1 /* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
2 file Copyright.txt or https://cmake.org/licensing for details. */
5 #include <cm/string_view>
6 #include <cmext/string_view>
8 #if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) && \
9 !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
10 # define CMAKE_FIND_CAFILE
12 #include "cmStringAlgorithms.h"
13 #include "cmSystemTools.h"
20 # include "cmsys/Encoding.hxx"
23 // curl versions before 7.21.5 did not provide this error code
24 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x071505
25 # define CURLE_NOT_BUILT_IN 4
28 #define check_curl_result(result, errstr) \
30 if ((result) != CURLE_OK && (result) != CURLE_NOT_BUILT_IN) { \
31 e += e.empty() ? "" : "\n"; \
33 e += ::curl_easy_strerror(result); \
37 // curl versions before 7.52.0 did not provide TLS 1.3 support
38 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400
39 # define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST
42 // curl versions before 7.64.1 referred to Secure Transport as DarwinSSL
43 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x074001
44 # define CURLSSLBACKEND_SECURETRANSPORT CURLSSLBACKEND_DARWINSSL
47 // Make sure we keep up with new TLS versions supported by curl.
48 // Do this only for our vendored curl to avoid breaking builds
49 // against external future versions of curl.
50 #if !defined(CMAKE_USE_SYSTEM_CURL)
51 static_assert(CURL_SSLVERSION_LAST
== 8,
52 "A new CURL_SSLVERSION_ may be available!");
57 // curl 7.56.0 introduced curl_global_sslset.
58 #if defined(__APPLE__) && defined(CMAKE_USE_SYSTEM_CURL) && \
59 defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM >= 0x073800
60 static bool initialized
= false;
66 cm::optional
<std::string
> curl_ssl_backend
=
67 cmSystemTools::GetEnvVar("CURL_SSL_BACKEND");
68 if (!curl_ssl_backend
|| curl_ssl_backend
->empty()) {
69 curl_version_info_data
* cv
= curl_version_info(CURLVERSION_FIRST
);
70 // curl 8.3.0 through 8.5.x did not re-initialize LibreSSL correctly,
71 // so prefer the Secure Transport backend by default in those versions.
72 if (cv
->version_num
>= 0x080300 && cv
->version_num
< 0x080600) {
73 curl_global_sslset(CURLSSLBACKEND_SECURETRANSPORT
, NULL
, NULL
);
79 cm::optional
<int> cmCurlParseTLSVersion(cm::string_view tls_version
)
82 if (tls_version
== "1.0"_s
) {
83 v
= CURL_SSLVERSION_TLSv1_0
;
84 } else if (tls_version
== "1.1"_s
) {
85 v
= CURL_SSLVERSION_TLSv1_1
;
86 } else if (tls_version
== "1.2"_s
) {
87 v
= CURL_SSLVERSION_TLSv1_2
;
88 } else if (tls_version
== "1.3"_s
) {
89 v
= CURL_SSLVERSION_TLSv1_3
;
94 cm::optional
<std::string
> cmCurlPrintTLSVersion(int curl_tls_version
)
96 cm::optional
<std::string
> s
;
97 switch (curl_tls_version
) {
98 case CURL_SSLVERSION_TLSv1_0
:
99 s
= "CURL_SSLVERSION_TLSv1_0"_s
;
101 case CURL_SSLVERSION_TLSv1_1
:
102 s
= "CURL_SSLVERSION_TLSv1_1"_s
;
104 case CURL_SSLVERSION_TLSv1_2
:
105 s
= "CURL_SSLVERSION_TLSv1_2"_s
;
107 case CURL_SSLVERSION_TLSv1_3
:
108 s
= "CURL_SSLVERSION_TLSv1_3"_s
;
114 std::string
cmCurlSetCAInfo(::CURL
* curl
, const std::string
& cafile
)
118 if (!cafile
.empty()) {
119 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, cafile
.c_str());
120 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
122 /* Honor the user-configurable OpenSSL environment variables. */
123 else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca
) &&
124 cmSystemTools::FileExists(env_ca
, true)) {
125 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, env_ca
.c_str());
126 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
127 } else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca
) &&
128 cmSystemTools::FileIsDirectory(env_ca
)) {
129 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAPATH
, env_ca
.c_str());
130 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
132 #ifdef CMAKE_FIND_CAFILE
133 # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
134 else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA
, true)) {
136 ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, CMAKE_CAFILE_FEDORA
);
137 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
139 # undef CMAKE_CAFILE_FEDORA
141 # define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
142 if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON
, true)) {
144 ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, CMAKE_CAFILE_COMMON
);
145 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
147 # undef CMAKE_CAFILE_COMMON
148 # define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
149 if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON
)) {
151 ::curl_easy_setopt(curl
, CURLOPT_CAPATH
, CMAKE_CAPATH_COMMON
);
152 check_curl_result(res
, "Unable to set TLS/SSL Verify CAPATH: ");
154 # undef CMAKE_CAPATH_COMMON
160 std::string
cmCurlSetNETRCOption(::CURL
* curl
, const std::string
& netrc_level
,
161 const std::string
& netrc_file
)
164 CURL_NETRC_OPTION curl_netrc_level
= CURL_NETRC_LAST
;
167 if (!netrc_level
.empty()) {
168 if (netrc_level
== "OPTIONAL") {
169 curl_netrc_level
= CURL_NETRC_OPTIONAL
;
170 } else if (netrc_level
== "REQUIRED") {
171 curl_netrc_level
= CURL_NETRC_REQUIRED
;
172 } else if (netrc_level
== "IGNORED") {
173 curl_netrc_level
= CURL_NETRC_IGNORED
;
175 e
= cmStrCat("NETRC accepts OPTIONAL, IGNORED or REQUIRED but got: ",
181 if (curl_netrc_level
!= CURL_NETRC_LAST
&&
182 curl_netrc_level
!= CURL_NETRC_IGNORED
) {
183 res
= ::curl_easy_setopt(curl
, CURLOPT_NETRC
, curl_netrc_level
);
184 check_curl_result(res
, "Unable to set netrc level: ");
189 // check to see if a .netrc file has been specified
190 if (!netrc_file
.empty()) {
191 res
= ::curl_easy_setopt(curl
, CURLOPT_NETRC_FILE
, netrc_file
.c_str());
192 check_curl_result(res
, "Unable to set .netrc file path : ");
198 std::string
cmCurlFixFileURL(std::string url
)
200 if (!cmHasLiteralPrefix(url
, "file://")) {
204 // libcurl 7.77 and below accidentally allowed spaces in URLs in some cases.
205 // One such case was file:// URLs, which CMake has long accepted as a result.
206 // Explicitly encode spaces for a URL.
207 cmSystemTools::ReplaceString(url
, " ", "%20");
210 // libcurl doesn't support file:// urls for unicode filenames on Windows.
211 // Convert string from UTF-8 to ACP if this is a file:// URL.
212 std::wstring wurl
= cmsys::Encoding::ToWide(url
);
214 int mblen
= WideCharToMultiByte(CP_ACP
, 0, wurl
.c_str(), -1, nullptr, 0,
217 std::vector
<char> chars(mblen
);
218 mblen
= WideCharToMultiByte(CP_ACP
, 0, wurl
.c_str(), -1, &chars
[0],
219 mblen
, nullptr, nullptr);