1 /* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
2 file Copyright.txt or https://cmake.org/licensing for details. */
5 #include <cm/string_view>
6 #include <cmext/string_view>
8 #if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) && \
9 !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
10 # define CMAKE_FIND_CAFILE
12 #include "cmStringAlgorithms.h"
13 #include "cmSystemTools.h"
20 # include "cmsys/Encoding.hxx"
23 // curl versions before 7.21.5 did not provide this error code
24 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x071505
25 # define CURLE_NOT_BUILT_IN 4
28 #define check_curl_result(result, errstr) \
30 if ((result) != CURLE_OK && (result) != CURLE_NOT_BUILT_IN) { \
31 e += e.empty() ? "" : "\n"; \
33 e += ::curl_easy_strerror(result); \
37 // curl versions before 7.52.0 did not provide TLS 1.3 support
38 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400
39 # define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST
42 // Make sure we keep up with new TLS versions supported by curl.
43 // Do this only for our vendored curl to avoid breaking builds
44 // against external future versions of curl.
45 #if !defined(CMAKE_USE_SYSTEM_CURL)
46 static_assert(CURL_SSLVERSION_LAST
== 8,
47 "A new CURL_SSLVERSION_ may be available!");
50 cm::optional
<int> cmCurlParseTLSVersion(cm::string_view tls_version
)
53 if (tls_version
== "1.0"_s
) {
54 v
= CURL_SSLVERSION_TLSv1_0
;
55 } else if (tls_version
== "1.1"_s
) {
56 v
= CURL_SSLVERSION_TLSv1_1
;
57 } else if (tls_version
== "1.2"_s
) {
58 v
= CURL_SSLVERSION_TLSv1_2
;
59 } else if (tls_version
== "1.3"_s
) {
60 v
= CURL_SSLVERSION_TLSv1_3
;
65 cm::optional
<std::string
> cmCurlPrintTLSVersion(int curl_tls_version
)
67 cm::optional
<std::string
> s
;
68 switch (curl_tls_version
) {
69 case CURL_SSLVERSION_TLSv1_0
:
70 s
= "CURL_SSLVERSION_TLSv1_0"_s
;
72 case CURL_SSLVERSION_TLSv1_1
:
73 s
= "CURL_SSLVERSION_TLSv1_1"_s
;
75 case CURL_SSLVERSION_TLSv1_2
:
76 s
= "CURL_SSLVERSION_TLSv1_2"_s
;
78 case CURL_SSLVERSION_TLSv1_3
:
79 s
= "CURL_SSLVERSION_TLSv1_3"_s
;
85 std::string
cmCurlSetCAInfo(::CURL
* curl
, const std::string
& cafile
)
89 if (!cafile
.empty()) {
90 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, cafile
.c_str());
91 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
93 /* Honor the user-configurable OpenSSL environment variables. */
94 else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca
) &&
95 cmSystemTools::FileExists(env_ca
, true)) {
96 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, env_ca
.c_str());
97 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
98 } else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca
) &&
99 cmSystemTools::FileIsDirectory(env_ca
)) {
100 ::CURLcode res
= ::curl_easy_setopt(curl
, CURLOPT_CAPATH
, env_ca
.c_str());
101 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
103 #ifdef CMAKE_FIND_CAFILE
104 # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
105 else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA
, true)) {
107 ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, CMAKE_CAFILE_FEDORA
);
108 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
110 # undef CMAKE_CAFILE_FEDORA
112 # define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
113 if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON
, true)) {
115 ::curl_easy_setopt(curl
, CURLOPT_CAINFO
, CMAKE_CAFILE_COMMON
);
116 check_curl_result(res
, "Unable to set TLS/SSL Verify CAINFO: ");
118 # undef CMAKE_CAFILE_COMMON
119 # define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
120 if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON
)) {
122 ::curl_easy_setopt(curl
, CURLOPT_CAPATH
, CMAKE_CAPATH_COMMON
);
123 check_curl_result(res
, "Unable to set TLS/SSL Verify CAPATH: ");
125 # undef CMAKE_CAPATH_COMMON
131 std::string
cmCurlSetNETRCOption(::CURL
* curl
, const std::string
& netrc_level
,
132 const std::string
& netrc_file
)
135 CURL_NETRC_OPTION curl_netrc_level
= CURL_NETRC_LAST
;
138 if (!netrc_level
.empty()) {
139 if (netrc_level
== "OPTIONAL") {
140 curl_netrc_level
= CURL_NETRC_OPTIONAL
;
141 } else if (netrc_level
== "REQUIRED") {
142 curl_netrc_level
= CURL_NETRC_REQUIRED
;
143 } else if (netrc_level
== "IGNORED") {
144 curl_netrc_level
= CURL_NETRC_IGNORED
;
146 e
= cmStrCat("NETRC accepts OPTIONAL, IGNORED or REQUIRED but got: ",
152 if (curl_netrc_level
!= CURL_NETRC_LAST
&&
153 curl_netrc_level
!= CURL_NETRC_IGNORED
) {
154 res
= ::curl_easy_setopt(curl
, CURLOPT_NETRC
, curl_netrc_level
);
155 check_curl_result(res
, "Unable to set netrc level: ");
160 // check to see if a .netrc file has been specified
161 if (!netrc_file
.empty()) {
162 res
= ::curl_easy_setopt(curl
, CURLOPT_NETRC_FILE
, netrc_file
.c_str());
163 check_curl_result(res
, "Unable to set .netrc file path : ");
169 std::string
cmCurlFixFileURL(std::string url
)
171 if (!cmHasLiteralPrefix(url
, "file://")) {
175 // libcurl 7.77 and below accidentally allowed spaces in URLs in some cases.
176 // One such case was file:// URLs, which CMake has long accepted as a result.
177 // Explicitly encode spaces for a URL.
178 cmSystemTools::ReplaceString(url
, " ", "%20");
181 // libcurl doesn't support file:// urls for unicode filenames on Windows.
182 // Convert string from UTF-8 to ACP if this is a file:// URL.
183 std::wstring wurl
= cmsys::Encoding::ToWide(url
);
185 int mblen
= WideCharToMultiByte(CP_ACP
, 0, wurl
.c_str(), -1, nullptr, 0,
188 std::vector
<char> chars(mblen
);
189 mblen
= WideCharToMultiByte(CP_ACP
, 0, wurl
.c_str(), -1, &chars
[0],
190 mblen
, nullptr, nullptr);