set(CMAKE_TLS_VERSION 1.1)
|
||||
download(var-1.1)
|
||||
endif()
|
||||
|
||||
# The explicit argument overrides the cmake variable.
|
||||
file(DOWNLOAD "" TLS_VERSION bad-arg TLS_VERIFY 1 STATUS status LOG log)
|
||||
# The explicit argument overrides the cmake variable and the environment variable.
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.1)
|
||||
set(CMAKE_TLS_VERSION 1.1)
|
||||
download(opt-1.2 TLS_VERSION 1.2)
|
||||
if(TEST_TLSv1_1)
|
||||
set(ENV{CMAKE_TLS_VERSION} 1.2)
|
||||
set(CMAKE_TLS_VERSION 1.2)
|
||||
download(opt-1.1 TLS_VERSION 1.1)
|
||||
endif()
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
^CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
|
||||
^CMake Error at TLS_VERSION-invalid\.cmake:[0-9]+ \(file\):
|
||||
file DOWNLOAD given unknown TLS/SSL version bad-env
|
||||
Call Stack \(most recent call first\):
|
||||
CMakeLists\.txt:[0-9]+ \(include\)
|
||||
+
|
||||
CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
|
||||
CMake Error at TLS_VERSION-invalid\.cmake:[0-9]+ \(file\):
|
||||
file DOWNLOAD given unknown TLS/SSL version bad-var
|
||||
Call Stack \(most recent call first\):
|
||||
CMakeLists\.txt:[0-9]+ \(include\)
|
||||
+
|
||||
CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
|
||||
CMake Error at TLS_VERSION-invalid\.cmake:[0-9]+ \(file\):
|
||||
file DOWNLOAD given unknown TLS/SSL version bad-arg
|
||||
Call Stack \(most recent call first\):
|
||||
CMakeLists\.txt:[0-9]+ \(include\)$
|
||||
10
Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-invalid.cmake
Normal file
10
Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-invalid.cmake
Normal file
@@ -0,0 +1,10 @@
|
||||
# The environment variable provides a default.
|
||||
set(ENV{CMAKE_TLS_VERSION} bad-env)
|
||||
file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
|
||||
|
||||
# The cmake variable overrides the environment variable.
|
||||
set(CMAKE_TLS_VERSION bad-var)
|
||||
file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
|
||||
|
||||
# The explicit argument overrides the cmake variable.
|
||||
file(DOWNLOAD "" TLS_VERSION bad-arg TLS_VERIFY 1 STATUS status LOG log)
|
||||
Reference in New Issue
Block a user