diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-20 01:51:35 +0100 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-28 11:08:02 +0100 |
| commit | adba870534bdcdd11f0f344e66090be8e2cd9ae4 (patch) | |
| tree | 90a82a28e69cf61b10f210cd02d086cdeb410d95 /modules/enet/enet_connection.cpp | |
| parent | 2afa175195d0fc885badb60441bef1b31e5e6d05 (diff) | |
[NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static
functions.
- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)
This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
Diffstat (limited to 'modules/enet/enet_connection.cpp')
| -rw-r--r-- | modules/enet/enet_connection.cpp | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/modules/enet/enet_connection.cpp b/modules/enet/enet_connection.cpp index d16e7d7c4a..804263186f 100644 --- a/modules/enet/enet_connection.cpp +++ b/modules/enet/enet_connection.cpp @@ -273,10 +273,11 @@ TypedArray<ENetPacketPeer> ENetConnection::_get_peers() { return out; } -Error ENetConnection::dtls_server_setup(Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert) { +Error ENetConnection::dtls_server_setup(const Ref<TLSOptions> &p_options) { #ifdef GODOT_ENET ERR_FAIL_COND_V_MSG(!host, ERR_UNCONFIGURED, "The ENetConnection instance isn't currently active."); - return enet_host_dtls_server_setup(host, p_key.ptr(), p_cert.ptr()) ? FAILED : OK; + ERR_FAIL_COND_V(p_options.is_null() || !p_options->is_server(), ERR_INVALID_PARAMETER); + return enet_host_dtls_server_setup(host, const_cast<TLSOptions *>(p_options.ptr())) ? FAILED : OK; #else ERR_FAIL_V_MSG(ERR_UNAVAILABLE, "ENet DTLS support not available in this build."); #endif @@ -291,10 +292,11 @@ void ENetConnection::refuse_new_connections(bool p_refuse) { #endif } -Error ENetConnection::dtls_client_setup(Ref<X509Certificate> p_cert, const String &p_hostname, bool p_verify) { +Error ENetConnection::dtls_client_setup(const String &p_hostname, const Ref<TLSOptions> &p_options) { #ifdef GODOT_ENET ERR_FAIL_COND_V_MSG(!host, ERR_UNCONFIGURED, "The ENetConnection instance isn't currently active."); - return enet_host_dtls_client_setup(host, p_cert.ptr(), p_verify, p_hostname.utf8().get_data()) ? FAILED : OK; + ERR_FAIL_COND_V(p_options.is_null() || p_options->is_server(), ERR_INVALID_PARAMETER); + return enet_host_dtls_client_setup(host, p_hostname.utf8().get_data(), const_cast<TLSOptions *>(p_options.ptr())) ? FAILED : OK; #else ERR_FAIL_V_MSG(ERR_UNAVAILABLE, "ENet DTLS support not available in this build."); #endif @@ -351,8 +353,8 @@ void ENetConnection::_bind_methods() { ClassDB::bind_method(D_METHOD("channel_limit", "limit"), &ENetConnection::channel_limit); ClassDB::bind_method(D_METHOD("broadcast", "channel", "packet", "flags"), &ENetConnection::_broadcast); ClassDB::bind_method(D_METHOD("compress", "mode"), &ENetConnection::compress); - ClassDB::bind_method(D_METHOD("dtls_server_setup", "key", "certificate"), &ENetConnection::dtls_server_setup); - ClassDB::bind_method(D_METHOD("dtls_client_setup", "certificate", "hostname", "verify"), &ENetConnection::dtls_client_setup, DEFVAL(true)); + ClassDB::bind_method(D_METHOD("dtls_server_setup", "server_options"), &ENetConnection::dtls_server_setup); + ClassDB::bind_method(D_METHOD("dtls_client_setup", "hostname", "client_options"), &ENetConnection::dtls_client_setup, DEFVAL(Ref<TLSOptions>())); ClassDB::bind_method(D_METHOD("refuse_new_connections", "refuse"), &ENetConnection::refuse_new_connections); ClassDB::bind_method(D_METHOD("pop_statistic", "statistic"), &ENetConnection::pop_statistic); ClassDB::bind_method(D_METHOD("get_max_channels"), &ENetConnection::get_max_channels); |