Home Explore Help
Sign In
Apq
/
CMake
mirror of https://github.com/Kitware/CMake.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

ExternalProject: Honor CMAKE_TLS_VERIFY environment variable

Issue: #23608
Brad King 1 year ago
parent
e8404502b1
commit
0d250dd021
2 changed files with 23 additions and 9 deletions
Split View Show Diff Stats
  1. 4 0
      Help/envvar/CMAKE_TLS_VERIFY.rst
  2. 19 9
      Modules/ExternalProject.cmake

+ 4 - 0
Help/envvar/CMAKE_TLS_VERIFY.rst
View File 

@@ -9,3 +9,7 @@ Specify the default value for the :command:`file(DOWNLOAD)` and
 
 :command:`file(UPLOAD)` commands' ``TLS_VERIFY`` option.
 
 This environment variable is used if the option is not given
 
 and the :variable:`CMAKE_TLS_VERIFY` cmake variable is not set.
 
+
 
+This variable is also used by the :module:`ExternalProject` and
 
+:module:`FetchContent` modules for internal calls to
 
+:command:`file(DOWNLOAD)` and ``git clone``.

+ 19 - 9
Modules/ExternalProject.cmake
View File 

@@ -243,22 +243,28 @@ URL
 
 ``TLS_VERIFY <bool>``
 
   Specifies whether certificate verification should be performed for
 
   ``https://`` URLs.  If this option is not provided, the value of the
 
-  :variable:`CMAKE_TLS_VERIFY` variable will be used instead (see
 
-  :command:`file(DOWNLOAD)`).
 
-  If that is also not set, certificate verification will not be performed.
 
+  :variable:`CMAKE_TLS_VERIFY` variable or the :envvar:`CMAKE_TLS_VERIFY`
 
+  environment variable will be used instead (see :command:`file(DOWNLOAD)`).
 
+  If neither of those is set, certificate verification will not be performed.
 
   In situations where ``URL_HASH`` cannot be provided, this option can
 
   be an alternative verification measure.
 
 
   This option also applies to ``git clone`` invocations, although the
 
-  default behavior is different.  If neither the ``TLS_VERIFY`` option
 
-  or :variable:`CMAKE_TLS_VERIFY` variable is specified, the behavior
 
-  will be determined by git's default (true) or a ``http.sslVerify``
 
-  git config option the user may have set at a global level.
 
+  default behavior is different.  If none of the ``TLS_VERIFY`` option,
 
+  :variable:`CMAKE_TLS_VERIFY` variable, or :envvar:`CMAKE_TLS_VERIFY`
 
+  environment variable is specified, the behavior will be determined by
 
+  git's default (true) or a ``http.sslVerify`` git config option the
 
+  user may have set at a global level.
 
 
   .. versionchanged:: 3.6
 
 
     Previously this option did not apply to ``git clone`` invocations.
 
 
+  .. versionchanged:: 3.30
 
+
 
+    Previously the :envvar:`CMAKE_TLS_VERIFY` environment variable
 
+    was not checked.
 
+
 
 ``TLS_CAINFO <file>``
 
   Specify a custom certificate authority file to use if ``TLS_VERIFY``
 
   is enabled. If this option is not specified, the value of the
 
@@ -1397,8 +1403,12 @@ endfunction()
 
 
 function(_ep_get_tls_verify name tls_verify_var)
 
   get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
 
-  if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY)
 
-    set(tls_verify "${CMAKE_TLS_VERIFY}")
 
+  if("x${tls_verify}" STREQUAL "x")
 
+    if(NOT "x${CMAKE_TLS_VERIFY}" STREQUAL "x")
 
+      set(tls_verify "${CMAKE_TLS_VERIFY}")
 
+    elseif(NOT "x$ENV{CMAKE_TLS_VERIFY}" STREQUAL "x")
 
+      set(tls_verify "$ENV{CMAKE_TLS_VERIFY}")
 
+    endif()
 
   endif()
 
   set("${tls_verify_var}" "${tls_verify}" PARENT_SCOPE)
 
 endfunction()