Merge topic 'tls-verify'
99a6cb0538 ci: Host our own URL to test expected TLS_VERIFY failure
acb84096ca Tests/RunCMake/file-DOWNLOAD: Add option to control TLS_VERIFY failure URL
Acked-by: Kitware Robot <kwrobot@kitware.com>
Merge-request: !9495
diff --git a/.gitlab/ci/configure_debian12_aarch64_ninja.cmake b/.gitlab/ci/configure_debian12_aarch64_ninja.cmake
index 24be975..0ebf604 100644
--- a/.gitlab/ci/configure_debian12_aarch64_ninja.cmake
+++ b/.gitlab/ci/configure_debian12_aarch64_ninja.cmake
@@ -98,6 +98,7 @@
set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "")
set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
set(CMake_TEST_UseSWIG "ON" CACHE BOOL "")
diff --git a/.gitlab/ci/configure_debian12_ninja_common.cmake b/.gitlab/ci/configure_debian12_ninja_common.cmake
index 98ae771..0e2ecce 100644
--- a/.gitlab/ci/configure_debian12_ninja_common.cmake
+++ b/.gitlab/ci/configure_debian12_ninja_common.cmake
@@ -106,6 +106,7 @@
set(CMake_TEST_JQ "/usr/bin/jq" CACHE PATH "")
set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
if (NOT "$ENV{SWIFTC}" STREQUAL "")
diff --git a/.gitlab/ci/configure_fedora40_makefiles.cmake b/.gitlab/ci/configure_fedora40_makefiles.cmake
index 478ba11..21a5be5 100644
--- a/.gitlab/ci/configure_fedora40_makefiles.cmake
+++ b/.gitlab/ci/configure_fedora40_makefiles.cmake
@@ -109,6 +109,7 @@
endif()
set(CMake_TEST_Qt5 "ON" CACHE BOOL "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
set(CMake_TEST_UseSWIG "ON" CACHE BOOL "")
diff --git a/.gitlab/ci/configure_fedora40_ninja.cmake b/.gitlab/ci/configure_fedora40_ninja.cmake
index b16e928..ae968a3 100644
--- a/.gitlab/ci/configure_fedora40_ninja.cmake
+++ b/.gitlab/ci/configure_fedora40_ninja.cmake
@@ -4,6 +4,7 @@
endif()
set(CMake_TEST_MODULE_COMPILATION "named,compile_commands,collation,partitions,internal_partitions,export_bmi,install_bmi,shared,bmionly" CACHE STRING "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
# "Release" flags without "-DNDEBUG" so we get assertions.
diff --git a/.gitlab/ci/configure_macos_arm64_ninja.cmake b/.gitlab/ci/configure_macos_arm64_ninja.cmake
index 672f5d4..9611f0b 100644
--- a/.gitlab/ci/configure_macos_arm64_ninja.cmake
+++ b/.gitlab/ci/configure_macos_arm64_ninja.cmake
@@ -7,6 +7,7 @@
set(CMake_TEST_FindOpenMP_CXX "ON" CACHE BOOL "")
set(CMake_TEST_GUI "ON" CACHE BOOL "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
diff --git a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake
index f0bf1c0..ed25f68 100644
--- a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake
+++ b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake
@@ -7,6 +7,7 @@
set(CMake_TEST_ISPC "ON" CACHE STRING "")
endif()
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
diff --git a/.gitlab/ci/configure_macos_x86_64_ninja.cmake b/.gitlab/ci/configure_macos_x86_64_ninja.cmake
index 8fdaba8..0feafa2 100644
--- a/.gitlab/ci/configure_macos_x86_64_ninja.cmake
+++ b/.gitlab/ci/configure_macos_x86_64_ninja.cmake
@@ -10,6 +10,7 @@
set(CMake_TEST_ISPC "ON" CACHE STRING "")
endif()
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
diff --git a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake
index cd9780b..64a8913 100644
--- a/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake
+++ b/.gitlab/ci/configure_windows_arm64_vs2022_ninja.cmake
@@ -4,6 +4,7 @@
set(CMAKE_PREFIX_PATH "" CACHE STRING "")
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake")
diff --git a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake
index e449d80..8b92bb2 100644
--- a/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake
+++ b/.gitlab/ci/configure_windows_vs2022_x64_ninja.cmake
@@ -8,6 +8,7 @@
endif()
set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
+set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
include("${CMAKE_CURRENT_LIST_DIR}/configure_windows_msvc_cxx_modules_common.cmake")
diff --git a/Tests/RunCMake/CMakeLists.txt b/Tests/RunCMake/CMakeLists.txt
index 192675e..20d27d3 100644
--- a/Tests/RunCMake/CMakeLists.txt
+++ b/Tests/RunCMake/CMakeLists.txt
@@ -565,6 +565,7 @@
foreach(var
CMake_TEST_NO_NETWORK
CMake_TEST_TLS_VERIFY_URL
+ CMake_TEST_TLS_VERIFY_URL_BAD
CMake_TEST_TLS_VERSION
)
if(DEFINED ${var})
diff --git a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake
index 33f519f..5e0310b 100644
--- a/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake
+++ b/Tests/RunCMake/file-DOWNLOAD/RunCMakeTest.cmake
@@ -27,9 +27,11 @@
endif()
run_cmake_with_options(TLS_VERSION-bad)
+if(CMake_TEST_TLS_VERIFY_URL_BAD)
+ run_cmake_with_options(TLS_VERIFY-bad -Durl=${CMake_TEST_TLS_VERIFY_URL_BAD})
+endif()
if(CMake_TEST_TLS_VERIFY_URL)
- run_cmake(TLS_VERIFY-bad)
run_cmake_with_options(TLS_VERIFY-good -Durl=${CMake_TEST_TLS_VERIFY_URL})
if(CMake_TEST_TLS_VERSION)
run_cmake_with_options(TLS_VERSION-good -Durl=${CMake_TEST_TLS_VERIFY_URL} -Dtls_version=${CMake_TEST_TLS_VERSION})
diff --git a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake
index a90c2f4..7d50ece 100644
--- a/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake
+++ b/Tests/RunCMake/file-DOWNLOAD/TLS_VERIFY-bad.cmake
@@ -1,5 +1,6 @@
function(download case)
- file(DOWNLOAD https://expired.badssl.com ${ARGN} STATUS status LOG log)
+ # URL with semantics like https://expired.badssl.com is provided by caller
+ file(DOWNLOAD ${url} ${ARGN} STATUS status LOG log)
message(STATUS "${case}: ${status}")
if(case MATCHES "1$" AND NOT status MATCHES "^(35|60);")
message("${log}")
