file(DOWNLOAD|UPLOAD): Add CMAKE_TLS_VERSION variable

Issue: #25701

Help/command/file.rst

@@ -1101,6 +1101,9 @@ Transfer
       .. versionadded:: 3.30
 
       Specify minimum TLS version for ``https://`` URLs.
+      If this option is not specified, the value of the
+      :variable:`CMAKE_TLS_VERSION` variable will be used instead.
+      See that variable for allowed values.
 
     ``TLS_VERIFY <ON|OFF>``
       Specify whether to verify the server certificate for ``https://`` URLs.

Help/manual/cmake-variables.7.rst

@@ -272,6 +272,7 @@ Variables that Change Behavior
    /variable/CMAKE_SYSTEM_PROGRAM_PATH
    /variable/CMAKE_TLS_CAINFO
    /variable/CMAKE_TLS_VERIFY
+   /variable/CMAKE_TLS_VERSION
    /variable/CMAKE_USER_MAKE_RULES_OVERRIDE
    /variable/CMAKE_WARN_DEPRECATED
    /variable/CMAKE_WARN_ON_ABSOLUTE_INSTALL_DESTINATION

Help/release/dev/curl-tls-version.rst

@@ -4,3 +4,7 @@ curl-tls-version
 * The :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands
   gained a ``TLS_VERSION <min>`` option to specify the minimum TLS
   version for connections to ``https://`` URLs.
+
+* The :variable:`CMAKE_TLS_VERSION` variable was added to specify a
+  default minimum TLS version for connections to ``https://`` URLs by
+  the :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands.

Help/variable/CMAKE_TLS_VERSION.rst

@@ -0,0 +1,17 @@
+CMAKE_TLS_VERSION
+-----------------
+
+.. versionadded:: 3.30
+
+Specify the default value for the :command:`file(DOWNLOAD)` and
+:command:`file(UPLOAD)` commands' ``TLS_VERSION`` option.
+
+The value may be one of:
+
+* ``1.0``
+
+* ``1.1``
+
+* ``1.2``
+
+* ``1.3``

Source/cmFileCommand.cxx

@@ -2025,6 +2025,12 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
     ++i;
   }
 
+  if (!tls_version) {
+    if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) {
+      tls_version = *v;
+    }
+  }
+
   // Can't calculate hash if we don't save the file.
   // TODO Incrementally calculate hash in the write callback as the file is
   // being downloaded so this check can be relaxed.
@@ -2410,6 +2416,12 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
     ++i;
   }
 
+  if (!tls_version) {
+    if (cmValue v = status.GetMakefile().GetDefinition("CMAKE_TLS_VERSION")) {
+      tls_version = *v;
+    }
+  }
+
   // Open file for reading:
   //
   FILE* fin = cmsys::SystemTools::Fopen(filename, "rb");

Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad-stderr.txt

@@ -1,4 +1,9 @@
 ^CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
+  file DOWNLOAD given unknown TLS/SSL version bad-var
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
++
+CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
   file DOWNLOAD given unknown TLS/SSL version bad-arg
 Call Stack \(most recent call first\):
   CMakeLists\.txt:[0-9]+ \(include\)$

Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad.cmake

@@ -1 +1,5 @@
+set(CMAKE_TLS_VERSION bad-var)
+file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
+
+# The explicit argument overrides the cmake variable.
 file(DOWNLOAD "" TLS_VERSION bad-arg TLS_VERIFY 1 STATUS status LOG log)