Source/cmCurl.cxx

   1 /* Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
   2    file Copyright.txt or https://cmake.org/licensing for details.  */
   3 #include "cmCurl.h"
   4
   5 #include <cm/string_view>
   6 #include <cmext/string_view>
   7
   8 #if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) &&                    \
   9   !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
  10 #  define CMAKE_FIND_CAFILE
  11 #endif
  12 #include "cmStringAlgorithms.h"
  13 #include "cmSystemTools.h"
  14
  15 #if defined(_WIN32)
  16 #  include <vector>
  17
  18 #  include <windows.h>
  19
  20 #  include "cmsys/Encoding.hxx"
  21 #endif
  22
  23 // curl versions before 7.21.5 did not provide this error code
  24 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x071505
  25 #  define CURLE_NOT_BUILT_IN 4
  26 #endif
  27
  28 #define check_curl_result(result, errstr)                                     \
  29   do {                                                                        \
  30     if ((result) != CURLE_OK && (result) != CURLE_NOT_BUILT_IN) {             \
  31       e += e.empty() ? "" : "\n";                                             \
  32       e += (errstr);                                                          \
  33       e += ::curl_easy_strerror(result);                                      \
  34     }                                                                         \
  35   } while (false)
  36
  37 // curl versions before 7.52.0 did not provide TLS 1.3 support
  38 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400
  39 #  define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST
  40 #endif
  41
  42 // Make sure we keep up with new TLS versions supported by curl.
  43 // Do this only for our vendored curl to avoid breaking builds
  44 // against external future versions of curl.
  45 #if !defined(CMAKE_USE_SYSTEM_CURL)
  46 static_assert(CURL_SSLVERSION_LAST == 8,
  47               "A new CURL_SSLVERSION_ may be available!");
  48 #endif
  49
  50 cm::optional<int> cmCurlParseTLSVersion(cm::string_view tls_version)
  51 {
  52   cm::optional<int> v;
  53   if (tls_version == "1.0"_s) {
  54     v = CURL_SSLVERSION_TLSv1_0;
  55   } else if (tls_version == "1.1"_s) {
  56     v = CURL_SSLVERSION_TLSv1_1;
  57   } else if (tls_version == "1.2"_s) {
  58     v = CURL_SSLVERSION_TLSv1_2;
  59   } else if (tls_version == "1.3"_s) {
  60     v = CURL_SSLVERSION_TLSv1_3;
  61   }
  62   return v;
  63 }
  64
  65 cm::optional<std::string> cmCurlPrintTLSVersion(int curl_tls_version)
  66 {
  67   cm::optional<std::string> s;
  68   switch (curl_tls_version) {
  69     case CURL_SSLVERSION_TLSv1_0:
  70       s = "CURL_SSLVERSION_TLSv1_0"_s;
  71       break;
  72     case CURL_SSLVERSION_TLSv1_1:
  73       s = "CURL_SSLVERSION_TLSv1_1"_s;
  74       break;
  75     case CURL_SSLVERSION_TLSv1_2:
  76       s = "CURL_SSLVERSION_TLSv1_2"_s;
  77       break;
  78     case CURL_SSLVERSION_TLSv1_3:
  79       s = "CURL_SSLVERSION_TLSv1_3"_s;
  80       break;
  81   }
  82   return s;
  83 }
  84
  85 std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile)
  86 {
  87   std::string e;
  88   std::string env_ca;
  89   if (!cafile.empty()) {
  90     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
  91     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
  92   }
  93   /* Honor the user-configurable OpenSSL environment variables. */
  94   else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca) &&
  95            cmSystemTools::FileExists(env_ca, true)) {
  96     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, env_ca.c_str());
  97     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
  98   } else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca) &&
  99              cmSystemTools::FileIsDirectory(env_ca)) {
 100     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAPATH, env_ca.c_str());
 101     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
 102   }
 103 #ifdef CMAKE_FIND_CAFILE
 104 #  define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
 105   else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) {
 106     ::CURLcode res =
 107       ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA);
 108     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
 109   }
 110 #  undef CMAKE_CAFILE_FEDORA
 111   else {
 112 #  define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
 113     if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true)) {
 114       ::CURLcode res =
 115         ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON);
 116       check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
 117     }
 118 #  undef CMAKE_CAFILE_COMMON
 119 #  define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
 120     if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON)) {
 121       ::CURLcode res =
 122         ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON);
 123       check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
 124     }
 125 #  undef CMAKE_CAPATH_COMMON
 126   }
 127 #endif
 128   return e;
 129 }
 130
 131 std::string cmCurlSetNETRCOption(::CURL* curl, const std::string& netrc_level,
 132                                  const std::string& netrc_file)
 133 {
 134   std::string e;
 135   CURL_NETRC_OPTION curl_netrc_level = CURL_NETRC_LAST;
 136   ::CURLcode res;
 137
 138   if (!netrc_level.empty()) {
 139     if (netrc_level == "OPTIONAL") {
 140       curl_netrc_level = CURL_NETRC_OPTIONAL;
 141     } else if (netrc_level == "REQUIRED") {
 142       curl_netrc_level = CURL_NETRC_REQUIRED;
 143     } else if (netrc_level == "IGNORED") {
 144       curl_netrc_level = CURL_NETRC_IGNORED;
 145     } else {
 146       e = cmStrCat("NETRC accepts OPTIONAL, IGNORED or REQUIRED but got: ",
 147                    netrc_level);
 148       return e;
 149     }
 150   }
 151
 152   if (curl_netrc_level != CURL_NETRC_LAST &&
 153       curl_netrc_level != CURL_NETRC_IGNORED) {
 154     res = ::curl_easy_setopt(curl, CURLOPT_NETRC, curl_netrc_level);
 155     check_curl_result(res, "Unable to set netrc level: ");
 156     if (!e.empty()) {
 157       return e;
 158     }
 159
 160     // check to see if a .netrc file has been specified
 161     if (!netrc_file.empty()) {
 162       res = ::curl_easy_setopt(curl, CURLOPT_NETRC_FILE, netrc_file.c_str());
 163       check_curl_result(res, "Unable to set .netrc file path : ");
 164     }
 165   }
 166   return e;
 167 }
 168
 169 std::string cmCurlFixFileURL(std::string url)
 170 {
 171   if (!cmHasLiteralPrefix(url, "file://")) {
 172     return url;
 173   }
 174
 175   // libcurl 7.77 and below accidentally allowed spaces in URLs in some cases.
 176   // One such case was file:// URLs, which CMake has long accepted as a result.
 177   // Explicitly encode spaces for a URL.
 178   cmSystemTools::ReplaceString(url, " ", "%20");
 179
 180 #if defined(_WIN32)
 181   // libcurl doesn't support file:// urls for unicode filenames on Windows.
 182   // Convert string from UTF-8 to ACP if this is a file:// URL.
 183   std::wstring wurl = cmsys::Encoding::ToWide(url);
 184   if (!wurl.empty()) {
 185     int mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, nullptr, 0,
 186                                     nullptr, nullptr);
 187     if (mblen > 0) {
 188       std::vector<char> chars(mblen);
 189       mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, &chars[0],
 190                                   mblen, nullptr, nullptr);
 191       if (mblen > 0) {
 192         url = &chars[0];
 193       }
 194     }
 195   }
 196 #endif
 197
 198   return url;
 199 }