By default commands such as "ctest" would not look for certificates at all: . This changes CMake such that commands honor SSL_CERT_FILE and SSL_CERT_DIR as well as /etc/ssl/certs. diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index 28ee24dfe9..6b2bb09ff5 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -2,10 +2,7 @@ file Copyright.txt or https://cmake.org/licensing for details. */ #include "cmCurl.h" -#if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) && \ - !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH) # define CMAKE_FIND_CAFILE -#endif #include "cmStringAlgorithms.h" #include "cmSystemTools.h" @@ -38,6 +35,19 @@ std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile) ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str()); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } + + /* Honor the usual environment variables. */ + else if (cmSystemTools::GetEnv("SSL_CERT_FILE", e)) { + ::CURLcode res = + ::curl_easy_setopt(curl, CURLOPT_CAINFO, e.c_str()); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } + else if (cmSystemTools::GetEnv("SSL_CERT_DIR", e)) { + ::CURLcode res = + ::curl_easy_setopt(curl, CURLOPT_CAPATH, e.c_str()); + check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); + } + #ifdef CMAKE_FIND_CAFILE # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt" else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) {