diff options
| author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2019-08-22 20:44:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-22 20:44:20 +0200 |
| commit | ccf294b92f02af6e60206e220dcf4a8474f73f0a (patch) | |
| tree | 48d80553c00b7ce76333bb6bbf0e5b8b56b747a4 | |
| parent | 79a480a55e1ebada7f2987afeeb2039a39c8666b (diff) | |
| parent | 17d5b471b9be55a60c366da82629099f6937ec88 (diff) | |
Merge pull request #31566 from Faless/ssl/fix_custom_cert
Fix StreamPeerSSL connect_to_stream w/ custom cert.
| -rw-r--r-- | modules/mbedtls/crypto_mbedtls.cpp | 2 | ||||
| -rw-r--r-- | modules/mbedtls/ssl_context_mbedtls.cpp | 13 |
2 files changed, 9 insertions, 6 deletions
diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp index 9c8eb40ca4..1e02084ae2 100644 --- a/modules/mbedtls/crypto_mbedtls.cpp +++ b/modules/mbedtls/crypto_mbedtls.cpp @@ -69,7 +69,7 @@ Error CryptoKeyMbedTLS::load(String p_path) { int ret = mbedtls_pk_parse_key(&pkey, out.read().ptr(), out.size(), NULL, 0); // We MUST zeroize the memory for safety! mbedtls_platform_zeroize(out.write().ptr(), out.size()); - ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing some certificates: " + itos(ret)); + ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing private key: " + itos(ret)); return OK; } diff --git a/modules/mbedtls/ssl_context_mbedtls.cpp b/modules/mbedtls/ssl_context_mbedtls.cpp index 014a201f9c..97b5e23f58 100644 --- a/modules/mbedtls/ssl_context_mbedtls.cpp +++ b/modules/mbedtls/ssl_context_mbedtls.cpp @@ -94,9 +94,12 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto } Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { + Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode); + ERR_FAIL_COND_V(err != OK, err); + X509CertificateMbedTLS *cas = NULL; - if (certs.is_valid()) { + if (p_valid_cas.is_valid()) { // Locking CA certificates certs = p_valid_cas; certs->lock(); @@ -104,12 +107,12 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce } else { // Fall back to default certificates (no need to lock those). cas = CryptoMbedTLS::get_default_certificates(); - ERR_FAIL_COND_V(cas == NULL, ERR_UNCONFIGURED); + if (cas == NULL) { + clear(); + ERR_FAIL_V_MSG(ERR_UNCONFIGURED, "SSL module failed to initialize!"); + } } - Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode); - ERR_FAIL_COND_V(err != OK, err); - // Set valid CAs mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL); mbedtls_ssl_setup(&ssl, &conf); |