Merge topic 'ctest-tls-options'

aeb8bcc055 ctest: Fall back to CMake options for TLS version
56e319ce4a ctest: Fall back to CMake options for TLS server verification
6671f17f65 ctest: Add explicit options for TLS version
0aba13a2f3 ctest: Add explicit options for TLS server verification
51728a6dd3 CTest: Create scope to isolate defaults for DartConfiguration.tcl
8a3a486fb5 cmCTestCurl: Factor out helper struct for curl options
7f668bb94f cmCTestCurl: Use inline member initialization
add81210df cmCurl: Assert that we cover all TLS versions supported by our vendored curl
...

Acked-by: Kitware Robot <kwrobot@kitware.com>
Acked-by: buildbot <buildbot@kitware.com>
Merge-request: !9318

Help/manual/cmake-variables.7.rst

@@ -728,6 +728,8 @@ Variables for CTest
    /variable/CTEST_SVN_UPDATE_OPTIONS
    /variable/CTEST_TEST_LOAD
    /variable/CTEST_TEST_TIMEOUT
+   /variable/CTEST_TLS_VERIFY
+   /variable/CTEST_TLS_VERSION
    /variable/CTEST_UPDATE_COMMAND
    /variable/CTEST_UPDATE_OPTIONS
    /variable/CTEST_UPDATE_VERSION_ONLY

Help/manual/ctest.1.rst

@@ -1452,14 +1452,25 @@ Configuration settings include:
   * :module:`CTest` module variable: ``CTEST_SUBMIT_RETRY_DELAY``
 
 ``CurlOptions``
+  .. deprecated:: 3.30
+
+    Use ``TLSVerify`` instead.
+
   Specify a semicolon-separated list of options to control the
   Curl library that CTest uses internally to connect to the
-  server.  Possible options are ``CURLOPT_SSL_VERIFYPEER_OFF``
-  and ``CURLOPT_SSL_VERIFYHOST_OFF``.
+  server.
 
   * `CTest Script`_ variable: :variable:`CTEST_CURL_OPTIONS`
   * :module:`CTest` module variable: ``CTEST_CURL_OPTIONS``
 
+  Possible options are:
+
+  ``CURLOPT_SSL_VERIFYPEER_OFF``
+    Disable the ``CURLOPT_SSL_VERIFYPEER`` curl option.
+
+  ``CURLOPT_SSL_VERIFYHOST_OFF``
+    Disable the ``CURLOPT_SSL_VERIFYHOST`` curl option.
+
 ``DropLocation``
   Legacy option.  When ``SubmitURL`` is not set, it is constructed from
   ``DropMethod``, ``DropSiteUser``, ``DropSitePassword``, ``DropSite``, and
@@ -1540,6 +1551,24 @@ Configuration settings include:
   * `CTest Script`_ variable: :variable:`CTEST_SUBMIT_INACTIVITY_TIMEOUT`
   * :module:`CTest` module variable: ``CTEST_SUBMIT_INACTIVITY_TIMEOUT``
 
+``TLSVersion``
+  .. versionadded:: 3.30
+
+  Specify a minimum TLS version allowed when submitting to a dashboard
+  via ``https://`` URLs.
+
+  * `CTest Script`_ variable: :variable:`CTEST_TLS_VERSION`
+  * :module:`CTest` module variable: ``CTEST_TLS_VERSION``
+
+``TLSVerify``
+  .. versionadded:: 3.30
+
+  Specify a boolean value indicating whether to verify the server
+  certificate when submitting to a dashboard via ``https://`` URLs.
+
+  * `CTest Script`_ variable: :variable:`CTEST_TLS_VERIFY`
+  * :module:`CTest` module variable: ``CTEST_TLS_VERIFY``
+
 ``TriggerSite``
   Legacy option.  Not used.
 

Help/release/dev/curl-tls-version.rst

@@ -15,3 +15,8 @@ curl-tls-version
   :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION`
   environment variable, to specify the minimum TLS version for connections
   to ``https://`` URLs.
+
+* The :command:`ctest_submit` command and :option:`ctest -T Submit <ctest -T>`
+  step gained ``TLSVersion`` and ``TLSVerify`` options to control negotiation
+  with ``https://`` URLs.  See the :variable:`CTEST_TLS_VERSION` and
+  :variable:`CTEST_TLS_VERIFY` variables.

Help/variable/CMAKE_TLS_VERSION-VALUES.txt

@@ -0,0 +1,7 @@
+* ``1.0``
+
+* ``1.1``
+
+* ``1.2``
+
+* ``1.3``

Help/variable/CMAKE_TLS_VERSION.rst

@@ -10,13 +10,7 @@ If this variable is not set, the commands check the
 
 The value may be one of:
 
-* ``1.0``
-
-* ``1.1``
-
-* ``1.2``
-
-* ``1.3``
+.. include:: CMAKE_TLS_VERSION-VALUES.txt
 
 This variable is also used by the :module:`ExternalProject` and
 :module:`FetchContent` modules for internal calls to

Help/variable/CTEST_CURL_OPTIONS.rst

@@ -1,6 +1,10 @@
 CTEST_CURL_OPTIONS
 ------------------
 
+.. deprecated:: 3.30
+
+  Use the :variable:`CTEST_TLS_VERIFY` variable instead.
+
 .. versionadded:: 3.1
 
 Specify the CTest ``CurlOptions`` setting

Help/variable/CTEST_TLS_VERIFY.rst

@@ -0,0 +1,13 @@
+CTEST_TLS_VERIFY
+----------------
+
+.. versionadded:: 3.30
+
+Specify the CTest ``TLSVerify`` setting in a :manual:`ctest(1)`
+:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code
+before including the :module:`CTest` module.  The value is a boolean
+indicating whether to  verify the server certificate when submitting
+to a dashboard via ``https://`` URLs.
+
+If ``CTEST_TLS_VERIFY`` is not set, :variable:`CMAKE_TLS_VERIFY` is
+used instead.

Help/variable/CTEST_TLS_VERSION.rst

@@ -0,0 +1,16 @@
+CTEST_TLS_VERSION
+-----------------
+
+.. versionadded:: 3.30
+
+Specify the CTest ``TLSVersion`` setting in a :manual:`ctest(1)`
+:ref:`Dashboard Client` script or in project ``CMakeLists.txt`` code
+before including the :module:`CTest` module.  The value is a minimum
+TLS version allowed when submitting to a dashboard via ``https://`` URLs.
+
+The value may be one of:
+
+.. include:: CMAKE_TLS_VERSION-VALUES.txt
+
+If ``CTEST_TLS_VERSION`` is not set, the :variable:`CMAKE_TLS_VERSION` variable
+or :envvar:`CMAKE_TLS_VERSION` environment variable is used instead.