diff options
author | Rémi Verschelde <rverschelde@gmail.com> | 2017-03-05 16:44:50 +0100 |
---|---|---|
committer | Rémi Verschelde <rverschelde@gmail.com> | 2017-03-05 16:44:50 +0100 |
commit | 5dbf1809c6e3e905b94b8764e99491e608122261 (patch) | |
tree | 5e5a5360db15d86d59ec8c6e4f7eb511388c5a9a /modules/openssl | |
parent | 45438e9918d421b244bfd7776a30e67dc7f2d3e3 (diff) |
A Whole New World (clang-format edition)
I can show you the code
Pretty, with proper whitespace
Tell me, coder, now when did
You last write readable code?
I can open your eyes
Make you see your bad indent
Force you to respect the style
The core devs agreed upon
A whole new world
A new fantastic code format
A de facto standard
With some sugar
Enforced with clang-format
A whole new world
A dazzling style we all dreamed of
And when we read it through
It's crystal clear
That now we're in a whole new world of code
Diffstat (limited to 'modules/openssl')
-rw-r--r-- | modules/openssl/stream_peer_openssl.cpp | 360 | ||||
-rw-r--r-- | modules/openssl/stream_peer_openssl.h | 50 |
2 files changed, 186 insertions, 224 deletions
diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp index 43a1f610d8..3b25b8a50e 100644 --- a/modules/openssl/stream_peer_openssl.cpp +++ b/modules/openssl/stream_peer_openssl.cpp @@ -29,12 +29,11 @@ #include "stream_peer_openssl.h" //hostname matching code from curl - //#include <openssl/applink.c> // To prevent crashing (see the OpenSSL FAQ) bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) { - return Tool_Curl_cert_hostcheck(name,hostname)==CURL_HOST_MATCH; + return Tool_Curl_cert_hostcheck(name, hostname) == CURL_HOST_MATCH; //print_line("MATCH: "+String(name)+" vs "+String(hostname)); //return true; } @@ -47,36 +46,32 @@ Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *se char *common_name_str = NULL; // Find the position of the CN field in the Subject field of the certificate - common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1); + common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert), NID_commonName, -1); - ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER ); + ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER); // Extract the CN field - common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc); + common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *)server_cert), common_name_loc); - ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER ); + ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER); // Convert the CN field to a C string common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); - ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER ); + ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER); - common_name_str = (char *) ASN1_STRING_data(common_name_asn1); + common_name_str = (char *)ASN1_STRING_data(common_name_asn1); // Make sure there isn't an embedded NUL character in the CN bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str); - ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER ); - + ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER); // Compare expected hostname with the CN - - return _match_host_name(common_name_str,hostname)?OK:FAILED; - + return _match_host_name(common_name_str, hostname) ? OK : FAILED; } - /** * Tries to find a match for hostname in the certificate's Subject Alternative Name extension. * @@ -90,26 +85,25 @@ Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, c STACK_OF(GENERAL_NAME) *san_names = NULL; // Try to extract the names within the SAN extension from the certificate - san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL); + san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *)server_cert, NID_subject_alt_name, NULL, NULL); if (san_names == NULL) { return ERR_FILE_NOT_FOUND; } san_names_nb = sk_GENERAL_NAME_num(san_names); // Check each name within the extension - for (i=0; i<san_names_nb; i++) { + for (i = 0; i < san_names_nb; i++) { const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); if (current_name->type == GEN_DNS) { // Current name is a DNS name, let's check it - char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName); + char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName); // Make sure there isn't an embedded NUL character in the DNS name if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) { result = ERR_INVALID_PARAMETER; break; - } - else { // Compare expected hostname with the DNS name + } else { // Compare expected hostname with the DNS name if (_match_host_name(dns_name, hostname)) { result = OK; break; @@ -131,19 +125,19 @@ int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg bool base_cert_valid = X509_verify_cert(x509_ctx); if (!base_cert_valid) { - print_line("Cause: "+String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx)))); + print_line("Cause: " + String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx)))); ERR_print_errors_fp(stdout); } X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx); - ERR_FAIL_COND_V(!server_cert,0); + ERR_FAIL_COND_V(!server_cert, 0); char cert_str[256]; - X509_NAME_oneline(X509_get_subject_name (server_cert), - cert_str, sizeof (cert_str)); + X509_NAME_oneline(X509_get_subject_name(server_cert), + cert_str, sizeof(cert_str)); - print_line("CERT STR: "+String(cert_str)); - print_line("VALID: "+itos(base_cert_valid)); + print_line("CERT STR: " + String(cert_str)); + print_line("VALID: " + itos(base_cert_valid)); if (!base_cert_valid) return 0; @@ -152,27 +146,24 @@ int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg if (ssl->validate_hostname) { - Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(),server_cert); + Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(), server_cert); - if (err==ERR_FILE_NOT_FOUND) { + if (err == ERR_FILE_NOT_FOUND) { - err = _match_common_name(ssl->hostname.utf8().get_data(),server_cert); + err = _match_common_name(ssl->hostname.utf8().get_data(), server_cert); } - if (err!=OK) { + if (err != OK) { - ssl->status=STATUS_ERROR_HOSTNAME_MISMATCH; + ssl->status = STATUS_ERROR_HOSTNAME_MISMATCH; return 0; } } return 1; - } - - -int StreamPeerOpenSSL::_bio_create( BIO *b ) { +int StreamPeerOpenSSL::_bio_create(BIO *b) { b->init = 1; b->num = 0; b->ptr = NULL; @@ -180,31 +171,29 @@ int StreamPeerOpenSSL::_bio_create( BIO *b ) { return 1; } -int StreamPeerOpenSSL::_bio_destroy( BIO *b ) -{ - if ( b == NULL ) +int StreamPeerOpenSSL::_bio_destroy(BIO *b) { + if (b == NULL) return 0; - b->ptr = NULL; /* sb_tls_remove() will free it */ + b->ptr = NULL; /* sb_tls_remove() will free it */ b->init = 0; b->flags = 0; return 1; } -int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) { +int StreamPeerOpenSSL::_bio_read(BIO *b, char *buf, int len) { - - if ( buf == NULL || len <= 0 ) return 0; + if (buf == NULL || len <= 0) return 0; StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr; - ERR_FAIL_COND_V( sp == NULL, 0); + ERR_FAIL_COND_V(sp == NULL, 0); - BIO_clear_retry_flags( b ); + BIO_clear_retry_flags(b); if (sp->use_blocking) { - Error err = sp->base->get_data((uint8_t*)buf,len); - if (err!=OK) { + Error err = sp->base->get_data((uint8_t *)buf, len); + if (err != OK) { return -1; } @@ -212,12 +201,12 @@ int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) { } else { int got; - Error err = sp->base->get_partial_data((uint8_t*)buf,len,got); - if (err!=OK) { + Error err = sp->base->get_partial_data((uint8_t *)buf, len, got); + if (err != OK) { return -1; } - if (got==0) { - BIO_set_retry_read( b ); + if (got == 0) { + BIO_set_retry_read(b); } return got; } @@ -226,19 +215,19 @@ int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) { return 0; } -int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) { +int StreamPeerOpenSSL::_bio_write(BIO *b, const char *buf, int len) { - if ( buf == NULL || len <= 0 ) return 0; + if (buf == NULL || len <= 0) return 0; StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr; - ERR_FAIL_COND_V( sp == NULL, 0); + ERR_FAIL_COND_V(sp == NULL, 0); - BIO_clear_retry_flags( b ); + BIO_clear_retry_flags(b); if (sp->use_blocking) { - Error err = sp->base->put_data((const uint8_t*)buf,len); - if (err!=OK) { + Error err = sp->base->put_data((const uint8_t *)buf, len); + if (err != OK) { return -1; } @@ -246,43 +235,39 @@ int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) { } else { int sent; - Error err = sp->base->put_partial_data((const uint8_t*)buf,len,sent); - if (err!=OK) { + Error err = sp->base->put_partial_data((const uint8_t *)buf, len, sent); + if (err != OK) { return -1; } - if (sent==0) { - BIO_set_retry_write( b ); + if (sent == 0) { + BIO_set_retry_write(b); } return sent; - } //unreachable return 0; } -long StreamPeerOpenSSL::_bio_ctrl( BIO *b, int cmd, long num, void *ptr ) -{ - if ( cmd == BIO_CTRL_FLUSH ) { +long StreamPeerOpenSSL::_bio_ctrl(BIO *b, int cmd, long num, void *ptr) { + if (cmd == BIO_CTRL_FLUSH) { /* The OpenSSL library needs this */ return 1; } return 0; } -int StreamPeerOpenSSL::_bio_gets( BIO *b, char *buf, int len ) -{ +int StreamPeerOpenSSL::_bio_gets(BIO *b, char *buf, int len) { return -1; } -int StreamPeerOpenSSL::_bio_puts( BIO *b, const char *str ) -{ - return _bio_write( b, str, strlen( str ) ); +int StreamPeerOpenSSL::_bio_puts(BIO *b, const char *str) { + return _bio_write(b, str, strlen(str)); } BIO_METHOD StreamPeerOpenSSL::_bio_method = { /* it's a source/sink BIO */ - ( 100 | 0x400 ), + (100 | 0x400), "streampeer glue", _bio_write, _bio_read, @@ -293,35 +278,29 @@ BIO_METHOD StreamPeerOpenSSL::_bio_method = { _bio_destroy }; -Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String& p_for_hostname) { +Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname) { if (connected) disconnect_from_stream(); - - hostname=p_for_hostname; - status=STATUS_DISCONNECTED; + hostname = p_for_hostname; + status = STATUS_DISCONNECTED; // Set up a SSL_CTX object, which will tell our BIO object how to do its work ctx = SSL_CTX_new(SSLv23_client_method()); - base=p_base; - validate_certs=p_validate_certs; - validate_hostname=p_for_hostname!=""; - - - + base = p_base; + validate_certs = p_validate_certs; + validate_hostname = p_for_hostname != ""; if (p_validate_certs) { - if (certs.size()) { //yay for undocumented OpenSSL functions X509_STORE *store = SSL_CTX_get_cert_store(ctx); - for(int i=0;i<certs.size();i++) { - - X509_STORE_add_cert(store,certs[i]); + for (int i = 0; i < certs.size(); i++) { + X509_STORE_add_cert(store, certs[i]); } #if 0 const unsigned char *in=(const unsigned char *)certs.ptr(); @@ -343,7 +322,6 @@ Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida //int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL); //print_line("verify locations res: "+itos(res)); - /* Ask OpenSSL to verify the server certificate. Note that this * does NOT include verifying that the hostname is correct. * So, by itself, this means anyone with any legitimate @@ -366,183 +344,176 @@ Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida * OpenSSL's built-in routine which would have been called if * we hadn't set the callback. Therefore, we're just * "wrapping" OpenSSL's routine, not replacing it. */ - SSL_CTX_set_cert_verify_callback (ctx, _cert_verify_callback,this); + SSL_CTX_set_cert_verify_callback(ctx, _cert_verify_callback, this); //Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??) - SSL_CTX_set_verify_depth(ctx,max_cert_chain_depth + 1); - + SSL_CTX_set_verify_depth(ctx, max_cert_chain_depth + 1); } - - - - - ssl = SSL_new( ctx ); - bio = BIO_new( &_bio_method ); + ssl = SSL_new(ctx); + bio = BIO_new(&_bio_method); bio->ptr = this; - SSL_set_bio( ssl, bio, bio ); + SSL_set_bio(ssl, bio, bio); - if (p_for_hostname!=String()) { - SSL_set_tlsext_host_name(ssl,p_for_hostname.utf8().get_data()); + if (p_for_hostname != String()) { + SSL_set_tlsext_host_name(ssl, p_for_hostname.utf8().get_data()); } - use_blocking=true; // let handshake use blocking + use_blocking = true; // let handshake use blocking // Set the SSL to automatically retry on failure. SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); // Same as before, try to connect. - int result = SSL_connect( ssl ); + int result = SSL_connect(ssl); - print_line("CONNECTION RESULT: "+itos(result)); - if (result<1) { + print_line("CONNECTION RESULT: " + itos(result)); + if (result < 1) { ERR_print_errors_fp(stdout); _print_error(result); } - X509 * peer = SSL_get_peer_certificate(ssl); + X509 *peer = SSL_get_peer_certificate(ssl); if (peer) { bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK; - print_line("cert_ok: "+itos(cert_ok)); + print_line("cert_ok: " + itos(cert_ok)); - } else if (validate_certs){ - status=STATUS_ERROR_NO_CERTIFICATE; + } else if (validate_certs) { + status = STATUS_ERROR_NO_CERTIFICATE; } - connected=true; - status=STATUS_CONNECTED; + connected = true; + status = STATUS_CONNECTED; return OK; } Error StreamPeerOpenSSL::accept_stream(Ref<StreamPeer> p_base) { - return ERR_UNAVAILABLE; } void StreamPeerOpenSSL::_print_error(int err) { - err = SSL_get_error(ssl,err); - switch(err) { + err = SSL_get_error(ssl, err); + switch (err) { case SSL_ERROR_NONE: ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed"); break; case SSL_ERROR_ZERO_RETURN: ERR_PRINT("The TLS/SSL connection has been closed."); case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: - ERR_PRINT("The operation did not complete."); break; + ERR_PRINT("The operation did not complete."); + break; case SSL_ERROR_WANT_CONNECT: case SSL_ERROR_WANT_ACCEPT: - ERR_PRINT("The connect/accept operation did not complete"); break; + ERR_PRINT("The connect/accept operation did not complete"); + break; case SSL_ERROR_WANT_X509_LOOKUP: - ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); break; + ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); + break; case SSL_ERROR_SYSCALL: - ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); break; + ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); + break; case SSL_ERROR_SSL: - ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); break; - + ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); + break; } } -Error StreamPeerOpenSSL::put_data(const uint8_t* p_data,int p_bytes) { +Error StreamPeerOpenSSL::put_data(const uint8_t *p_data, int p_bytes) { - ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED); + ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - while(p_bytes>0) { - int ret = SSL_write(ssl,p_data,p_bytes); - if (ret<=0) { + while (p_bytes > 0) { + int ret = SSL_write(ssl, p_data, p_bytes); + if (ret <= 0) { _print_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } - p_data+=ret; - p_bytes-=ret; + p_data += ret; + p_bytes -= ret; } return OK; - } -Error StreamPeerOpenSSL::put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent){ +Error StreamPeerOpenSSL::put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent) { - ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED); - if (p_bytes==0) + ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); + if (p_bytes == 0) return OK; - Error err = put_data(p_data,p_bytes); - if (err!=OK) + Error err = put_data(p_data, p_bytes); + if (err != OK) return err; - r_sent=p_bytes; + r_sent = p_bytes; return OK; - } -Error StreamPeerOpenSSL::get_data(uint8_t* p_buffer, int p_bytes){ +Error StreamPeerOpenSSL::get_data(uint8_t *p_buffer, int p_bytes) { - ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED); + ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - while(p_bytes>0) { + while (p_bytes > 0) { - int ret = SSL_read(ssl,p_buffer,p_bytes); - if (ret<=0) { + int ret = SSL_read(ssl, p_buffer, p_bytes); + if (ret <= 0) { _print_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } - p_buffer+=ret; - p_bytes-=ret; + p_buffer += ret; + p_bytes -= ret; } return OK; } -Error StreamPeerOpenSSL::get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received){ +Error StreamPeerOpenSSL::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received) { - ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED); - if (p_bytes==0) { - r_received=0; + ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); + if (p_bytes == 0) { + r_received = 0; return OK; } - Error err = get_data(p_buffer,p_bytes); - if (err!=OK) + Error err = get_data(p_buffer, p_bytes); + if (err != OK) return err; - r_received=p_bytes; + r_received = p_bytes; return OK; } int StreamPeerOpenSSL::get_available_bytes() const { - ERR_FAIL_COND_V(!connected,0); + ERR_FAIL_COND_V(!connected, 0); return SSL_pending(ssl); - } StreamPeerOpenSSL::StreamPeerOpenSSL() { - ctx=NULL; - ssl=NULL; - bio=NULL; - connected=false; - use_blocking=true; //might be improved int the future, but for now it always blocks - max_cert_chain_depth=9; - flags=0; + ctx = NULL; + ssl = NULL; + bio = NULL; + connected = false; + use_blocking = true; //might be improved int the future, but for now it always blocks + max_cert_chain_depth = 9; + flags = 0; } void StreamPeerOpenSSL::disconnect_from_stream() { if (!connected) return; - SSL_shutdown( ssl ); - SSL_free( ssl ); + SSL_shutdown(ssl); + SSL_free(ssl); SSL_CTX_free(ctx); - base=Ref<StreamPeer>(); - connected=false; - validate_certs=false; - validate_hostname=false; - status=STATUS_DISCONNECTED; - - + base = Ref<StreamPeer>(); + connected = false; + validate_certs = false; + validate_hostname = false; + status = STATUS_DISCONNECTED; } StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const { @@ -550,27 +521,24 @@ StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const { return status; } - StreamPeerOpenSSL::~StreamPeerOpenSSL() { disconnect_from_stream(); } -StreamPeerSSL* StreamPeerOpenSSL::_create_func() { +StreamPeerSSL *StreamPeerOpenSSL::_create_func() { - return memnew( StreamPeerOpenSSL ); + return memnew(StreamPeerOpenSSL); } +Vector<X509 *> StreamPeerOpenSSL::certs; -Vector<X509*> StreamPeerOpenSSL::certs; - - -void StreamPeerOpenSSL::_load_certs(const PoolByteArray& p_array) { +void StreamPeerOpenSSL::_load_certs(const PoolByteArray &p_array) { PoolByteArray::Read r = p_array.read(); - BIO* mem = BIO_new(BIO_s_mem()); - BIO_puts(mem,(const char*)r.ptr()); - while(true) { - X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL); + BIO *mem = BIO_new(BIO_s_mem()); + BIO_puts(mem, (const char *)r.ptr()); + while (true) { + X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL); if (!cert) break; certs.push_back(cert); @@ -580,66 +548,62 @@ void StreamPeerOpenSSL::_load_certs(const PoolByteArray& p_array) { void StreamPeerOpenSSL::initialize_ssl() { - available=true; + available = true; - load_certs_func=_load_certs; + load_certs_func = _load_certs; - _create=_create_func; + _create = _create_func; CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use SSL_library_init(); // Initialize OpenSSL's SSL libraries SSL_load_error_strings(); // Load SSL error strings ERR_load_BIO_strings(); // Load BIO error strings OpenSSL_add_all_algorithms(); // Load all available encryption algorithms - String certs_path =GLOBAL_DEF("network/ssl/certificates",""); - GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/certificates",PropertyInfo(Variant::STRING,"network/ssl/certificates",PROPERTY_HINT_FILE,"*.crt")); - if (certs_path!="") { - - + String certs_path = GLOBAL_DEF("network/ssl/certificates", ""); + GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); + if (certs_path != "") { - FileAccess *f=FileAccess::open(certs_path,FileAccess::READ); + FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); if (f) { PoolByteArray arr; int flen = f->get_len(); - arr.resize(flen+1); + arr.resize(flen + 1); { PoolByteArray::Write w = arr.write(); - f->get_buffer(w.ptr(),flen); - w[flen]=0; //end f string + f->get_buffer(w.ptr(), flen); + w[flen] = 0; //end f string } memdelete(f); _load_certs(arr); - print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size())); + print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size())); } } - String config_path =GLOBAL_DEF("network/ssl/config",""); - GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/config",PropertyInfo(Variant::STRING,"network/ssl/config",PROPERTY_HINT_FILE,"*.cnf")); - if (config_path!="") { + String config_path = GLOBAL_DEF("network/ssl/config", ""); + GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/config", PropertyInfo(Variant::STRING, "network/ssl/config", PROPERTY_HINT_FILE, "*.cnf")); + if (config_path != "") { Vector<uint8_t> data = FileAccess::get_file_as_array(config_path); if (data.size()) { data.push_back(0); - BIO* mem = BIO_new(BIO_s_mem()); - BIO_puts(mem,(const char*) data.ptr()); + BIO *mem = BIO_new(BIO_s_mem()); + BIO_puts(mem, (const char *)data.ptr()); - while(true) { - X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL); + while (true) { + X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL); if (!cert) break; certs.push_back(cert); } BIO_free(mem); } - print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size())); - + print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size())); } - } -void StreamPeerOpenSSL::finalize_ssl(){ +void StreamPeerOpenSSL::finalize_ssl() { - for(int i=0;i<certs.size();i++) { + for (int i = 0; i < certs.size(); i++) { X509_free(certs[i]); } certs.clear(); diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h index 84ae03fe07..56b45802df 100644 --- a/modules/openssl/stream_peer_openssl.h +++ b/modules/openssl/stream_peer_openssl.h @@ -29,26 +29,26 @@ #ifndef STREAM_PEER_OPEN_SSL_H #define STREAM_PEER_OPEN_SSL_H -#include <stdio.h> // If you don't know what this is for stop reading now. -#include "io/stream_peer_ssl.h" +#include "curl_hostcheck.h" #include "global_config.h" +#include "io/stream_peer_ssl.h" #include "os/file_access.h" -#include "curl_hostcheck.h" +#include <stdio.h> // If you don't know what this is for stop reading now. #include <openssl/bio.h> // BIO objects for I/O -#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections #include <openssl/err.h> // Error reporting +#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections #include <openssl/x509v3.h> class StreamPeerOpenSSL : public StreamPeerSSL { private: - static int _bio_create( BIO *b ); - static int _bio_destroy( BIO *b ); - static int _bio_read( BIO *b, char *buf, int len ); - static int _bio_write( BIO *b, const char *buf, int len ); - static long _bio_ctrl( BIO *b, int cmd, long num, void *ptr ); - static int _bio_gets( BIO *b, char *buf, int len ); - static int _bio_puts( BIO *b, const char *str ); + static int _bio_create(BIO *b); + static int _bio_destroy(BIO *b); + static int _bio_read(BIO *b, char *buf, int len); + static int _bio_write(BIO *b, const char *buf, int len); + static long _bio_ctrl(BIO *b, int cmd, long num, void *ptr); + static int _bio_gets(BIO *b, char *buf, int len); + static int _bio_puts(BIO *b, const char *str); static BIO_METHOD _bio_method; @@ -56,16 +56,14 @@ private: static Error _match_common_name(const char *hostname, const X509 *server_cert); static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert); - static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg); - Status status; String hostname; int max_cert_chain_depth; - SSL_CTX* ctx; - SSL* ssl; - BIO* bio; + SSL_CTX *ctx; + SSL *ssl; + BIO *bio; bool connected; int flags; bool use_blocking; @@ -74,28 +72,28 @@ private: Ref<StreamPeer> base; - static StreamPeerSSL* _create_func(); + static StreamPeerSSL *_create_func(); void _print_error(int err); - static Vector<X509*> certs; + static Vector<X509 *> certs; + + static void _load_certs(const PoolByteArray &p_array); - static void _load_certs(const PoolByteArray& p_array); protected: static void _bind_methods(); -public: - +public: virtual Error accept_stream(Ref<StreamPeer> p_base); - virtual Error connect_to_stream(Ref<StreamPeer> p_base,bool p_validate_certs=false,const String& p_for_hostname=String()); + virtual Error connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs = false, const String &p_for_hostname = String()); virtual Status get_status() const; virtual void disconnect_from_stream(); - virtual Error put_data(const uint8_t* p_data,int p_bytes); - virtual Error put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent); + virtual Error put_data(const uint8_t *p_data, int p_bytes); + virtual Error put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent); - virtual Error get_data(uint8_t* p_buffer, int p_bytes); - virtual Error get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received); + virtual Error get_data(uint8_t *p_buffer, int p_bytes); + virtual Error get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received); virtual int get_available_bytes() const; |