From 6a9489dc4512bf92e121d7bc08924e2922ababc0 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 2 May 2017 00:12:55 +0200 Subject: [PATCH] cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH Closes #1461 --- CMakeLists.txt | 63 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 53 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a7c2f7400..25abe354a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -633,22 +633,65 @@ set(CURL_CA_FALLBACK OFF CACHE BOOL set(CURL_CA_PATH "auto" CACHE STRING "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") -if("${CURL_CA_BUNDLE}" STREQUAL "none") +if("${CURL_CA_BUNDLE}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") +elseif("${CURL_CA_BUNDLE}" STREQUAL "none") unset(CURL_CA_BUNDLE CACHE) elseif("${CURL_CA_BUNDLE}" STREQUAL "auto") - # TODO: implement - message(SEND_ERROR "Auto mode not implemented for CURL_CA_BUNDLE") -elseif("${CURL_CA_BUNDLE}" STREQUAL "") - message(SEND_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or path.") + unset(CURL_CA_BUNDLE CACHE) + set(CURL_CA_BUNDLE_AUTODETECT TRUE) +else() + set(CURL_CA_BUNDLE_SET TRUE) endif() -if("${CURL_CA_PATH}" STREQUAL "none") +if("${CURL_CA_PATH}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") +elseif("${CURL_CA_PATH}" STREQUAL "none") unset(CURL_CA_PATH CACHE) elseif("${CURL_CA_PATH}" STREQUAL "auto") - # TODO: implement - message(SEND_ERROR "Auto mode not implemented for CURL_CA_PATH") -elseif("${CURL_CA_PATH}" STREQUAL "") - message(SEND_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or path.") + unset(CURL_CA_PATH CACHE) + set(CURL_CA_PATH_AUTODETECT TRUE) +else() + set(CURL_CA_PATH_SET TRUE) +endif() + +if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) + # Skip autodetection of unset CA path because CA bundle is set explicitly +elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) + # Skip autodetection of unset CA bundle because CA path is set explicitly +elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT) + # first try autodetecting a CA bundle, then a CA path + + if(CURL_CA_BUNDLE_AUTODETECT) + set(SEARCH_CA_BUNDLE_PATHS + /etc/ssl/certs/ca-certificates.crt + /etc/pki/tls/certs/ca-bundle.crt + /usr/share/ssl/certs/ca-bundle.crt + /usr/local/share/certs/ca-root-nss.crt + /etc/ssl/cert.pem) + + foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS}) + if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") + message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE_SET TRUE CACHE) + break() + endif() + endforeach() + endif() + + if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET)) + if(EXISTS "/etc/ssl/certs") + set(CURL_CA_PATH "/etc/ssl/certs") + set(CURL_CA_PATH_SET TRUE CACHE) + endif() + endif() +endif() + +if(CURL_CA_PATH_SET AND NOT (USE_OPENSSL OR GNUTLS_ENABLED)) + message(FATAL_ERROR + "CA path only supported by OpenSSL, GnuTLS or PolarSSL. " + "Set CURL_CA_PATH=none or enable one of those TLS backends.") endif()