diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2018-09-15 14:45:54 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2018-09-15 14:45:54 +0200 |
| commit | 0e56377e96ee492cc30de9ad2e6e9242737f4dbd (patch) | |
| tree | 2f2a60a28e21b5b8f90218b2f8df18ecc4fa6c09 | |
| parent | d2b38aabecd8f9bac5c050841f730ccbe07538f2 (diff) | |
Allow system certs file to be used by Editor.
Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
| -rw-r--r-- | SConstruct | 1 | ||||
| -rw-r--r-- | core/SCsub | 2 | ||||
| -rw-r--r-- | core/core_builders.py | 4 | ||||
| -rw-r--r-- | core/io/stream_peer_ssl.cpp | 41 | ||||
| -rw-r--r-- | core/io/stream_peer_ssl.h | 5 | ||||
| -rw-r--r-- | editor/editor_settings.cpp | 5 | ||||
| -rw-r--r-- | main/main.cpp | 16 | ||||
| -rwxr-xr-x | modules/mbedtls/stream_peer_mbed_tls.cpp | 8 |
8 files changed, 59 insertions, 23 deletions
diff --git a/SConstruct b/SConstruct index 7faf6c54b8..1c55e0be93 100644 --- a/SConstruct +++ b/SConstruct @@ -169,6 +169,7 @@ opts.Add(BoolVariable('progress', "Show a progress indicator during compilation" opts.Add(BoolVariable('dev', "If yes, alias for verbose=yes warnings=all", False)) opts.Add(EnumVariable('macports_clang', "Build using Clang from MacPorts", 'no', ('no', '5.0', 'devel'))) opts.Add(BoolVariable('no_editor_splash', "Don't use the custom splash screen for the editor", False)) +opts.Add('system_certs_path', "Use this path as SSL certificates default for editor (for package maintainers)", '') # Thirdparty libraries opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True)) diff --git a/core/SCsub b/core/SCsub index 8012ed132c..6746cc871a 100644 --- a/core/SCsub +++ b/core/SCsub @@ -94,7 +94,7 @@ if 'builtin_zstd' in env and env['builtin_zstd']: env.add_source_files(env.core_sources, "*.cpp") # Certificates -env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs'])]) +env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs']), env.Value(env['system_certs_path'])]) env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header)) # Make binders diff --git a/core/core_builders.py b/core/core_builders.py index 7b2f88a242..f3a9e3b221 100644 --- a/core/core_builders.py +++ b/core/core_builders.py @@ -21,6 +21,10 @@ def make_certs_header(target, source, env): g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") g.write("#ifndef _CERTS_RAW_H\n") g.write("#define _CERTS_RAW_H\n") + + # System certs path. Editor will use them if defined. (for package maintainers) + path = env['system_certs_path'] + g.write("#define _SYSTEM_CERTS_PATH \"%s\"\n" % str(path)) if env['builtin_certs']: # Defined here and not in env so changing it does not trigger a full rebuild. g.write("#define BUILTIN_CERTS_ENABLED\n") diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp index a02565bc1c..8d8682686a 100644 --- a/core/io/stream_peer_ssl.cpp +++ b/core/io/stream_peer_ssl.cpp @@ -44,13 +44,20 @@ StreamPeerSSL *StreamPeerSSL::create() { StreamPeerSSL::LoadCertsFromMemory StreamPeerSSL::load_certs_func = NULL; bool StreamPeerSSL::available = false; -bool StreamPeerSSL::initialize_certs = true; void StreamPeerSSL::load_certs_from_memory(const PoolByteArray &p_memory) { if (load_certs_func) load_certs_func(p_memory); } +void StreamPeerSSL::load_certs_from_file(String p_path) { + if (p_path != "") { + PoolByteArray certs = get_cert_file_as_array(p_path); + if (certs.size() > 0) + load_certs_func(certs); + } +} + bool StreamPeerSSL::is_available() { return available; } @@ -63,6 +70,25 @@ bool StreamPeerSSL::is_blocking_handshake_enabled() const { return blocking_handshake; } +PoolByteArray StreamPeerSSL::get_cert_file_as_array(String p_path) { + + PoolByteArray out; + FileAccess *f = FileAccess::open(p_path, FileAccess::READ); + if (f) { + int flen = f->get_len(); + out.resize(flen + 1); + PoolByteArray::Write w = out.write(); + f->get_buffer(w.ptr(), flen); + w[flen] = 0; // Make sure it ends with string terminator + memdelete(f); +#ifdef DEBUG_ENABLED + print_verbose(vformat("Loaded certs from '%s'.", p_path)); +#endif + } + + return out; +} + PoolByteArray StreamPeerSSL::get_project_cert_array() { PoolByteArray out; @@ -71,18 +97,7 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() { if (certs_path != "") { // Use certs defined in project settings. - FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); - if (f) { - int flen = f->get_len(); - out.resize(flen + 1); - PoolByteArray::Write w = out.write(); - f->get_buffer(w.ptr(), flen); - w[flen] = 0; // Make sure it ends with string terminator - memdelete(f); -#ifdef DEBUG_ENABLED - print_verbose(vformat("Loaded certs from '%s'.", certs_path)); -#endif - } + return get_cert_file_as_array(certs_path); } #ifdef BUILTIN_CERTS_ENABLED else { diff --git a/core/io/stream_peer_ssl.h b/core/io/stream_peer_ssl.h index f66c1c7de9..8ce36d7e7d 100644 --- a/core/io/stream_peer_ssl.h +++ b/core/io/stream_peer_ssl.h @@ -46,9 +46,6 @@ protected: static LoadCertsFromMemory load_certs_func; static bool available; - friend class Main; - static bool initialize_certs; - bool blocking_handshake; public: @@ -72,7 +69,9 @@ public: static StreamPeerSSL *create(); + static PoolByteArray get_cert_file_as_array(String p_path); static PoolByteArray get_project_cert_array(); + static void load_certs_from_file(String p_path); static void load_certs_from_memory(const PoolByteArray &p_memory); static bool is_available(); diff --git a/editor/editor_settings.cpp b/editor/editor_settings.cpp index 5d3c6dd087..3e959731fc 100644 --- a/editor/editor_settings.cpp +++ b/editor/editor_settings.cpp @@ -30,6 +30,7 @@ #include "editor_settings.h" +#include "core/io/certs_compressed.gen.h" #include "core/io/compression.h" #include "core/io/config_file.h" #include "core/io/file_access_memory.h" @@ -947,6 +948,10 @@ void EditorSettings::setup_network() { _initial_set("network/debug/remote_port", port); add_property_hint(PropertyInfo(Variant::INT, "network/debug/remote_port", PROPERTY_HINT_RANGE, "1,65535,1")); + + // Editor SSL certificates override + _initial_set("network/ssl/editor_ssl_certificates", _SYSTEM_CERTS_PATH); + add_property_hint(PropertyInfo(Variant::STRING, "network/ssl/editor_ssl_certificates", PROPERTY_HINT_GLOBAL_FILE, "*.crt,*.pem")); } void EditorSettings::save() { diff --git a/main/main.cpp b/main/main.cpp index 90d4db2948..db82ff8f6e 100644 --- a/main/main.cpp +++ b/main/main.cpp @@ -73,6 +73,7 @@ #include "editor/doc/doc_data.h" #include "editor/doc/doc_data_class_path.gen.h" #include "editor/editor_node.h" +#include "editor/editor_settings.h" #include "editor/project_manager.h" #endif @@ -756,7 +757,6 @@ Error Main::setup(const char *execpath, int argc, char *argv[], bool p_second_ph if (editor) { packed_data->set_disabled(true); globals->set_disable_feature_overrides(true); - StreamPeerSSL::initialize_certs = false; //will be initialized by editor } #endif @@ -1595,6 +1595,7 @@ bool Main::start() { sml->set_use_font_oversampling(font_oversampling); } else { + GLOBAL_DEF("display/window/stretch/mode", "disabled"); ProjectSettings::get_singleton()->set_custom_property_info("display/window/stretch/mode", PropertyInfo(Variant::STRING, "display/window/stretch/mode", PROPERTY_HINT_ENUM, "disabled,2d,viewport")); GLOBAL_DEF("display/window/stretch/aspect", "ignore"); @@ -1654,6 +1655,10 @@ bool Main::start() { } if (!project_manager && !editor) { // game + + // Load SSL Certificates from Project Settings (or builtin) + StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array()); + if (game_path != "") { Node *scene = NULL; Ref<PackedScene> scenedata = ResourceLoader::load(local_game_path); @@ -1686,6 +1691,15 @@ bool Main::start() { sml->get_root()->add_child(pmanager); OS::get_singleton()->set_context(OS::CONTEXT_PROJECTMAN); } + + if (project_manager || editor) { + // Load SSL Certificates from Editor Settings (or builtin) + String certs = EditorSettings::get_singleton()->get_setting("network/ssl/editor_ssl_certificates").operator String(); + if (certs != "") + StreamPeerSSL::load_certs_from_file(certs); + else + StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array()); + } #endif } diff --git a/modules/mbedtls/stream_peer_mbed_tls.cpp b/modules/mbedtls/stream_peer_mbed_tls.cpp index 3398957775..3c04254fd4 100755 --- a/modules/mbedtls/stream_peer_mbed_tls.cpp +++ b/modules/mbedtls/stream_peer_mbed_tls.cpp @@ -317,15 +317,13 @@ void StreamPeerMbedTLS::initialize_ssl() { mbedtls_debug_set_threshold(1); #endif - PoolByteArray cert_array = StreamPeerSSL::get_project_cert_array(); - - if (cert_array.size() > 0) - _load_certs(cert_array); - available = true; } void StreamPeerMbedTLS::finalize_ssl() { + available = false; + _create = NULL; + load_certs_func = NULL; mbedtls_x509_crt_free(&cacert); } |