Kitware/CMake
1
0
Fork 0
mirror of https://github.com/Kitware/CMake.git synced 2025-10-18 08:51:52 +08:00
Code Issues Projects Releases Wiki Activity

file(DOWNLOAD|UPLOAD): Add TLS_VERSION option for https connections

Browse Source 
Add an option to specify the minimum allowed TLS version for https
connections.

Issue: #25701
This commit is contained in:
Brad King
2024-02-26 11:35:46 -05:00
parent 9d1f831818
commit 8e6776b9f3
27 changed files with 122 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
Source/cmFileCommand.cxx
View File

@@ -1859,6 +1859,7 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
long inactivity_timeout = 0;
std::string logVar;
std::string statusVar;
cm::optional<std::string> tls_version;
bool tls_verify = status.GetMakefile().IsOn("CMAKE_TLS_VERIFY");
cmValue cainfo = status.GetMakefile().GetDefinition("CMAKE_TLS_CAINFO");
std::string netrc_level =
@@ -1905,6 +1906,14 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
return false;
}
statusVar = *i;
} else if (*i == "TLS_VERSION") {
++i;
if (i != args.end()) {
tls_version = *i;
} else {
status.SetError("DOWNLOAD missing value for TLS_VERSION.");
return false;
}
} else if (*i == "TLS_VERIFY") {
++i;
if (i != args.end()) {
@@ -2092,6 +2101,19 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
cmFileCommandCurlDebugCallback);
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
if (tls_version) {
if (cm::optional<int> v = cmCurlParseTLSVersion(*tls_version)) {
res = ::curl_easy_setopt(curl, CURLOPT_SSLVERSION, *v);
check_curl_result(
res,
cmStrCat("DOWNLOAD cannot set TLS/SSL version ", *tls_version, ": "));
} else {
status.SetError(
cmStrCat("DOWNLOAD given unknown TLS/SSL version ", *tls_version));
return false;
}
}
// check to see if TLS verification is requested
if (tls_verify) {
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
@@ -2281,6 +2303,7 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
std::string logVar;
std::string statusVar;
bool showProgress = false;
cm::optional<std::string> tls_version;
bool tls_verify = status.GetMakefile().IsOn("CMAKE_TLS_VERIFY");
cmValue cainfo = status.GetMakefile().GetDefinition("CMAKE_TLS_CAINFO");
std::string userpwd;
@@ -2324,6 +2347,14 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
statusVar = *i;
} else if (*i == "SHOW_PROGRESS") {
showProgress = true;
} else if (*i == "TLS_VERSION") {
++i;
if (i != args.end()) {
tls_version = *i;
} else {
status.SetError("UPLOAD missing value for TLS_VERSION.");
return false;
}
} else if (*i == "TLS_VERIFY") {
++i;
if (i != args.end()) {
@@ -2423,6 +2454,19 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
cmFileCommandCurlDebugCallback);
check_curl_result(res, "UPLOAD cannot set debug function: ");
if (tls_version) {
if (cm::optional<int> v = cmCurlParseTLSVersion(*tls_version)) {
res = ::curl_easy_setopt(curl, CURLOPT_SSLVERSION, *v);
check_curl_result(
res,
cmStrCat("UPLOAD cannot set TLS/SSL version ", *tls_version, ": "));
} else {
status.SetError(
cmStrCat("UPLOAD given unknown TLS/SSL version ", *tls_version));
return false;
}
}
// check to see if TLS verification is requested
if (tls_verify) {
res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);