Source/cmCurl.cxx - third_party/github.com/Kitware/CMake - Git at Google

 /* Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
    file LICENSE.rst or https://cmake.org/licensing for details.  */
 #include "cmCurl.h"

 #include <cm/string_view>
 #include <cmext/string_view>

 #if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) &&                    \
   !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
 #  define CMAKE_FIND_CAFILE
 #endif
 #include "cmStringAlgorithms.h"
 #include "cmSystemTools.h"

 #if defined(_WIN32)
 #  include <vector>

 #  include <windows.h>

 #  include "cmsys/Encoding.hxx"
 #endif

 // curl versions before 7.21.5 did not provide this error code
 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x071505
 #  define CURLE_NOT_BUILT_IN 4
 #endif

 #define check_curl_result(result, errstr)                                     \
   do {                                                                        \
     if ((result) != CURLE_OK && (result) != CURLE_NOT_BUILT_IN) {             \
       e += e.empty() ? "" : "\n";                                             \
       e += (errstr);                                                          \
       e += ::curl_easy_strerror(result);                                      \
     }                                                                         \
   } while (false)

 // curl versions before 7.52.0 did not provide TLS 1.3 support
 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400
 #  define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST
 #endif

 // curl versions before 7.64.1 referred to Secure Transport as DarwinSSL
 #if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x074001
 #  define CURLSSLBACKEND_SECURETRANSPORT CURLSSLBACKEND_DARWINSSL
 #endif

 // Make sure we keep up with new TLS versions supported by curl.
 // Do this only for our vendored curl to avoid breaking builds
 // against external future versions of curl.
 #if !defined(CMAKE_USE_SYSTEM_CURL)
 static_assert(CURL_SSLVERSION_LAST == 8,
               "A new CURL_SSLVERSION_ may be available!");
 #endif

 void cmCurlInitOnce()
 {
   // curl 7.56.0 introduced curl_global_sslset.
 #if defined(__APPLE__) && defined(CMAKE_USE_SYSTEM_CURL) &&                   \
   defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM >= 0x073800
   static bool initialized = false;
   if (initialized) {
     return;
   }
   initialized = true;

   cm::optional<std::string> curl_ssl_backend =
     cmSystemTools::GetEnvVar("CURL_SSL_BACKEND");
   if (!curl_ssl_backend || curl_ssl_backend->empty()) {
     curl_version_info_data* cv = curl_version_info(CURLVERSION_FIRST);
     // curl 8.3.0 through 8.5.x did not re-initialize LibreSSL correctly,
     // so prefer the Secure Transport backend by default in those versions.
     if (cv->version_num >= 0x080300 && cv->version_num < 0x080600) {
       curl_global_sslset(CURLSSLBACKEND_SECURETRANSPORT, NULL, NULL);
     }
   }
 #endif
 }

 cm::optional<int> cmCurlParseTLSVersion(cm::string_view tls_version)
 {
   cm::optional<int> v;
   if (tls_version == "1.0"_s) {
     v = CURL_SSLVERSION_TLSv1_0;
   } else if (tls_version == "1.1"_s) {
     v = CURL_SSLVERSION_TLSv1_1;
   } else if (tls_version == "1.2"_s) {
     v = CURL_SSLVERSION_TLSv1_2;
   } else if (tls_version == "1.3"_s) {
     v = CURL_SSLVERSION_TLSv1_3;
   }
   return v;
 }

 cm::optional<std::string> cmCurlPrintTLSVersion(int curl_tls_version)
 {
   cm::optional<std::string> s;
   switch (curl_tls_version) {
     case CURL_SSLVERSION_TLSv1_0:
       s = "CURL_SSLVERSION_TLSv1_0"_s;
       break;
     case CURL_SSLVERSION_TLSv1_1:
       s = "CURL_SSLVERSION_TLSv1_1"_s;
       break;
     case CURL_SSLVERSION_TLSv1_2:
       s = "CURL_SSLVERSION_TLSv1_2"_s;
       break;
     case CURL_SSLVERSION_TLSv1_3:
       s = "CURL_SSLVERSION_TLSv1_3"_s;
       break;
   }
   return s;
 }

 std::string cmCurlSetCAInfo(::CURL* curl, std::string const& cafile)
 {
   std::string e;
   std::string env_ca;
   if (!cafile.empty()) {
     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
   }
   /* Honor the user-configurable OpenSSL environment variables. */
   else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca) &&
            cmSystemTools::FileExists(env_ca, true)) {
     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, env_ca.c_str());
     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
   } else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca) &&
              cmSystemTools::FileIsDirectory(env_ca)) {
     ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAPATH, env_ca.c_str());
     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
   }
 #ifdef CMAKE_FIND_CAFILE
 #  define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
   else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) {
     ::CURLcode res =
       ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA);
     check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
   }
 #  undef CMAKE_CAFILE_FEDORA
   else {
 #  define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
     if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true)) {
       ::CURLcode res =
         ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON);
       check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
     }
 #  undef CMAKE_CAFILE_COMMON
 #  define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
     if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON)) {
       ::CURLcode res =
         ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON);
       check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
     }
 #  undef CMAKE_CAPATH_COMMON
 #  ifdef _AIX
 #    define CMAKE_CAPATH_AIX "/var/ssl/certs"
     if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_AIX)) {
       ::CURLcode res =
         ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_AIX);
       check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
     }
 #    undef CMAKE_CAPATH_AIX
 #  endif
 #  ifdef __sun
 #    define CMAKE_CAPATH_SUNOS_CSW "/etc/opt/csw/ssl/certs"
     if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_SUNOS_CSW)) {
       ::CURLcode res =
         ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_SUNOS_CSW);
       check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
     }
 #    undef CMAKE_CAPATH_SUNOS_CSW
 #  endif
   }
 #endif
   return e;
 }

 std::string cmCurlSetNETRCOption(::CURL* curl, std::string const& netrc_level,
                                  std::string const& netrc_file)
 {
   std::string e;
   long curl_netrc_level = CURL_NETRC_LAST;
   ::CURLcode res;

   if (!netrc_level.empty()) {
     if (netrc_level == "OPTIONAL") {
       curl_netrc_level = CURL_NETRC_OPTIONAL;
     } else if (netrc_level == "REQUIRED") {
       curl_netrc_level = CURL_NETRC_REQUIRED;
     } else if (netrc_level == "IGNORED") {
       curl_netrc_level = CURL_NETRC_IGNORED;
     } else {
       e = cmStrCat("NETRC accepts OPTIONAL, IGNORED or REQUIRED but got: ",
                    netrc_level);
       return e;
     }
   }

   if (curl_netrc_level != CURL_NETRC_LAST &&
       curl_netrc_level != CURL_NETRC_IGNORED) {
     res = ::curl_easy_setopt(curl, CURLOPT_NETRC, curl_netrc_level);
     check_curl_result(res, "Unable to set netrc level: ");
     if (!e.empty()) {
       return e;
     }

     // check to see if a .netrc file has been specified
     if (!netrc_file.empty()) {
       res = ::curl_easy_setopt(curl, CURLOPT_NETRC_FILE, netrc_file.c_str());
       check_curl_result(res, "Unable to set .netrc file path : ");
     }
   }
   return e;
 }

 std::string cmCurlFixFileURL(std::string url)
 {
   if (!cmHasLiteralPrefix(url, "file://")) {
     return url;
   }

   // libcurl 7.77 and below accidentally allowed spaces in URLs in some cases.
   // One such case was file:// URLs, which CMake has long accepted as a result.
   // Explicitly encode spaces for a URL.
   cmSystemTools::ReplaceString(url, " ", "%20");

 #if defined(_WIN32)
   // libcurl doesn't support file:// urls for unicode filenames on Windows.
   // Convert string from UTF-8 to ACP if this is a file:// URL.
   std::wstring wurl = cmsys::Encoding::ToWide(url);
   if (!wurl.empty()) {
     int mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, nullptr, 0,
                                     nullptr, nullptr);
     if (mblen > 0) {
       std::vector<char> chars(mblen);
       mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, &chars[0],
                                   mblen, nullptr, nullptr);
       if (mblen > 0) {
         url = &chars[0];
       }
     }
   }
 #endif

   return url;
 }

 ::CURL* cm_curl_easy_init()
 {
   ::CURL* curl = curl_easy_init();
   if (curl_version_info_data* cv = curl_version_info(CURLVERSION_FIRST)) {
     // curl 8.7.x returns incorrect HTTP/2 error codes.
     if (cv->version_num >= 0x080700 && cv->version_num < 0x080800) {
       curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
     }
   }
   return curl;
 }
	/* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
	file LICENSE.rst or https://cmake.org/licensing for details. */
	#include "cmCurl.h"

	#include <cm/string_view>
	#include <cmext/string_view>

	#if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) && \
	!defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH)
	# define CMAKE_FIND_CAFILE
	#endif
	#include "cmStringAlgorithms.h"
	#include "cmSystemTools.h"

	#if defined(_WIN32)
	# include <vector>

	# include <windows.h>

	# include "cmsys/Encoding.hxx"
	#endif

	// curl versions before 7.21.5 did not provide this error code
	#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x071505
	# define CURLE_NOT_BUILT_IN 4
	#endif

	#define check_curl_result(result, errstr) \
	do { \
	if ((result) != CURLE_OK && (result) != CURLE_NOT_BUILT_IN) { \
	e += e.empty() ? "" : "\n"; \
	e += (errstr); \
	e += ::curl_easy_strerror(result); \
	} \
	} while (false)

	// curl versions before 7.52.0 did not provide TLS 1.3 support
	#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x073400
	# define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST
	#endif

	// curl versions before 7.64.1 referred to Secure Transport as DarwinSSL
	#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x074001
	# define CURLSSLBACKEND_SECURETRANSPORT CURLSSLBACKEND_DARWINSSL
	#endif

	// Make sure we keep up with new TLS versions supported by curl.
	// Do this only for our vendored curl to avoid breaking builds
	// against external future versions of curl.
	#if !defined(CMAKE_USE_SYSTEM_CURL)
	static_assert(CURL_SSLVERSION_LAST == 8,
	"A new CURL_SSLVERSION_ may be available!");
	#endif

	void cmCurlInitOnce()
	{
	// curl 7.56.0 introduced curl_global_sslset.
	#if defined(__APPLE__) && defined(CMAKE_USE_SYSTEM_CURL) && \
	defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM >= 0x073800
	static bool initialized = false;
	if (initialized) {
	return;
	}
	initialized = true;

	cm::optional<std::string> curl_ssl_backend =
	cmSystemTools::GetEnvVar("CURL_SSL_BACKEND");
	if (!curl_ssl_backend \|\| curl_ssl_backend->empty()) {
	curl_version_info_data* cv = curl_version_info(CURLVERSION_FIRST);
	// curl 8.3.0 through 8.5.x did not re-initialize LibreSSL correctly,
	// so prefer the Secure Transport backend by default in those versions.
	if (cv->version_num >= 0x080300 && cv->version_num < 0x080600) {
	curl_global_sslset(CURLSSLBACKEND_SECURETRANSPORT, NULL, NULL);
	}
	}
	#endif
	}

	cm::optional<int> cmCurlParseTLSVersion(cm::string_view tls_version)
	{
	cm::optional<int> v;
	if (tls_version == "1.0"_s) {
	v = CURL_SSLVERSION_TLSv1_0;
	} else if (tls_version == "1.1"_s) {
	v = CURL_SSLVERSION_TLSv1_1;
	} else if (tls_version == "1.2"_s) {
	v = CURL_SSLVERSION_TLSv1_2;
	} else if (tls_version == "1.3"_s) {
	v = CURL_SSLVERSION_TLSv1_3;
	}
	return v;
	}

	cm::optional<std::string> cmCurlPrintTLSVersion(int curl_tls_version)
	{
	cm::optional<std::string> s;
	switch (curl_tls_version) {
	case CURL_SSLVERSION_TLSv1_0:
	s = "CURL_SSLVERSION_TLSv1_0"_s;
	break;
	case CURL_SSLVERSION_TLSv1_1:
	s = "CURL_SSLVERSION_TLSv1_1"_s;
	break;
	case CURL_SSLVERSION_TLSv1_2:
	s = "CURL_SSLVERSION_TLSv1_2"_s;
	break;
	case CURL_SSLVERSION_TLSv1_3:
	s = "CURL_SSLVERSION_TLSv1_3"_s;
	break;
	}
	return s;
	}

	std::string cmCurlSetCAInfo(::CURL* curl, std::string const& cafile)
	{
	std::string e;
	std::string env_ca;
	if (!cafile.empty()) {
	::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
	check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
	}
	/* Honor the user-configurable OpenSSL environment variables. */
	else if (cmSystemTools::GetEnv("SSL_CERT_FILE", env_ca) &&
	cmSystemTools::FileExists(env_ca, true)) {
	::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, env_ca.c_str());
	check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
	} else if (cmSystemTools::GetEnv("SSL_CERT_DIR", env_ca) &&
	cmSystemTools::FileIsDirectory(env_ca)) {
	::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAPATH, env_ca.c_str());
	check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
	}
	#ifdef CMAKE_FIND_CAFILE
	# define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt"
	else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) {
	::CURLcode res =
	::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA);
	check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
	}
	# undef CMAKE_CAFILE_FEDORA
	else {
	# define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt"
	if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true)) {
	::CURLcode res =
	::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON);
	check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
	}
	# undef CMAKE_CAFILE_COMMON
	# define CMAKE_CAPATH_COMMON "/etc/ssl/certs"
	if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON)) {
	::CURLcode res =
	::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON);
	check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
	}
	# undef CMAKE_CAPATH_COMMON
	# ifdef _AIX
	# define CMAKE_CAPATH_AIX "/var/ssl/certs"
	if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_AIX)) {
	::CURLcode res =
	::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_AIX);
	check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
	}
	# undef CMAKE_CAPATH_AIX
	# endif
	# ifdef __sun
	# define CMAKE_CAPATH_SUNOS_CSW "/etc/opt/csw/ssl/certs"
	if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_SUNOS_CSW)) {
	::CURLcode res =
	::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_SUNOS_CSW);
	check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: ");
	}
	# undef CMAKE_CAPATH_SUNOS_CSW
	# endif
	}
	#endif
	return e;
	}

	std::string cmCurlSetNETRCOption(::CURL* curl, std::string const& netrc_level,
	std::string const& netrc_file)
	{
	std::string e;
	long curl_netrc_level = CURL_NETRC_LAST;
	::CURLcode res;

	if (!netrc_level.empty()) {
	if (netrc_level == "OPTIONAL") {
	curl_netrc_level = CURL_NETRC_OPTIONAL;
	} else if (netrc_level == "REQUIRED") {
	curl_netrc_level = CURL_NETRC_REQUIRED;
	} else if (netrc_level == "IGNORED") {
	curl_netrc_level = CURL_NETRC_IGNORED;
	} else {
	e = cmStrCat("NETRC accepts OPTIONAL, IGNORED or REQUIRED but got: ",
	netrc_level);
	return e;
	}
	}

	if (curl_netrc_level != CURL_NETRC_LAST &&
	curl_netrc_level != CURL_NETRC_IGNORED) {
	res = ::curl_easy_setopt(curl, CURLOPT_NETRC, curl_netrc_level);
	check_curl_result(res, "Unable to set netrc level: ");
	if (!e.empty()) {
	return e;
	}

	// check to see if a .netrc file has been specified
	if (!netrc_file.empty()) {
	res = ::curl_easy_setopt(curl, CURLOPT_NETRC_FILE, netrc_file.c_str());
	check_curl_result(res, "Unable to set .netrc file path : ");
	}
	}
	return e;
	}

	std::string cmCurlFixFileURL(std::string url)
	{
	if (!cmHasLiteralPrefix(url, "file://")) {
	return url;
	}

	// libcurl 7.77 and below accidentally allowed spaces in URLs in some cases.
	// One such case was file:// URLs, which CMake has long accepted as a result.
	// Explicitly encode spaces for a URL.
	cmSystemTools::ReplaceString(url, " ", "%20");

	#if defined(_WIN32)
	// libcurl doesn't support file:// urls for unicode filenames on Windows.
	// Convert string from UTF-8 to ACP if this is a file:// URL.
	std::wstring wurl = cmsys::Encoding::ToWide(url);
	if (!wurl.empty()) {
	int mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, nullptr, 0,
	nullptr, nullptr);
	if (mblen > 0) {
	std::vector<char> chars(mblen);
	mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1, &chars[0],
	mblen, nullptr, nullptr);
	if (mblen > 0) {
	url = &chars[0];
	}
	}
	}
	#endif

	return url;
	}

	::CURL* cm_curl_easy_init()
	{
	::CURL* curl = curl_easy_init();
	if (curl_version_info_data* cv = curl_version_info(CURLVERSION_FIRST)) {
	// curl 8.7.x returns incorrect HTTP/2 error codes.
	if (cv->version_num >= 0x080700 && cv->version_num < 0x080800) {
	curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
	}
	}
	return curl;
	}