diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/SCsub | 3 | ||||
| -rw-r--r-- | core/core_builders.py | 35 | ||||
| -rw-r--r-- | core/io/http_client.cpp | 4 | ||||
| -rw-r--r-- | core/io/stream_peer_ssl.cpp | 57 | ||||
| -rw-r--r-- | core/io/stream_peer_ssl.h | 5 |
5 files changed, 82 insertions, 22 deletions
diff --git a/core/SCsub b/core/SCsub index a6365bf925..6746cc871a 100644 --- a/core/SCsub +++ b/core/SCsub @@ -93,6 +93,9 @@ if 'builtin_zstd' in env and env['builtin_zstd']: # Godot's own sources env.add_source_files(env.core_sources, "*.cpp") +# Certificates +env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs']), env.Value(env['system_certs_path'])]) +env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header)) # Make binders env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run)) diff --git a/core/core_builders.py b/core/core_builders.py index 90e505aab9..f3a9e3b221 100644 --- a/core/core_builders.py +++ b/core/core_builders.py @@ -4,7 +4,40 @@ All such functions are invoked in a subprocess on Windows to prevent build flaki """ from platform_methods import subprocess_main -from compat import iteritems, itervalues, open_utf8, escape_string +from compat import iteritems, itervalues, open_utf8, escape_string, byte_to_str + + +def make_certs_header(target, source, env): + + src = source[0] + dst = target[0] + f = open(src, "rb") + g = open_utf8(dst, "w") + buf = f.read() + decomp_size = len(buf) + import zlib + buf = zlib.compress(buf) + + g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") + g.write("#ifndef _CERTS_RAW_H\n") + g.write("#define _CERTS_RAW_H\n") + + # System certs path. Editor will use them if defined. (for package maintainers) + path = env['system_certs_path'] + g.write("#define _SYSTEM_CERTS_PATH \"%s\"\n" % str(path)) + if env['builtin_certs']: + # Defined here and not in env so changing it does not trigger a full rebuild. + g.write("#define BUILTIN_CERTS_ENABLED\n") + g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n") + g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n") + g.write("static const unsigned char _certs_compressed[] = {\n") + for i in range(len(buf)): + g.write("\t" + byte_to_str(buf[i]) + ",\n") + g.write("};\n") + g.write("#endif") + + g.close() + f.close() def make_authors_header(target, source, env): diff --git a/core/io/http_client.cpp b/core/io/http_client.cpp index de0b6860f9..80a281a21d 100644 --- a/core/io/http_client.cpp +++ b/core/io/http_client.cpp @@ -668,11 +668,11 @@ Error HTTPClient::_get_http_data(uint8_t *p_buffer, int p_bytes, int &r_received // We can't use StreamPeer.get_data, since when reaching EOF we will get an // error without knowing how many bytes we received. Error err = ERR_FILE_EOF; - int read; + int read = 0; int left = p_bytes; r_received = 0; while (left > 0) { - err = connection->get_partial_data(p_buffer, left, read); + err = connection->get_partial_data(p_buffer + r_received, left, read); if (err == OK) { r_received += read; } else if (err == ERR_FILE_EOF) { diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp index 1f59021938..8d8682686a 100644 --- a/core/io/stream_peer_ssl.cpp +++ b/core/io/stream_peer_ssl.cpp @@ -30,6 +30,8 @@ #include "stream_peer_ssl.h" +#include "core/io/certs_compressed.gen.h" +#include "core/io/compression.h" #include "core/os/file_access.h" #include "core/project_settings.h" @@ -42,13 +44,20 @@ StreamPeerSSL *StreamPeerSSL::create() { StreamPeerSSL::LoadCertsFromMemory StreamPeerSSL::load_certs_func = NULL; bool StreamPeerSSL::available = false; -bool StreamPeerSSL::initialize_certs = true; void StreamPeerSSL::load_certs_from_memory(const PoolByteArray &p_memory) { if (load_certs_func) load_certs_func(p_memory); } +void StreamPeerSSL::load_certs_from_file(String p_path) { + if (p_path != "") { + PoolByteArray certs = get_cert_file_as_array(p_path); + if (certs.size() > 0) + load_certs_func(certs); + } +} + bool StreamPeerSSL::is_available() { return available; } @@ -61,6 +70,25 @@ bool StreamPeerSSL::is_blocking_handshake_enabled() const { return blocking_handshake; } +PoolByteArray StreamPeerSSL::get_cert_file_as_array(String p_path) { + + PoolByteArray out; + FileAccess *f = FileAccess::open(p_path, FileAccess::READ); + if (f) { + int flen = f->get_len(); + out.resize(flen + 1); + PoolByteArray::Write w = out.write(); + f->get_buffer(w.ptr(), flen); + w[flen] = 0; // Make sure it ends with string terminator + memdelete(f); +#ifdef DEBUG_ENABLED + print_verbose(vformat("Loaded certs from '%s'.", p_path)); +#endif + } + + return out; +} + PoolByteArray StreamPeerSSL::get_project_cert_array() { PoolByteArray out; @@ -68,24 +96,21 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() { ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); if (certs_path != "") { - - FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); - if (f) { - int flen = f->get_len(); - out.resize(flen + 1); - { - PoolByteArray::Write w = out.write(); - f->get_buffer(w.ptr(), flen); - w[flen] = 0; //end f string - } - - memdelete(f); - + // Use certs defined in project settings. + return get_cert_file_as_array(certs_path); + } +#ifdef BUILTIN_CERTS_ENABLED + else { + // Use builtin certs only if user did not override it in project settings. + out.resize(_certs_uncompressed_size + 1); + PoolByteArray::Write w = out.write(); + Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); + w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator #ifdef DEBUG_ENABLED - print_verbose(vformat("Loaded certs from '%s'.", certs_path)); + print_verbose("Loaded builtin certs"); #endif - } } +#endif return out; } diff --git a/core/io/stream_peer_ssl.h b/core/io/stream_peer_ssl.h index f66c1c7de9..8ce36d7e7d 100644 --- a/core/io/stream_peer_ssl.h +++ b/core/io/stream_peer_ssl.h @@ -46,9 +46,6 @@ protected: static LoadCertsFromMemory load_certs_func; static bool available; - friend class Main; - static bool initialize_certs; - bool blocking_handshake; public: @@ -72,7 +69,9 @@ public: static StreamPeerSSL *create(); + static PoolByteArray get_cert_file_as_array(String p_path); static PoolByteArray get_project_cert_array(); + static void load_certs_from_file(String p_path); static void load_certs_from_memory(const PoolByteArray &p_memory); static bool is_available(); |