diff options
author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-20 01:51:35 +0100 |
---|---|---|
committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-01-28 11:08:02 +0100 |
commit | adba870534bdcdd11f0f344e66090be8e2cd9ae4 (patch) | |
tree | 90a82a28e69cf61b10f210cd02d086cdeb410d95 /platform | |
parent | 2afa175195d0fc885badb60441bef1b31e5e6d05 (diff) |
[NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static
functions.
- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)
This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
Diffstat (limited to 'platform')
-rw-r--r-- | platform/web/export/editor_http_server.h | 2 | ||||
-rw-r--r-- | platform/web/http_client_web.cpp | 10 | ||||
-rw-r--r-- | platform/web/http_client_web.h | 2 |
3 files changed, 7 insertions, 7 deletions
diff --git a/platform/web/export/editor_http_server.h b/platform/web/export/editor_http_server.h index ce6b0be713..80ff779949 100644 --- a/platform/web/export/editor_http_server.h +++ b/platform/web/export/editor_http_server.h @@ -206,7 +206,7 @@ public: tls = Ref<StreamPeerTLS>(StreamPeerTLS::create()); peer = tls; tls->set_blocking_handshake_enabled(false); - if (tls->accept_stream(tcp, key, cert) != OK) { + if (tls->accept_stream(tcp, TLSOptions::server(key, cert)) != OK) { _clear_client(); return; } diff --git a/platform/web/http_client_web.cpp b/platform/web/http_client_web.cpp index 31f54dad9f..3e4ba5a2ae 100644 --- a/platform/web/http_client_web.cpp +++ b/platform/web/http_client_web.cpp @@ -37,20 +37,20 @@ void HTTPClientWeb::_parse_headers(int p_len, const char **p_headers, void *p_re } } -Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, bool p_tls, bool p_verify_host) { +Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, Ref<TLSOptions> p_tls_options) { + ERR_FAIL_COND_V(p_tls_options.is_valid() && p_tls_options->is_server(), ERR_INVALID_PARAMETER); + close(); - if (p_tls && !p_verify_host) { - WARN_PRINT("Disabling HTTPClientWeb's host verification is not supported for the Web platform, host will be verified"); - } port = p_port; - use_tls = p_tls; + use_tls = p_tls_options.is_valid(); host = p_host; String host_lower = host.to_lower(); if (host_lower.begins_with("http://")) { host = host.substr(7, host.length() - 7); + use_tls = false; } else if (host_lower.begins_with("https://")) { use_tls = true; host = host.substr(8, host.length() - 8); diff --git a/platform/web/http_client_web.h b/platform/web/http_client_web.h index 993ec6c0e2..def7837a27 100644 --- a/platform/web/http_client_web.h +++ b/platform/web/http_client_web.h @@ -86,7 +86,7 @@ public: Error request(Method p_method, const String &p_url, const Vector<String> &p_headers, const uint8_t *p_body, int p_body_size) override; - Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) override; + Error connect_to_host(const String &p_host, int p_port = -1, Ref<TLSOptions> p_tls_options = Ref<TLSOptions>()) override; void set_connection(const Ref<StreamPeer> &p_connection) override; Ref<StreamPeer> get_connection() const override; void close() override; |