CMAKE_TLS_VERIFY global

October 10, 2024

TLS verification default is ON since CMake 3.31. Users can override this default for all projects with environment variable CMAKE_TLS_VERIFY. or per-project with CMake variable CMAKE_TLS_VERIFY. The default TLS version may be set by CMAKE_TLS_VERSION. If the system TLS certificate location needs to be specified, this can be done by CMAKE_TLS_CAINFO.

Meson build system uses TLS verification by default, warning if verification fails. TLS verification is part of CMake’s internal nightly testing.

The example uses badssl.com, that purposefully has a variety of certificate problem URLs.

---

Reference: Issues that would have been caught with this default

• https://gitlab.kitware.com/cmake/cmake/-/issues/24147
• https://gitlab.kitware.com/cmake/cmake/-/issues/24398