diff options
author | Simon Warta <simon@kullo.net> | 2017-05-02 00:12:55 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-05-21 23:19:59 +0200 |
commit | 6a9489dc4512bf92e121d7bc08924e2922ababc0 (patch) | |
tree | 4be8d2e0f868a6f829a92d0cf4572c934e1be26f /CMakeLists.txt | |
parent | 8256cce2c7ae2b13fc4790ab08623cee17ac612c (diff) | |
download | curl-6a9489dc4512bf92e121d7bc08924e2922ababc0.tar.gz |
cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
Closes #1461
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r-- | CMakeLists.txt | 63 |
1 files changed, 53 insertions, 10 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index a7c2f7400..25abe354a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -633,22 +633,65 @@ set(CURL_CA_FALLBACK OFF CACHE BOOL set(CURL_CA_PATH "auto" CACHE STRING "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") -if("${CURL_CA_BUNDLE}" STREQUAL "none") +if("${CURL_CA_BUNDLE}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") +elseif("${CURL_CA_BUNDLE}" STREQUAL "none") unset(CURL_CA_BUNDLE CACHE) elseif("${CURL_CA_BUNDLE}" STREQUAL "auto") - # TODO: implement - message(SEND_ERROR "Auto mode not implemented for CURL_CA_BUNDLE") -elseif("${CURL_CA_BUNDLE}" STREQUAL "") - message(SEND_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or path.") + unset(CURL_CA_BUNDLE CACHE) + set(CURL_CA_BUNDLE_AUTODETECT TRUE) +else() + set(CURL_CA_BUNDLE_SET TRUE) endif() -if("${CURL_CA_PATH}" STREQUAL "none") +if("${CURL_CA_PATH}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") +elseif("${CURL_CA_PATH}" STREQUAL "none") unset(CURL_CA_PATH CACHE) elseif("${CURL_CA_PATH}" STREQUAL "auto") - # TODO: implement - message(SEND_ERROR "Auto mode not implemented for CURL_CA_PATH") -elseif("${CURL_CA_PATH}" STREQUAL "") - message(SEND_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or path.") + unset(CURL_CA_PATH CACHE) + set(CURL_CA_PATH_AUTODETECT TRUE) +else() + set(CURL_CA_PATH_SET TRUE) +endif() + +if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) + # Skip autodetection of unset CA path because CA bundle is set explicitly +elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) + # Skip autodetection of unset CA bundle because CA path is set explicitly +elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT) + # first try autodetecting a CA bundle, then a CA path + + if(CURL_CA_BUNDLE_AUTODETECT) + set(SEARCH_CA_BUNDLE_PATHS + /etc/ssl/certs/ca-certificates.crt + /etc/pki/tls/certs/ca-bundle.crt + /usr/share/ssl/certs/ca-bundle.crt + /usr/local/share/certs/ca-root-nss.crt + /etc/ssl/cert.pem) + + foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS}) + if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") + message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE_SET TRUE CACHE) + break() + endif() + endforeach() + endif() + + if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET)) + if(EXISTS "/etc/ssl/certs") + set(CURL_CA_PATH "/etc/ssl/certs") + set(CURL_CA_PATH_SET TRUE CACHE) + endif() + endif() +endif() + +if(CURL_CA_PATH_SET AND NOT (USE_OPENSSL OR GNUTLS_ENABLED)) + message(FATAL_ERROR + "CA path only supported by OpenSSL, GnuTLS or PolarSSL. " + "Set CURL_CA_PATH=none or enable one of those TLS backends.") endif() |