diff options
-rw-r--r-- | SConstruct | 2 | ||||
-rw-r--r-- | core/SCsub | 3 | ||||
-rw-r--r-- | core/core_builders.py | 35 | ||||
-rw-r--r-- | core/io/stream_peer_ssl.cpp | 57 | ||||
-rw-r--r-- | core/io/stream_peer_ssl.h | 5 | ||||
-rw-r--r-- | editor/SCsub | 4 | ||||
-rw-r--r-- | editor/editor_builders.py | 26 | ||||
-rw-r--r-- | editor/editor_initialize_ssl.cpp | 48 | ||||
-rw-r--r-- | editor/editor_initialize_ssl.h | 36 | ||||
-rw-r--r-- | editor/editor_node.cpp | 2 | ||||
-rw-r--r-- | editor/editor_settings.cpp | 5 | ||||
-rw-r--r-- | editor/project_manager.cpp | 3 | ||||
-rw-r--r-- | main/main.cpp | 16 | ||||
-rwxr-xr-x | modules/mbedtls/stream_peer_mbed_tls.cpp | 8 |
14 files changed, 105 insertions, 145 deletions
diff --git a/SConstruct b/SConstruct index 3f3976555d..1c55e0be93 100644 --- a/SConstruct +++ b/SConstruct @@ -169,9 +169,11 @@ opts.Add(BoolVariable('progress', "Show a progress indicator during compilation" opts.Add(BoolVariable('dev', "If yes, alias for verbose=yes warnings=all", False)) opts.Add(EnumVariable('macports_clang', "Build using Clang from MacPorts", 'no', ('no', '5.0', 'devel'))) opts.Add(BoolVariable('no_editor_splash', "Don't use the custom splash screen for the editor", False)) +opts.Add('system_certs_path', "Use this path as SSL certificates default for editor (for package maintainers)", '') # Thirdparty libraries opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True)) +opts.Add(BoolVariable('builtin_certs', "Bundle default SSL certificates to be used if you don't specify an override in the project settings", True)) opts.Add(BoolVariable('builtin_enet', "Use the built-in ENet library", True)) opts.Add(BoolVariable('builtin_freetype', "Use the built-in FreeType library", True)) opts.Add(BoolVariable('builtin_libogg', "Use the built-in libogg library", True)) diff --git a/core/SCsub b/core/SCsub index a6365bf925..6746cc871a 100644 --- a/core/SCsub +++ b/core/SCsub @@ -93,6 +93,9 @@ if 'builtin_zstd' in env and env['builtin_zstd']: # Godot's own sources env.add_source_files(env.core_sources, "*.cpp") +# Certificates +env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs']), env.Value(env['system_certs_path'])]) +env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header)) # Make binders env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run)) diff --git a/core/core_builders.py b/core/core_builders.py index 90e505aab9..f3a9e3b221 100644 --- a/core/core_builders.py +++ b/core/core_builders.py @@ -4,7 +4,40 @@ All such functions are invoked in a subprocess on Windows to prevent build flaki """ from platform_methods import subprocess_main -from compat import iteritems, itervalues, open_utf8, escape_string +from compat import iteritems, itervalues, open_utf8, escape_string, byte_to_str + + +def make_certs_header(target, source, env): + + src = source[0] + dst = target[0] + f = open(src, "rb") + g = open_utf8(dst, "w") + buf = f.read() + decomp_size = len(buf) + import zlib + buf = zlib.compress(buf) + + g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") + g.write("#ifndef _CERTS_RAW_H\n") + g.write("#define _CERTS_RAW_H\n") + + # System certs path. Editor will use them if defined. (for package maintainers) + path = env['system_certs_path'] + g.write("#define _SYSTEM_CERTS_PATH \"%s\"\n" % str(path)) + if env['builtin_certs']: + # Defined here and not in env so changing it does not trigger a full rebuild. + g.write("#define BUILTIN_CERTS_ENABLED\n") + g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n") + g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n") + g.write("static const unsigned char _certs_compressed[] = {\n") + for i in range(len(buf)): + g.write("\t" + byte_to_str(buf[i]) + ",\n") + g.write("};\n") + g.write("#endif") + + g.close() + f.close() def make_authors_header(target, source, env): diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp index 1f59021938..8d8682686a 100644 --- a/core/io/stream_peer_ssl.cpp +++ b/core/io/stream_peer_ssl.cpp @@ -30,6 +30,8 @@ #include "stream_peer_ssl.h" +#include "core/io/certs_compressed.gen.h" +#include "core/io/compression.h" #include "core/os/file_access.h" #include "core/project_settings.h" @@ -42,13 +44,20 @@ StreamPeerSSL *StreamPeerSSL::create() { StreamPeerSSL::LoadCertsFromMemory StreamPeerSSL::load_certs_func = NULL; bool StreamPeerSSL::available = false; -bool StreamPeerSSL::initialize_certs = true; void StreamPeerSSL::load_certs_from_memory(const PoolByteArray &p_memory) { if (load_certs_func) load_certs_func(p_memory); } +void StreamPeerSSL::load_certs_from_file(String p_path) { + if (p_path != "") { + PoolByteArray certs = get_cert_file_as_array(p_path); + if (certs.size() > 0) + load_certs_func(certs); + } +} + bool StreamPeerSSL::is_available() { return available; } @@ -61,6 +70,25 @@ bool StreamPeerSSL::is_blocking_handshake_enabled() const { return blocking_handshake; } +PoolByteArray StreamPeerSSL::get_cert_file_as_array(String p_path) { + + PoolByteArray out; + FileAccess *f = FileAccess::open(p_path, FileAccess::READ); + if (f) { + int flen = f->get_len(); + out.resize(flen + 1); + PoolByteArray::Write w = out.write(); + f->get_buffer(w.ptr(), flen); + w[flen] = 0; // Make sure it ends with string terminator + memdelete(f); +#ifdef DEBUG_ENABLED + print_verbose(vformat("Loaded certs from '%s'.", p_path)); +#endif + } + + return out; +} + PoolByteArray StreamPeerSSL::get_project_cert_array() { PoolByteArray out; @@ -68,24 +96,21 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() { ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); if (certs_path != "") { - - FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); - if (f) { - int flen = f->get_len(); - out.resize(flen + 1); - { - PoolByteArray::Write w = out.write(); - f->get_buffer(w.ptr(), flen); - w[flen] = 0; //end f string - } - - memdelete(f); - + // Use certs defined in project settings. + return get_cert_file_as_array(certs_path); + } +#ifdef BUILTIN_CERTS_ENABLED + else { + // Use builtin certs only if user did not override it in project settings. + out.resize(_certs_uncompressed_size + 1); + PoolByteArray::Write w = out.write(); + Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); + w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator #ifdef DEBUG_ENABLED - print_verbose(vformat("Loaded certs from '%s'.", certs_path)); + print_verbose("Loaded builtin certs"); #endif - } } +#endif return out; } diff --git a/core/io/stream_peer_ssl.h b/core/io/stream_peer_ssl.h index f66c1c7de9..8ce36d7e7d 100644 --- a/core/io/stream_peer_ssl.h +++ b/core/io/stream_peer_ssl.h @@ -46,9 +46,6 @@ protected: static LoadCertsFromMemory load_certs_func; static bool available; - friend class Main; - static bool initialize_certs; - bool blocking_handshake; public: @@ -72,7 +69,9 @@ public: static StreamPeerSSL *create(); + static PoolByteArray get_cert_file_as_array(String p_path); static PoolByteArray get_project_cert_array(); + static void load_certs_from_file(String p_path); static void load_certs_from_memory(const PoolByteArray &p_memory); static bool is_available(); diff --git a/editor/SCsub b/editor/SCsub index 6a4b06a97a..82b982eef2 100644 --- a/editor/SCsub +++ b/editor/SCsub @@ -61,10 +61,6 @@ if env['tools']: env.Depends("#editor/doc_data_compressed.gen.h", docs) env.CommandNoCache("#editor/doc_data_compressed.gen.h", docs, run_in_subprocess(editor_builders.make_doc_header)) - # Certificates - env.Depends("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt") - env.CommandNoCache("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(editor_builders.make_certs_header)) - import glob path = env.Dir('.').abspath diff --git a/editor/editor_builders.py b/editor/editor_builders.py index fa037980c2..9e9fe752b4 100644 --- a/editor/editor_builders.py +++ b/editor/editor_builders.py @@ -9,32 +9,6 @@ from platform_methods import subprocess_main from compat import encode_utf8, byte_to_str, open_utf8, escape_string -def make_certs_header(target, source, env): - - src = source[0] - dst = target[0] - f = open(src, "rb") - g = open_utf8(dst, "w") - buf = f.read() - decomp_size = len(buf) - import zlib - buf = zlib.compress(buf) - - g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") - g.write("#ifndef _CERTS_RAW_H\n") - g.write("#define _CERTS_RAW_H\n") - g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n") - g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n") - g.write("static const unsigned char _certs_compressed[] = {\n") - for i in range(len(buf)): - g.write("\t" + byte_to_str(buf[i]) + ",\n") - g.write("};\n") - g.write("#endif") - - g.close() - f.close() - - def make_doc_header(target, source, env): dst = target[0] diff --git a/editor/editor_initialize_ssl.cpp b/editor/editor_initialize_ssl.cpp deleted file mode 100644 index 9f7537cc9a..0000000000 --- a/editor/editor_initialize_ssl.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/*************************************************************************/ -/* editor_initialize_ssl.cpp */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#include "editor_initialize_ssl.h" - -#include "certs_compressed.gen.h" -#include "core/io/compression.h" -#include "core/io/stream_peer_ssl.h" - -void editor_initialize_certificates() { - - PoolByteArray data; - data.resize(_certs_uncompressed_size + 1); - { - PoolByteArray::Write w = data.write(); - Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); - w[_certs_uncompressed_size] = 0; //make sure it ends at zero - } - - StreamPeerSSL::load_certs_from_memory(data); -} diff --git a/editor/editor_initialize_ssl.h b/editor/editor_initialize_ssl.h deleted file mode 100644 index 71d16b8c53..0000000000 --- a/editor/editor_initialize_ssl.h +++ /dev/null @@ -1,36 +0,0 @@ -/*************************************************************************/ -/* editor_initialize_ssl.h */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#ifndef EDITOR_INITIALIZE_SSL_H -#define EDITOR_INITIALIZE_SSL_H - -void editor_initialize_certificates(); - -#endif // EDITOR_INITIALIZE_SSL_H diff --git a/editor/editor_node.cpp b/editor/editor_node.cpp index d8e6f711ff..0ba1ef3b18 100644 --- a/editor/editor_node.cpp +++ b/editor/editor_node.cpp @@ -54,7 +54,6 @@ #include "editor/editor_audio_buses.h" #include "editor/editor_file_system.h" #include "editor/editor_help.h" -#include "editor/editor_initialize_ssl.h" #include "editor/editor_properties.h" #include "editor/editor_settings.h" #include "editor/editor_themes.h" @@ -4686,7 +4685,6 @@ EditorNode::EditorNode() { SceneState::set_disable_placeholders(true); ResourceLoader::clear_translation_remaps(); //no remaps using during editor ResourceLoader::clear_path_remaps(); - editor_initialize_certificates(); //for asset sharing InputDefault *id = Object::cast_to<InputDefault>(Input::get_singleton()); diff --git a/editor/editor_settings.cpp b/editor/editor_settings.cpp index 5d3c6dd087..3e959731fc 100644 --- a/editor/editor_settings.cpp +++ b/editor/editor_settings.cpp @@ -30,6 +30,7 @@ #include "editor_settings.h" +#include "core/io/certs_compressed.gen.h" #include "core/io/compression.h" #include "core/io/config_file.h" #include "core/io/file_access_memory.h" @@ -947,6 +948,10 @@ void EditorSettings::setup_network() { _initial_set("network/debug/remote_port", port); add_property_hint(PropertyInfo(Variant::INT, "network/debug/remote_port", PROPERTY_HINT_RANGE, "1,65535,1")); + + // Editor SSL certificates override + _initial_set("network/ssl/editor_ssl_certificates", _SYSTEM_CERTS_PATH); + add_property_hint(PropertyInfo(Variant::STRING, "network/ssl/editor_ssl_certificates", PROPERTY_HINT_GLOBAL_FILE, "*.crt,*.pem")); } void EditorSettings::save() { diff --git a/editor/project_manager.cpp b/editor/project_manager.cpp index f494c84efa..91ab5b4dff 100644 --- a/editor/project_manager.cpp +++ b/editor/project_manager.cpp @@ -41,7 +41,6 @@ #include "core/translation.h" #include "core/version.h" #include "core/version_hash.gen.h" -#include "editor_initialize_ssl.h" #include "editor_scale.h" #include "editor_settings.h" #include "editor_themes.h" @@ -2059,8 +2058,6 @@ void ProjectListFilter::_bind_methods() { ProjectListFilter::ProjectListFilter() { - editor_initialize_certificates(); //for asset sharing - _current_filter = FILTER_NAME; filter_option = memnew(OptionButton); diff --git a/main/main.cpp b/main/main.cpp index 90d4db2948..db82ff8f6e 100644 --- a/main/main.cpp +++ b/main/main.cpp @@ -73,6 +73,7 @@ #include "editor/doc/doc_data.h" #include "editor/doc/doc_data_class_path.gen.h" #include "editor/editor_node.h" +#include "editor/editor_settings.h" #include "editor/project_manager.h" #endif @@ -756,7 +757,6 @@ Error Main::setup(const char *execpath, int argc, char *argv[], bool p_second_ph if (editor) { packed_data->set_disabled(true); globals->set_disable_feature_overrides(true); - StreamPeerSSL::initialize_certs = false; //will be initialized by editor } #endif @@ -1595,6 +1595,7 @@ bool Main::start() { sml->set_use_font_oversampling(font_oversampling); } else { + GLOBAL_DEF("display/window/stretch/mode", "disabled"); ProjectSettings::get_singleton()->set_custom_property_info("display/window/stretch/mode", PropertyInfo(Variant::STRING, "display/window/stretch/mode", PROPERTY_HINT_ENUM, "disabled,2d,viewport")); GLOBAL_DEF("display/window/stretch/aspect", "ignore"); @@ -1654,6 +1655,10 @@ bool Main::start() { } if (!project_manager && !editor) { // game + + // Load SSL Certificates from Project Settings (or builtin) + StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array()); + if (game_path != "") { Node *scene = NULL; Ref<PackedScene> scenedata = ResourceLoader::load(local_game_path); @@ -1686,6 +1691,15 @@ bool Main::start() { sml->get_root()->add_child(pmanager); OS::get_singleton()->set_context(OS::CONTEXT_PROJECTMAN); } + + if (project_manager || editor) { + // Load SSL Certificates from Editor Settings (or builtin) + String certs = EditorSettings::get_singleton()->get_setting("network/ssl/editor_ssl_certificates").operator String(); + if (certs != "") + StreamPeerSSL::load_certs_from_file(certs); + else + StreamPeerSSL::load_certs_from_memory(StreamPeerSSL::get_project_cert_array()); + } #endif } diff --git a/modules/mbedtls/stream_peer_mbed_tls.cpp b/modules/mbedtls/stream_peer_mbed_tls.cpp index 3398957775..3c04254fd4 100755 --- a/modules/mbedtls/stream_peer_mbed_tls.cpp +++ b/modules/mbedtls/stream_peer_mbed_tls.cpp @@ -317,15 +317,13 @@ void StreamPeerMbedTLS::initialize_ssl() { mbedtls_debug_set_threshold(1); #endif - PoolByteArray cert_array = StreamPeerSSL::get_project_cert_array(); - - if (cert_array.size() > 0) - _load_certs(cert_array); - available = true; } void StreamPeerMbedTLS::finalize_ssl() { + available = false; + _create = NULL; + load_certs_func = NULL; mbedtls_x509_crt_free(&cacert); } |