summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRémi Verschelde <rverschelde@gmail.com>2018-09-16 01:22:47 +0200
committerGitHub <noreply@github.com>2018-09-16 01:22:47 +0200
commit7f5e653a22873a9ca0ae47457f384d4a772d2e77 (patch)
tree87353ba23e78bc042ece1b12feb52c214c48dc74
parent9af72f09c5b03b448dbe6f066273faaaa263c313 (diff)
parent0e56377e96ee492cc30de9ad2e6e9242737f4dbd (diff)
Merge pull request #22066 from Faless/bundle_certs
Bundle SSL certs with the templates
-rw-r--r--SConstruct2
-rw-r--r--core/SCsub3
-rw-r--r--core/core_builders.py35
-rw-r--r--core/io/stream_peer_ssl.cpp57
-rw-r--r--core/io/stream_peer_ssl.h5
-rw-r--r--editor/SCsub4
-rw-r--r--editor/editor_builders.py26
-rw-r--r--editor/editor_initialize_ssl.cpp48
-rw-r--r--editor/editor_initialize_ssl.h36
-rw-r--r--editor/editor_node.cpp2
-rw-r--r--editor/editor_settings.cpp5
-rw-r--r--editor/project_manager.cpp3
-rw-r--r--main/main.cpp16
-rwxr-xr-xmodules/mbedtls/stream_peer_mbed_tls.cpp8
14 files changed, 105 insertions, 145 deletions
diff --git a/SConstruct b/SConstruct
index 3f3976555d..1c55e0be93 100644
--- a/SConstruct
+++ b/SConstruct
@@ -169,9 +169,11 @@ opts.Add(BoolVariable('progress', "Show a progress indicator during compilation"
opts.Add(BoolVariable('dev', "If yes, alias for verbose=yes warnings=all", False))
opts.Add(EnumVariable('macports_clang', "Build using Clang from MacPorts", 'no', ('no', '5.0', 'devel')))
opts.Add(BoolVariable('no_editor_splash', "Don't use the custom splash screen for the editor", False))
+opts.Add('system_certs_path', "Use this path as SSL certificates default for editor (for package maintainers)", '')
# Thirdparty libraries
opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True))
+opts.Add(BoolVariable('builtin_certs', "Bundle default SSL certificates to be used if you don't specify an override in the project settings", True))
opts.Add(BoolVariable('builtin_enet', "Use the built-in ENet library", True))
opts.Add(BoolVariable('builtin_freetype', "Use the built-in FreeType library", True))
opts.Add(BoolVariable('builtin_libogg', "Use the built-in libogg library", True))
diff --git a/core/SCsub b/core/SCsub
index a6365bf925..6746cc871a 100644
--- a/core/SCsub
+++ b/core/SCsub
@@ -93,6 +93,9 @@ if 'builtin_zstd' in env and env['builtin_zstd']:
# Godot's own sources
env.add_source_files(env.core_sources, "*.cpp")
+# Certificates
+env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs']), env.Value(env['system_certs_path'])])
+env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header))
# Make binders
env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run))
diff --git a/core/core_builders.py b/core/core_builders.py
index 90e505aab9..f3a9e3b221 100644
--- a/core/core_builders.py
+++ b/core/core_builders.py
@@ -4,7 +4,40 @@ All such functions are invoked in a subprocess on Windows to prevent build flaki
"""
from platform_methods import subprocess_main
-from compat import iteritems, itervalues, open_utf8, escape_string
+from compat import iteritems, itervalues, open_utf8, escape_string, byte_to_str
+
+
+def make_certs_header(target, source, env):
+
+ src = source[0]
+ dst = target[0]
+ f = open(src, "rb")
+ g = open_utf8(dst, "w")
+ buf = f.read()
+ decomp_size = len(buf)
+ import zlib
+ buf = zlib.compress(buf)
+
+ g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n")
+ g.write("#ifndef _CERTS_RAW_H\n")
+ g.write("#define _CERTS_RAW_H\n")
+
+ # System certs path. Editor will use them if defined. (for package maintainers)
+ path = env['system_certs_path']
+ g.write("#define _SYSTEM_CERTS_PATH \"%s\"\n" % str(path))
+ if env['builtin_certs']:
+ # Defined here and not in env so changing it does not trigger a full rebuild.
+ g.write("#define BUILTIN_CERTS_ENABLED\n")
+ g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n")
+ g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n")
+ g.write("static const unsigned char _certs_compressed[] = {\n")
+ for i in range(len(buf)):
+ g.write("\t" + byte_to_str(buf[i]) + ",\n")
+ g.write("};\n")
+ g.write("#endif")
+
+ g.close()
+ f.close()
def make_authors_header(target, source, env):
diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp
index 1f59021938..8d8682686a 100644
--- a/core/io/stream_peer_ssl.cpp
+++ b/core/io/stream_peer_ssl.cpp
@@ -30,6 +30,8 @@
#include "stream_peer_ssl.h"
+#include "core/io/certs_compressed.gen.h"
+#include "core/io/compression.h"
#include "core/os/file_access.h"
#include "core/project_settings.h"
@@ -42,13 +44,20 @@ StreamPeerSSL *StreamPeerSSL::create() {
StreamPeerSSL::LoadCertsFromMemory StreamPeerSSL::load_certs_func = NULL;
bool StreamPeerSSL::available = false;
-bool StreamPeerSSL::initialize_certs = true;
void StreamPeerSSL::load_certs_from_memory(const PoolByteArray &p_memory) {
if (load_certs_func)
load_certs_func(p_memory);
}
+void StreamPeerSSL::load_certs_from_file(String p_path) {
+ if (p_path != "") {
+ PoolByteArray certs = get_cert_file_as_array(p_path);
+ if (certs.size() > 0)
+ load_certs_func(certs);
+ }
+}
+
bool StreamPeerSSL::is_available() {
return available;
}
@@ -61,6 +70,25 @@ bool StreamPeerSSL::is_blocking_handshake_enabled() const {
return blocking_handshake;
}
+PoolByteArray StreamPeerSSL::get_cert_file_as_array(String p_path) {
+
+ PoolByteArray out;
+ FileAccess *f = FileAccess::open(p_path, FileAccess::READ);
+ if (f) {
+ int flen = f->get_len();
+ out.resize(flen + 1);
+ PoolByteArray::Write w = out.write();
+ f->get_buffer(w.ptr(), flen);
+ w[flen] = 0; // Make sure it ends with string terminator
+ memdelete(f);
+#ifdef DEBUG_ENABLED
+ print_verbose(vformat("Loaded certs from '%s'.", p_path));
+#endif
+ }
+
+ return out;
+}
+
PoolByteArray StreamPeerSSL::get_project_cert_array() {
PoolByteArray out;
@@ -68,24 +96,21 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() {
ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt"));
if (certs_path != "") {
-
- FileAccess *f = FileAccess::open(certs_path, FileAccess::READ);
- if (f) {
- int flen = f->get_len();
- out.resize(flen + 1);
- {
- PoolByteArray::Write w = out.write();
- f->get_buffer(w.ptr(), flen);
- w[flen] = 0; //end f string
- }
-
- memdelete(f);
-
+ // Use certs defined in project settings.
+ return get_cert_file_as_array(certs_path);
+ }
+#ifdef BUILTIN_CERTS_ENABLED
+ else {
+ // Use builtin certs only if user did not override it in project settings.
+ out.resize(_certs_uncompressed_size + 1);
+ PoolByteArray::Write w = out.write();
+ Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
+ w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
#ifdef DEBUG_ENABLED
- print_verbose(vformat("Loaded certs from '%s'.", certs_path));
+ print_verbose("Loaded builtin certs");
#endif
- }
}
+#endif
return out;
}
diff --git a/core/io/stream_peer_ssl.h b/core/io/stream_peer_ssl.h
index f66c1c7de9..8ce36d7e7d 100644
--- a/core/io/stream_peer_ssl.h
+++ b/core/io/stream_peer_ssl.h
@@ -46,9 +46,6 @@ protected:
static LoadCertsFromMemory load_certs_func;
static bool available;
- friend class Main;
- static bool initialize_certs;
-
bool blocking_handshake;
public:
@@ -72,7 +69,9 @@ public:
static StreamPeerSSL *create();
+ static PoolByteArray get_cert_file_as_array(String p_path);
static PoolByteArray get_project_cert_array();
+ static void load_certs_from_file(String p_path);
static void load_certs_from_memory(const PoolByteArray &p_memory);
static bool is_available();
diff --git a/editor/SCsub b/editor/SCsub
index 6a4b06a97a..82b982eef2 100644
--- a/editor/SCsub
+++ b/editor/SCsub
@@ -61,10 +61,6 @@ if env['tools']:
env.Depends("#editor/doc_data_compressed.gen.h", docs)
env.CommandNoCache("#editor/doc_data_compressed.gen.h", docs, run_in_subprocess(editor_builders.make_doc_header))
- # Certificates
- env.Depends("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt")
- env.CommandNoCache("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(editor_builders.make_certs_header))
-
import glob
path = env.Dir('.').abspath
diff --git a/editor/editor_builders.py b/editor/editor_builders.py
index fa037980c2..9e9fe752b4 100644
--- a/editor/editor_builders.py
+++ b/editor/editor_builders.py
@@ -9,32 +9,6 @@ from platform_methods import subprocess_main
from compat import encode_utf8, byte_to_str, open_utf8, escape_string
-def make_certs_header(target, source, env):
-
- src = source[0]
- dst = target[0]
- f = open(src, "rb")
- g = open_utf8(dst, "w")
- buf = f.read()
- decomp_size = len(buf)
- import zlib
- buf = zlib.compress(buf)
-
- g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n")
- g.write("#ifndef _CERTS_RAW_H\n")
- g.write("#define _CERTS_RAW_H\n")
- g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n")
- g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n")
- g.write("static const unsigned char _certs_compressed[] = {\n")
- for i in range(len(buf)):
- g.write("\t" + byte_to_str(buf[i]) + ",\n")
- g.write("};\n")
- g.write("#endif")
-
- g.close()
- f.close()
-
-
def make_doc_header(target, source, env):
dst = target[0]
diff --git a/editor/editor_initialize_ssl.cpp b/editor/editor_initialize_ssl.cpp
deleted file mode 100644
index 9f7537cc9a..0000000000
--- a/editor/editor_initialize_ssl.cpp
+++ /dev/null
@@ -1,48 +0,0 @@
-/*************************************************************************/
-/* editor_initialize_ssl.cpp */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-#include "editor_initialize_ssl.h"
-
-#include "certs_compressed.gen.h"
-#include "core/io/compression.h"
-#include "core/io/stream_peer_ssl.h"
-
-void editor_initialize_certificates() {
-
- PoolByteArray data;
- data.resize(_certs_uncompressed_size + 1);
- {
- PoolByteArray::Write w = data.write();
- Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
- w[_certs_uncompressed_size] = 0; //make sure it ends at zero
- }
-
- StreamPeerSSL::load_certs_from_memory(data);
-}
diff --git a/editor/editor_initialize_ssl.h b/editor/editor_initialize_ssl.h
deleted file mode 100644
index 71d16b8c53..0000000000
--- a/editor/editor_initialize_ssl.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*************************************************************************/
-/* editor_initialize_ssl.h */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-#ifndef EDITOR_INITIALIZE_SSL_H
-#define EDITOR_INITIALIZE_SSL_H
-
-void editor_initialize_certificates();
-
-#endif // EDITOR_INITIALIZE_SSL_H
diff --git a/editor/editor_node.cpp b/editor/editor_node.cpp
index d8e6f711ff..0ba1ef3b18 100644
--- a/editor/editor_node.cpp
+++ b/editor/editor_node.cpp
@@ -54,7 +54,6 @@
#include "editor/editor_audio_buses.h"
#include "editor/editor_file_system.h"
#include "editor/editor_help.h"
-#include "editor/editor_initialize_ssl.h"
#include "editor/editor_properties.h"
#include "editor/editor_settings.h"
#include "editor/editor_themes.h"
@@ -4686,7 +4685,6 @@ EditorNode::EditorNode() {
SceneState::set_disable_placeholders(true);
ResourceLoader::clear_translation_remaps(); //no remaps using during editor
ResourceLoader::clear_path_remaps();
- editor_initialize_certificates(); //for asset sharing
InputDefault *id = Object::cast_to<InputDefault>(Input::get_singleton());
diff --git a/editor/editor_settings.cpp b/editor/editor_settings.cpp
index 5d3c6dd087..3e959731fc 100644
--- a/editor/editor_settings.cpp
+++ b/editor/editor_settings.cpp
@@ -30,6 +30,7 @@
#include "editor_settings.h"
+#include "core/io/certs_compressed.gen.h"
#include "core/io/compression.h"
#include "core/io/config_file.h"
#include "core/io/file_access_memory.h"
@@ -947,6 +948,10 @@ void EditorSettings::setup_network() {
_initial_set("network/debug/remote_port", port);
add_property_hint(PropertyInfo(Variant::INT, "network/debug/remote_port", PROPERTY_HINT_RANGE, "1,65535,1"));
+
+ // Editor SSL certificates override
+ _initial_set("network/ssl/editor_ssl_certificates", _SYSTEM_CERTS_PATH);
+ add_property_hint(PropertyInfo(Variant::STRING, "network/ssl/editor_ssl_certificates", PROPERTY_HINT_GLOBAL_FILE, "*.crt,*.pem"));
}
void EditorSettings::save() {
diff --git a/editor/project_manager.cpp b/editor/project_manager.cpp
index f494c84efa..91ab5b4dff 100644
--- a/editor/project_manager.cpp
+++ b/editor/project_manager.cpp
@@ -41,7 +41,6 @@
#include "core/translation.h"
#include "core/version.h"
#include "core/version_hash.gen.h"
-#include "editor_initialize_ssl.h"
#include "editor_scale.h"
#include "editor_settings.h"
#include "editor_themes.h"
@@ -2059,8 +2058,6 @@ void ProjectListFilter::_bind_methods() {
ProjectListFilter::ProjectListFilter() {
- editor_initialize_certificates(); //for asset sharing
-
_current_filter = FILTER_NAME;
filter_option = memnew(OptionButton);
diff --git a/main/main.cpp b/main/main.cpp
index 90d4db2948..db82ff8f6e 100644
--- a/main/main.cpp
+++ b/main/main.cpp
@@ -73,6 +73,7 @@
#include "editor/doc/doc_data.h"
#include "editor/doc/doc_data_class_path.gen.h"
#include "editor/editor_node.h"
+#include "editor/editor_settings.h"
#include "editor/project_manager.h"
#endif
@@ -756,7 +757,6 @@ Error Main::setup(const char *execpath, int argc, char *argv[], bool p_second_ph
if (editor) {
packed_data->set_disabled(true);
globals->set_disable_feature_overrides(true);
- StreamPeerSSL::initialize_certs = false; //will be initialized by editor
}
#endif
@@ -1595,6 +1595,7 @@ bool Main::start() {
sml->set_use_font_oversampling(font_oversampling);
} else {
+
GLOBAL_DEF("display/window/stretch/mode", "disabled");
ProjectSettings::get_singleton()->set_custom_property_info("display/window/stretch/mode", PropertyInfo(Variant::STRING, "display/window/stretch/mode", PROPERTY_HINT_ENUM, "disabled,2d,viewport"));
GLOBAL_DEF("display/window/stretch/aspect", "ignore");
@@ -1654,6 +1655,10 @@ bool Main::start() {
}
if (!project_manager && !editor) { // game
+
+ // Load SSL Certificates from Project Settings (or builtin)
+ StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array());
+
if (game_path != "") {
Node *scene = NULL;
Ref<PackedScene> scenedata = ResourceLoader::load(local_game_path);
@@ -1686,6 +1691,15 @@ bool Main::start() {
sml->get_root()->add_child(pmanager);
OS::get_singleton()->set_context(OS::CONTEXT_PROJECTMAN);
}
+
+ if (project_manager || editor) {
+ // Load SSL Certificates from Editor Settings (or builtin)
+ String certs = EditorSettings::get_singleton()->get_setting("network/ssl/editor_ssl_certificates").operator String();
+ if (certs != "")
+ StreamPeerSSL::load_certs_from_file(certs);
+ else
+ StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array());
+ }
#endif
}
diff --git a/modules/mbedtls/stream_peer_mbed_tls.cpp b/modules/mbedtls/stream_peer_mbed_tls.cpp
index 3398957775..3c04254fd4 100755
--- a/modules/mbedtls/stream_peer_mbed_tls.cpp
+++ b/modules/mbedtls/stream_peer_mbed_tls.cpp
@@ -317,15 +317,13 @@ void StreamPeerMbedTLS::initialize_ssl() {
mbedtls_debug_set_threshold(1);
#endif
- PoolByteArray cert_array = StreamPeerSSL::get_project_cert_array();
-
- if (cert_array.size() > 0)
- _load_certs(cert_array);
-
available = true;
}
void StreamPeerMbedTLS::finalize_ssl() {
+ available = false;
+ _create = NULL;
+ load_certs_func = NULL;
mbedtls_x509_crt_free(&cacert);
}