file(DOWNLOAD) error with macOS system curl
This issue turned up in the past few weeks, I think it is related to a macOS update. I have a CMake thing which ends up requesting the same URL twice (with file(DOWNLOAD) and TLS_VERIFY=ON) and the second time I always get an SSL error (rather than a 404 as expected).
- I am on macOS 14.2 (23C64)
- curl from brew fails, curl built from source succeeds, curl from source with --system-curl fails
% otool -L ./bin/cmake
./bin/cmake:
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
/usr/lib/libbz2.1.0.dylib (compatibility version 1.0.0, current version 1.0.8)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.12)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 2202.0.0)
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices (compatibility version 1.0.0, current version 1226.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 1600.157.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1336.61.1)
This issue can be reproduced with
cmake_minimum_required(VERSION 3.15)
message(STATUS "TRY 1")
file(DOWNLOAD "https://raw.githubusercontent.com/cpp-pm/hunter-cache/master/8fd7dea/GTest/1.14.0/2b28c2a/297e0ef/4830b34/e5fa44f/basic-deps.DONE" "${CMAKE_CURRENT_BINARY_DIR}/basic-deps.DONE" TLS_VERIFY ON STATUS status LOG log)
message("STATUS: ${status}")
message("LOG: ${log}")
message(STATUS "TRY 2")
file(DOWNLOAD "https://raw.githubusercontent.com/cpp-pm/hunter-cache/master/8fd7dea/GTest/1.14.0/2b28c2a/297e0ef/4830b34/e5fa44f/basic-deps.DONE" "${CMAKE_CURRENT_BINARY_DIR}/basic-deps.DONE.2" TLS_VERIFY ON STATUS status LOG log)
message("STATUS: ${status}")
message("LOG: ${log}")
Correct behaviour is to get a 404 each time, incorrect is that the second request gets
STATUS: 35;"SSL connect error"
LOG: Trying 185.199.111.133:443...
Connected to raw.githubusercontent.com (185.199.111.133) port 443
ALPN: curl offers h2,http/1.1
(304) (OUT), TLS handshake, Client hello (1):
[330 bytes data]
CAfile: /etc/ssl/cert.pem
CApath: none
(304) (IN), TLS handshake, Server hello (2):
[122 bytes data]
(304) (IN), TLS handshake, Unknown (8):
[19 bytes data]
(304) (IN), TLS handshake, Certificate (11):
[3050 bytes data]
LibreSSL/3.3.6: error:0DFFF0A1:lib(13):func(4095):reason(161)
Closing connection