Package: cmake Version: 2.8.9-1 Severity: normal I have recently discovered that CMake support for SSL downloads is fragile, and the Debian version does not work correctly because of that issue.
Here is a simple script to illustrate this issue for the Debian version of cmake. software@raven> cat test.cmake file(DOWNLOAD "http://download.gnome.org/sources/glib/2.32/glib-2.32.1.tar.xz" "${CMAKE_SOURCE_DIR}/cmake_downloaded_glib-2.32.1.tar.xz" SHOW_PROGRESS STATUS status) message(STATUS "Download status = ${status}") software@raven> /usr/bin/cmake -P test.cmake -- [download 0% complete] -- Download status = 35;"SSL connect error" Using these alternatives works fine to download that tarball software@raven> wget http://download.gnome.org/sources/glib/2.32/glib-2.32.1.tar.xz software@raven> curl -o curl-glib-2.32.1.tar.xz -L \ http://download.gnome.org/sources/glib/2.32/glib-2.32.1.tar.xz If you look closer at the wget result there is a redirect through an https URL, and that use of SSL is the cause of the above SSL connect error. So why does the curl executable work, but not the cmake file(DOWNLOAD ... command? If you look closely, curl is linked to libcurl.so (which in turn is linked to openssl). While cmake is linked to libcurl_gnutls.so instead which is linked to libgnutls for its SSL support. When I built cmake (version 2.8.10.2) against libcurl_gnutls.so I got the same "SSL connect error" for the above test. Note, however, when I built cmake against libcurl.so, the file(DOWNLOAD command of the above test succeeded without issues! So there appears to be a basic incompatibility between cmake and libcurl_gnutls.so, and the obvious cure (which I recommend) is to build cmake against libcurl.so rather than libcurl_gnutls.so. The other issue, of course, is upstream CMake should not be this sensitive to SSL library issues. It should either blacklist libcurl_gnutls.so or else solve the above "SSL connect error" incompatibility with libcurl_gnutls.so. There is an on-going thread about the sensitivity of CMake to the SSL library on the cmake-devel list which I have summarized today at http://public.kitware.com/pipermail/cmake-developers/2013-July/007759.html. -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cmake depends on: ii cmake-data 2.8.9-1 ii libarchive12 3.0.4-3+nmu1 ii libc6 2.13-38 ii libcurl3-gnutls 7.26.0-1+wheezy3 ii libexpat1 2.1.0-1 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 ii libxmlrpc-core-c3 1.16.33-3.2 ii procps 1:3.3.3-3 ii zlib1g 1:1.2.7.dfsg-13 cmake recommends no packages. Versions of packages cmake suggests: ii gcc 4:4.7.2-1 ii make 3.81-8.2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org