cmake: Use a default CA path when not using system curl

When using system curl, we trust it to be configured with desired CA
certs.  When using our own build of curl, we use os-configured CA certs
on Windows and OS X.  On other systems, try to achieve this by searching
for common CA cert locations.  According to a brief investigation, the
curl packages on popular Linux distros are currently configured as:

* Arch: /etc/ssl/certs/ca-certificates.crt
* Debian with OpenSSL: /etc/ssl/certs
* Debian with GNU TLS: /etc/ssl/certs/ca-certificates.crt
* Debian with NSS: /etc/ssl/certs/ca-certificates.crt
* Fedora: /etc/pki/tls/certs/ca-bundle.crt
* Gentoo with OpenSSL: /etc/ssl/certs
* Gentoo without OpenSSL: /etc/ssl/certs/ca-certificates.crt

Teach CMake and CTest to look for these paths and use them as a CA path
or bundle when no other os-configured or user-specified CAs are
available.

1 files changed, 5 insertions, 4 deletions

diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 2c92db2472..f12529215d 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -20,7 +20,7 @@
 #include "cmTimestamp.h"
 
 #if defined(CMAKE_BUILD_WITH_CMAKE)
-#include "cm_curl.h"
+#include "cmCurl.h"
 #include "cmFileLockResult.h"
 #endif
 
@@ -3068,10 +3068,11 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
     }
   // check to see if a CAINFO file has been specified
   // command arg comes first
-  if(cainfo && *cainfo)
+  std::string const& cainfo_err = cmCurlSetCAInfo(curl, cainfo);
+  if (!cainfo_err.empty())
     {
-    res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
-    check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: ");
+    this->SetError(cainfo_err);
+    return false;
     }
 
   cmFileCommandVectorOfChar chunkDebug;