Merge topic 'tls-verify'

7139944264 ctest: Fall back to CMake environment variable for TLS server verification c295df53c6 ctest: Test fallback to CMake options for TLS server verification 0d250dd021 ExternalProject: Honor CMAKE_TLS_VERIFY environment variable e8404502b1 ExternalProject: Revise TLS_VERIFY wording to use TLS_VERSION pattern 46faaf9667 file(DOWNLOAD|UPLOAD): Add CMAKE_TLS_VERIFY environment variable 8b0169fe2b file(DOWNLOAD|UPLOAD): Add test covering CMAKE_TLS_VERIFY cmake variable 93886f5c7d file(DOWNLOAD|UPLOAD): Avoid unnecessary CMAKE_TLS_VERIFY variable lookup bed32f400e file(DOWNLOAD|UPLOAD): Document TLS_VERSION fallback to environment variable ... Acked-by: Kitware Robot <kwrobot@kitware.com> Acked-by: scivision <michael@scivision.dev> Merge-request: !9389
2026-04-23 22:58:37 -05:00 · 2024-04-01 13:37:06 +00:00
parent 5ebd5daa93 7139944264
commit 554a9b00c8
47 changed files with 214 additions and 37 deletions
@@ -28,8 +28,12 @@ block()
      set(CTEST_TLS_VERSION "$ENV{CMAKE_TLS_VERSION}")
    endif()
  endif()
-  if(NOT DEFINED CTEST_TLS_VERIFY AND DEFINED CMAKE_TLS_VERIFY)
-    set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}")
+  if(NOT DEFINED CTEST_TLS_VERIFY)
+    if(DEFINED CMAKE_TLS_VERIFY)
+      set(CTEST_TLS_VERIFY "${CMAKE_TLS_VERIFY}")
+    elseif(DEFINED ENV{CMAKE_TLS_VERIFY})
+      set(CTEST_TLS_VERIFY "$ENV{CMAKE_TLS_VERIFY}")
+    endif()
  endif()
  if(CTEST_NEW_FORMAT)
    configure_file(
@@ -242,19 +242,28 @@ URL

 ``TLS_VERIFY <bool>``
  Specifies whether certificate verification should be performed for
-  ``https://`` URLs. If this option is not provided, the default behavior
-  is determined by the :variable:`CMAKE_TLS_VERIFY` variable (see
-  :command:`file(DOWNLOAD)`). If that is also not set, certificate
-  verification will not be performed. In situations where ``URL_HASH``
-  cannot be provided, this option can be an alternative verification
-  measure.
+  ``https://`` URLs.  If this option is not provided, the value of the
+  :variable:`CMAKE_TLS_VERIFY` variable or the :envvar:`CMAKE_TLS_VERIFY`
+  environment variable will be used instead (see :command:`file(DOWNLOAD)`).
+  If neither of those is set, certificate verification will not be performed.
+  In situations where ``URL_HASH`` cannot be provided, this option can
+  be an alternative verification measure.
+
+  This option also applies to ``git clone`` invocations, although the
+  default behavior is different.  If none of the ``TLS_VERIFY`` option,
+  :variable:`CMAKE_TLS_VERIFY` variable, or :envvar:`CMAKE_TLS_VERIFY`
+  environment variable is specified, the behavior will be determined by
+  git's default (true) or a ``http.sslVerify`` git config option the
+  user may have set at a global level.

  .. versionchanged:: 3.6
-    This option also applies to ``git clone`` invocations, although the
-    default behavior is different.  If neither the ``TLS_VERIFY`` option
-    or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior
-    will be determined by git's default (true) or a ``http.sslVerify``
-    git config option the user may have set at a global level.
+
+    Previously this option did not apply to ``git clone`` invocations.
+
+  .. versionchanged:: 3.30
+
+    Previously the :envvar:`CMAKE_TLS_VERIFY` environment variable
+    was not checked.

 ``TLS_CAINFO <file>``
  Specify a custom certificate authority file to use if ``TLS_VERIFY``
@@ -1394,8 +1403,12 @@ endfunction()

 function(_ep_get_tls_verify name tls_verify_var)
  get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
-  if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY)
-    set(tls_verify "${CMAKE_TLS_VERIFY}")
+  if("x${tls_verify}" STREQUAL "x")
+    if(NOT "x${CMAKE_TLS_VERIFY}" STREQUAL "x")
+      set(tls_verify "${CMAKE_TLS_VERIFY}")
+    elseif(NOT "x$ENV{CMAKE_TLS_VERIFY}" STREQUAL "x")
+      set(tls_verify "$ENV{CMAKE_TLS_VERIFY}")
+    endif()
  endif()
  set("${tls_verify_var}" "${tls_verify}" PARENT_SCOPE)
 endfunction()