WebSocketClient can now use custom SSL certificate

Via the `trusted_ssl_certificate` property.

4 files changed, 26 insertions, 2 deletions

diff --git a/modules/websocket/emws_client.cpp b/modules/websocket/emws_client.cpp
index a59dd16360..dddda0682d 100644
--- a/modules/websocket/emws_client.cpp
+++ b/modules/websocket/emws_client.cpp
@@ -69,8 +69,12 @@ Error EMWSClient::connect_to_host(String p_host, String p_path, uint16_t p_port,
 	String proto_string = p_protocols.join(",");
 	String str = "ws://";
 
-	if (p_ssl)
+	if (p_ssl) {
 		str = "wss://";
+		if (ssl_cert.is_valid()) {
+			WARN_PRINT_ONCE("Custom SSL certificate is not supported in HTML5 platform.");
+		}
+	}
 	str += p_host + ":" + itos(p_port) + p_path;
 
 	_is_connecting = true;
diff --git a/modules/websocket/websocket_client.cpp b/modules/websocket/websocket_client.cpp
index 8f03efdd83..df6578e8bb 100644
--- a/modules/websocket/websocket_client.cpp
+++ b/modules/websocket/websocket_client.cpp
@@ -85,6 +85,17 @@ bool WebSocketClient::is_verify_ssl_enabled() const {
 	return verify_ssl;
 }
 
+Ref<X509Certificate> WebSocketClient::get_trusted_ssl_certificate() const {
+
+	return ssl_cert;
+}
+
+void WebSocketClient::set_trusted_ssl_certificate(Ref<X509Certificate> p_cert) {
+
+	ERR_FAIL_COND(get_connection_status() != CONNECTION_DISCONNECTED);
+	ssl_cert = p_cert;
+}
+
 bool WebSocketClient::is_server() const {
 
 	return false;
@@ -141,6 +152,11 @@ void WebSocketClient::_bind_methods() {
 
 	ADD_PROPERTY(PropertyInfo(Variant::BOOL, "verify_ssl", PROPERTY_HINT_NONE, "", 0), "set_verify_ssl_enabled", "is_verify_ssl_enabled");
 
+	ClassDB::bind_method(D_METHOD("get_trusted_ssl_certificate"), &WebSocketClient::get_trusted_ssl_certificate);
+	ClassDB::bind_method(D_METHOD("set_trusted_ssl_certificate"), &WebSocketClient::set_trusted_ssl_certificate);
+
+	ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "trusted_ssl_certificate", PROPERTY_HINT_RESOURCE_TYPE, "X509Certificate", 0), "set_trusted_ssl_certificate", "get_trusted_ssl_certificate");
+
 	ADD_SIGNAL(MethodInfo("data_received"));
 	ADD_SIGNAL(MethodInfo("connection_established", PropertyInfo(Variant::STRING, "protocol")));
 	ADD_SIGNAL(MethodInfo("server_close_request", PropertyInfo(Variant::INT, "code"), PropertyInfo(Variant::STRING, "reason")));
diff --git a/modules/websocket/websocket_client.h b/modules/websocket/websocket_client.h
index 7ddb9468a5..8241914bd6 100644
--- a/modules/websocket/websocket_client.h
+++ b/modules/websocket/websocket_client.h
@@ -31,6 +31,7 @@
 #ifndef WEBSOCKET_CLIENT_H
 #define WEBSOCKET_CLIENT_H
 
+#include "core/crypto/crypto.h"
 #include "core/error_list.h"
 #include "websocket_multiplayer_peer.h"
 #include "websocket_peer.h"
@@ -43,6 +44,7 @@ class WebSocketClient : public WebSocketMultiplayerPeer {
 protected:
 	Ref<WebSocketPeer> _peer;
 	bool verify_ssl;
+	Ref<X509Certificate> ssl_cert;
 
 	static void _bind_methods();
 
@@ -51,6 +53,8 @@ public:
 
 	void set_verify_ssl_enabled(bool p_verify_ssl);
 	bool is_verify_ssl_enabled() const;
+	Ref<X509Certificate> get_trusted_ssl_certificate() const;
+	void set_trusted_ssl_certificate(Ref<X509Certificate> p_cert);
 
 	virtual void poll() = 0;
 	virtual Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, PoolVector<String> p_protocol = PoolVector<String>()) = 0;
diff --git a/modules/websocket/wsl_client.cpp b/modules/websocket/wsl_client.cpp
index 5f254eb9e6..2e9daeb875 100644
--- a/modules/websocket/wsl_client.cpp
+++ b/modules/websocket/wsl_client.cpp
@@ -237,7 +237,7 @@ void WSLClient::poll() {
 					ssl = Ref<StreamPeerSSL>(StreamPeerSSL::create());
 					ERR_FAIL_COND_MSG(ssl.is_null(), "SSL is not available in this build.");
 					ssl->set_blocking_handshake_enabled(false);
-					if (ssl->connect_to_stream(_tcp, verify_ssl, _host) != OK) {
+					if (ssl->connect_to_stream(_tcp, verify_ssl, _host, ssl_cert) != OK) {
 						disconnect_from_host();
 						_on_error();
 						return;