ctest: Require minimum TLS 1.2 by default

Issue: #25701
This commit is contained in:
Brad King
2024-09-23 14:48:30 -04:00
parent 5e1a59dc2b
commit 38390245a2
3 changed files with 12 additions and 0 deletions

View File

@@ -1560,6 +1560,10 @@ Configuration settings include:
* `CTest Script`_ variable: :variable:`CTEST_TLS_VERSION`
* :module:`CTest` module variable: ``CTEST_TLS_VERSION``
.. versionchanged:: 3.31
The default is TLS 1.2.
Previously, no minimum version was enforced by default.
``TLSVerify``
.. versionadded:: 3.30

View File

@@ -4,3 +4,7 @@ curl-tls-version
* The :command:`file(DOWNLOAD)` and :command:`file(UPLOAD)` commands now
require TLS 1.2 or higher for connections to ``https://`` URLs by default.
See the :variable:`CMAKE_TLS_VERSION` variable for details.
* The :command:`ctest_submit` command and :option:`ctest -T Submit <ctest -T>`
step now require TLS 1.2 or higher for connections to ``https://`` URLs by
default. See the :variable:`CTEST_TLS_VERSION` variable for details.

View File

@@ -16,6 +16,7 @@
namespace {
const bool TLS_VERIFY_DEFAULT = true;
const int TLS_VERSION_DEFAULT = CURL_SSLVERSION_TLSv1_2;
}
cmCTestCurl::cmCTestCurl(cmCTest* ctest)
@@ -65,6 +66,9 @@ cmCTestCurlOpts::cmCTestCurlOpts(cmCTest* ctest)
{
this->TLSVersionOpt =
cmCurlParseTLSVersion(ctest->GetCTestConfiguration("TLSVersion"));
if (!this->TLSVersionOpt.has_value()) {
this->TLSVersionOpt = TLS_VERSION_DEFAULT;
}
std::string tlsVerify = ctest->GetCTestConfiguration("TLSVerify");
if (!tlsVerify.empty()) {