file(DOWNLOAD|UPLOAD): Add CMAKE_TLS_VERSION environment variable

Issue: #25701

Help/envvar/CMAKE_TLS_VERSION.rst

@@ -0,0 +1,12 @@
+CMAKE_TLS_VERSION
+-----------------
+
+.. versionadded:: 3.30
+
+.. include:: ENV_VAR.txt
+
+Specify the default value for the :command:`file(DOWNLOAD)` and
+:command:`file(UPLOAD)` commands' ``TLS_VERSION`` option.
+This environment variable is used if the option is not given
+and the :variable:`CMAKE_TLS_VERSION` cmake variable is not set.
+See that variable for allowed values.

Help/manual/cmake-env-variables.7.rst

@@ -27,6 +27,7 @@ Environment Variables that Change Behavior
    /envvar/CMAKE_MAXIMUM_RECURSION_DEPTH
    /envvar/CMAKE_PREFIX_PATH
    /envvar/CMAKE_PROGRAM_PATH
+   /envvar/CMAKE_TLS_VERSION
    /envvar/SSL_CERT_DIR
    /envvar/SSL_CERT_FILE
 

Help/release/dev/curl-tls-version.rst

@@ -5,6 +5,7 @@ curl-tls-version
   gained a ``TLS_VERSION <min>`` option to specify the minimum TLS
   version for connections to ``https://`` URLs.
 
-* The :variable:`CMAKE_TLS_VERSION` variable was added to specify a
-  default minimum TLS version for connections to ``https://`` URLs by
-  the :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands.
+* The :variable:`CMAKE_TLS_VERSION` variable and :envvar:`CMAKE_TLS_VERSION`
+  environment variable were added to specify a default minimum TLS version
+  for connections to ``https://`` URLs by the :command:`file(DOWNLOAD)`
+  and :command:`file(UPLOAD)` commands.

Help/variable/CMAKE_TLS_VERSION.rst

@@ -5,6 +5,8 @@ CMAKE_TLS_VERSION
 
 Specify the default value for the :command:`file(DOWNLOAD)` and
 :command:`file(UPLOAD)` commands' ``TLS_VERSION`` option.
+If this variable is not set, the commands check the
+:envvar:`CMAKE_TLS_VERSION` environment variable.
 
 The value may be one of:
 

Source/cmFileCommand.cxx

@@ -2030,6 +2030,12 @@ bool HandleDownloadCommand(std::vector<std::string> const& args,
       tls_version = *v;
     }
   }
+  if (!tls_version) {
+    if (cm::optional<std::string> v =
+          cmSystemTools::GetEnvVar("CMAKE_TLS_VERSION")) {
+      tls_version = std::move(v);
+    }
+  }
 
   // Can't calculate hash if we don't save the file.
   // TODO Incrementally calculate hash in the write callback as the file is
@@ -2421,6 +2427,12 @@ bool HandleUploadCommand(std::vector<std::string> const& args,
       tls_version = *v;
     }
   }
+  if (!tls_version) {
+    if (cm::optional<std::string> v =
+          cmSystemTools::GetEnvVar("CMAKE_TLS_VERSION")) {
+      tls_version = std::move(v);
+    }
+  }
 
   // Open file for reading:
   //

Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad-stderr.txt

@@ -1,4 +1,9 @@
 ^CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
+  file DOWNLOAD given unknown TLS/SSL version bad-env
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
++
+CMake Error at TLS_VERSION-bad\.cmake:[0-9]+ \(file\):
   file DOWNLOAD given unknown TLS/SSL version bad-var
 Call Stack \(most recent call first\):
   CMakeLists\.txt:[0-9]+ \(include\)

Tests/RunCMake/file-DOWNLOAD/TLS_VERSION-bad.cmake

@@ -1,3 +1,8 @@
+# The environment variable provides a default.
+set(ENV{CMAKE_TLS_VERSION} bad-env)
+file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)
+
+# The cmake variable overrides the environment variable.
 set(CMAKE_TLS_VERSION bad-var)
 file(DOWNLOAD "" TLS_VERIFY 1 STATUS status LOG log)