summaryrefslogtreecommitdiff
path: root/platform
diff options
context:
space:
mode:
authorFabio Alessandrelli <fabio.alessandrelli@gmail.com>2023-01-20 01:51:35 +0100
committerFabio Alessandrelli <fabio.alessandrelli@gmail.com>2023-01-28 11:08:02 +0100
commitadba870534bdcdd11f0f344e66090be8e2cd9ae4 (patch)
tree90a82a28e69cf61b10f210cd02d086cdeb410d95 /platform
parent2afa175195d0fc885badb60441bef1b31e5e6d05 (diff)
[NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static functions. - "TLSOptions.client": uses the standard CA and common name verification. - "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified) - "TLSOptions.server": is the standard server configuration (chain + key) This will allow us to expand the TLS configuration options to include e.g. mutual authentication without bloating the classes that uses StreamPeerTLS and PacketPeerDTLS as underlying peers.
Diffstat (limited to 'platform')
-rw-r--r--platform/web/export/editor_http_server.h2
-rw-r--r--platform/web/http_client_web.cpp10
-rw-r--r--platform/web/http_client_web.h2
3 files changed, 7 insertions, 7 deletions
diff --git a/platform/web/export/editor_http_server.h b/platform/web/export/editor_http_server.h
index ce6b0be713..80ff779949 100644
--- a/platform/web/export/editor_http_server.h
+++ b/platform/web/export/editor_http_server.h
@@ -206,7 +206,7 @@ public:
tls = Ref<StreamPeerTLS>(StreamPeerTLS::create());
peer = tls;
tls->set_blocking_handshake_enabled(false);
- if (tls->accept_stream(tcp, key, cert) != OK) {
+ if (tls->accept_stream(tcp, TLSOptions::server(key, cert)) != OK) {
_clear_client();
return;
}
diff --git a/platform/web/http_client_web.cpp b/platform/web/http_client_web.cpp
index 31f54dad9f..3e4ba5a2ae 100644
--- a/platform/web/http_client_web.cpp
+++ b/platform/web/http_client_web.cpp
@@ -37,20 +37,20 @@ void HTTPClientWeb::_parse_headers(int p_len, const char **p_headers, void *p_re
}
}
-Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, bool p_tls, bool p_verify_host) {
+Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, Ref<TLSOptions> p_tls_options) {
+ ERR_FAIL_COND_V(p_tls_options.is_valid() && p_tls_options->is_server(), ERR_INVALID_PARAMETER);
+
close();
- if (p_tls && !p_verify_host) {
- WARN_PRINT("Disabling HTTPClientWeb's host verification is not supported for the Web platform, host will be verified");
- }
port = p_port;
- use_tls = p_tls;
+ use_tls = p_tls_options.is_valid();
host = p_host;
String host_lower = host.to_lower();
if (host_lower.begins_with("http://")) {
host = host.substr(7, host.length() - 7);
+ use_tls = false;
} else if (host_lower.begins_with("https://")) {
use_tls = true;
host = host.substr(8, host.length() - 8);
diff --git a/platform/web/http_client_web.h b/platform/web/http_client_web.h
index 993ec6c0e2..def7837a27 100644
--- a/platform/web/http_client_web.h
+++ b/platform/web/http_client_web.h
@@ -86,7 +86,7 @@ public:
Error request(Method p_method, const String &p_url, const Vector<String> &p_headers, const uint8_t *p_body, int p_body_size) override;
- Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) override;
+ Error connect_to_host(const String &p_host, int p_port = -1, Ref<TLSOptions> p_tls_options = Ref<TLSOptions>()) override;
void set_connection(const Ref<StreamPeer> &p_connection) override;
Ref<StreamPeer> get_connection() const override;
void close() override;