diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-20 01:51:35 +0100 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-28 11:08:02 +0100 |
| commit | adba870534bdcdd11f0f344e66090be8e2cd9ae4 (patch) | |
| tree | 90a82a28e69cf61b10f210cd02d086cdeb410d95 /modules/websocket/wsl_peer.cpp | |
| parent | 2afa175195d0fc885badb60441bef1b31e5e6d05 (diff) | |
[NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static
functions.
- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)
This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
Diffstat (limited to 'modules/websocket/wsl_peer.cpp')
| -rw-r--r-- | modules/websocket/wsl_peer.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/websocket/wsl_peer.cpp b/modules/websocket/wsl_peer.cpp index 9ba286d5ee..6240f2eaea 100644 --- a/modules/websocket/wsl_peer.cpp +++ b/modules/websocket/wsl_peer.cpp @@ -334,7 +334,7 @@ void WSLPeer::_do_client_handshake() { tls = Ref<StreamPeerTLS>(StreamPeerTLS::create()); ERR_FAIL_COND_MSG(tls.is_null(), "SSL is not available in this build."); tls->set_blocking_handshake_enabled(false); - if (tls->connect_to_stream(tcp, verify_tls, requested_host, tls_cert) != OK) { + if (tls->connect_to_stream(tcp, requested_host, tls_options) != OK) { close(-1); return; // Error. } @@ -476,9 +476,10 @@ bool WSLPeer::_verify_server_response() { return true; } -Error WSLPeer::connect_to_url(const String &p_url, bool p_verify_tls, Ref<X509Certificate> p_cert) { +Error WSLPeer::connect_to_url(const String &p_url, Ref<TLSOptions> p_options) { ERR_FAIL_COND_V(wsl_ctx || tcp.is_valid(), ERR_ALREADY_IN_USE); ERR_FAIL_COND_V(p_url.is_empty(), ERR_INVALID_PARAMETER); + ERR_FAIL_COND_V(p_options.is_valid() && p_options->is_server(), ERR_INVALID_PARAMETER); _clear(); @@ -506,8 +507,13 @@ Error WSLPeer::connect_to_url(const String &p_url, bool p_verify_tls, Ref<X509Ce requested_url = p_url; requested_host = host; - verify_tls = p_verify_tls; - tls_cert = p_cert; + + if (p_options.is_valid()) { + tls_options = p_options; + } else { + tls_options = TLSOptions::client(); + } + tcp.instantiate(); resolver.start(host, port); |