diff options
Diffstat (limited to 'modules')
21 files changed, 160 insertions, 160 deletions
diff --git a/modules/mbedtls/crypto_mbedtls.h b/modules/mbedtls/crypto_mbedtls.h index 5ba7e9cbf6..f129ef6f11 100644 --- a/modules/mbedtls/crypto_mbedtls.h +++ b/modules/mbedtls/crypto_mbedtls.h @@ -39,7 +39,7 @@ #include <mbedtls/ssl.h> class CryptoMbedTLS; -class SSLContextMbedTLS; +class TLSContextMbedTLS; class CryptoKeyMbedTLS : public CryptoKey { private: mbedtls_pk_context pkey; @@ -69,7 +69,7 @@ public: _FORCE_INLINE_ void unlock() { locks--; } friend class CryptoMbedTLS; - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; }; class X509CertificateMbedTLS : public X509Certificate { @@ -98,7 +98,7 @@ public: _FORCE_INLINE_ void unlock() { locks--; } friend class CryptoMbedTLS; - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; }; class HMACContextMbedTLS : public HMACContext { diff --git a/modules/mbedtls/dtls_server_mbedtls.h b/modules/mbedtls/dtls_server_mbedtls.h index a6626c9f65..0c9f10b5ed 100644 --- a/modules/mbedtls/dtls_server_mbedtls.h +++ b/modules/mbedtls/dtls_server_mbedtls.h @@ -32,7 +32,7 @@ #define DTLS_SERVER_MBEDTLS_H #include "core/io/dtls_server.h" -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" class DTLSServerMbedTLS : public DTLSServer { private: diff --git a/modules/mbedtls/packet_peer_mbed_dtls.cpp b/modules/mbedtls/packet_peer_mbed_dtls.cpp index 78a06ff4a1..e84d95773d 100644 --- a/modules/mbedtls/packet_peer_mbed_dtls.cpp +++ b/modules/mbedtls/packet_peer_mbed_dtls.cpp @@ -79,7 +79,7 @@ int PacketPeerMbedDTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { } void PacketPeerMbedDTLS::_cleanup() { - ssl_ctx->clear(); + tls_ctx->clear(); base = Ref<PacketPeer>(); status = STATUS_DISCONNECTED; } @@ -91,16 +91,16 @@ int PacketPeerMbedDTLS::_set_cookie() { uint16_t port = base->get_packet_port(); memcpy(client_id, addr.get_ipv6(), 16); memcpy(&client_id[16], (uint8_t *)&port, 2); - return mbedtls_ssl_set_client_transport_id(ssl_ctx->get_context(), client_id, 18); + return mbedtls_ssl_set_client_transport_id(tls_ctx->get_context(), client_id, 18); } Error PacketPeerMbedDTLS::_do_handshake() { int ret = 0; - while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) { + while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret != MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { ERR_PRINT("TLS handshake error: " + itos(ret)); - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } _cleanup(); status = STATUS_ERROR; @@ -121,12 +121,12 @@ Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_vali int ret = 0; int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; - Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs); + Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs); ERR_FAIL_COND_V(err != OK, err); - mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data()); - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); - mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); + mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data()); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); status = STATUS_HANDSHAKING; @@ -139,13 +139,13 @@ Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_vali } Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain, Ref<CookieContextMbedTLS> p_cookies) { - Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies); + Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies); ERR_FAIL_COND_V(err != OK, err); base = p_base; base->set_blocking_mode(false); - mbedtls_ssl_session_reset(ssl_ctx->get_context()); + mbedtls_ssl_session_reset(tls_ctx->get_context()); int ret = _set_cookie(); if (ret != 0) { @@ -153,8 +153,8 @@ Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey> ERR_FAIL_V_MSG(FAILED, "Error setting DTLS client cookie"); } - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); - mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); status = STATUS_HANDSHAKING; @@ -173,11 +173,11 @@ Error PacketPeerMbedDTLS::put_packet(const uint8_t *p_buffer, int p_bytes) { return OK; } - int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_buffer, p_bytes); + int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_buffer, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); _cleanup(); return ERR_CONNECTION_ERROR; } @@ -190,7 +190,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) { r_bytes = 0; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret <= 0) { @@ -200,7 +200,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) { } else { _cleanup(); status = STATUS_ERROR; - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } return ERR_CONNECTION_ERROR; } @@ -220,7 +220,7 @@ void PacketPeerMbedDTLS::poll() { ERR_FAIL_COND(!base.is_valid()); - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), nullptr, 0); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), nullptr, 0); if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { @@ -229,7 +229,7 @@ void PacketPeerMbedDTLS::poll() { } else { _cleanup(); status = STATUS_ERROR; - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } } } @@ -237,7 +237,7 @@ void PacketPeerMbedDTLS::poll() { int PacketPeerMbedDTLS::get_available_packet_count() const { ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0); - return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl)) > 0 ? 1 : 0; + return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls)) > 0 ? 1 : 0; } int PacketPeerMbedDTLS::get_max_packet_size() const { @@ -245,7 +245,7 @@ int PacketPeerMbedDTLS::get_max_packet_size() const { } PacketPeerMbedDTLS::PacketPeerMbedDTLS() { - ssl_ctx.instantiate(); + tls_ctx.instantiate(); } PacketPeerMbedDTLS::~PacketPeerMbedDTLS() { @@ -261,7 +261,7 @@ void PacketPeerMbedDTLS::disconnect_from_peer() { int ret = 0; // Send SSL close notification, blocking, but ignore other errors. do { - ret = mbedtls_ssl_close_notify(ssl_ctx->get_context()); + ret = mbedtls_ssl_close_notify(tls_ctx->get_context()); } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); } diff --git a/modules/mbedtls/packet_peer_mbed_dtls.h b/modules/mbedtls/packet_peer_mbed_dtls.h index 5f2f42cd30..cc79057d67 100644 --- a/modules/mbedtls/packet_peer_mbed_dtls.h +++ b/modules/mbedtls/packet_peer_mbed_dtls.h @@ -32,7 +32,7 @@ #define PACKET_PEER_MBED_DTLS_H #include "core/io/packet_peer_dtls.h" -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" #include <mbedtls/timing.h> @@ -56,7 +56,7 @@ private: void _cleanup(); protected: - Ref<SSLContextMbedTLS> ssl_ctx; + Ref<TLSContextMbedTLS> tls_ctx; mbedtls_timing_delay_context timer; Error _do_handshake(); diff --git a/modules/mbedtls/register_types.cpp b/modules/mbedtls/register_types.cpp index 2d4a18b3fc..675091b617 100644 --- a/modules/mbedtls/register_types.cpp +++ b/modules/mbedtls/register_types.cpp @@ -45,7 +45,7 @@ void initialize_mbedtls_module(ModuleInitializationLevel p_level) { } CryptoMbedTLS::initialize_crypto(); - StreamPeerMbedTLS::initialize_ssl(); + StreamPeerMbedTLS::initialize_tls(); PacketPeerMbedDTLS::initialize_dtls(); DTLSServerMbedTLS::initialize(); } @@ -57,6 +57,6 @@ void uninitialize_mbedtls_module(ModuleInitializationLevel p_level) { DTLSServerMbedTLS::finalize(); PacketPeerMbedDTLS::finalize_dtls(); - StreamPeerMbedTLS::finalize_ssl(); + StreamPeerMbedTLS::finalize_tls(); CryptoMbedTLS::finalize_crypto(); } diff --git a/modules/mbedtls/stream_peer_mbedtls.cpp b/modules/mbedtls/stream_peer_mbedtls.cpp index 0bf4ca7032..a97c6bd916 100644 --- a/modules/mbedtls/stream_peer_mbedtls.cpp +++ b/modules/mbedtls/stream_peer_mbedtls.cpp @@ -74,18 +74,18 @@ int StreamPeerMbedTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { } void StreamPeerMbedTLS::_cleanup() { - ssl_ctx->clear(); + tls_ctx->clear(); base = Ref<StreamPeer>(); status = STATUS_DISCONNECTED; } Error StreamPeerMbedTLS::_do_handshake() { int ret = 0; - while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) { + while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { // An error occurred. ERR_PRINT("TLS handshake error: " + itos(ret)); - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); status = STATUS_ERROR; return FAILED; @@ -108,11 +108,11 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida base = p_base; int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; - Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs); + Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs); ERR_FAIL_COND_V(err != OK, err); - mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data()); - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data()); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); status = STATUS_HANDSHAKING; @@ -127,12 +127,12 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida Error StreamPeerMbedTLS::accept_stream(Ref<StreamPeer> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain) { ERR_FAIL_COND_V(p_base.is_null(), ERR_INVALID_PARAMETER); - Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert); + Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert); ERR_FAIL_COND_V(err != OK, err); base = p_base; - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); status = STATUS_HANDSHAKING; @@ -173,7 +173,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in return OK; } - int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_data, p_bytes); + int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_data, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { // Non blocking IO ret = 0; @@ -182,7 +182,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in disconnect_from_stream(); return ERR_FILE_EOF; } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } @@ -216,7 +216,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r r_received = 0; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), p_buffer, p_bytes); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), p_buffer, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { @@ -224,7 +224,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r disconnect_from_stream(); return ERR_FILE_EOF; } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } @@ -245,7 +245,7 @@ void StreamPeerMbedTLS::poll() { // We could pass nullptr as second parameter, but some behaviour sanitizers don't seem to like that. // Passing a 1 byte buffer to workaround it. uint8_t byte; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), &byte, 0); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), &byte, 0); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { // Nothing to read/write (non blocking IO) @@ -254,7 +254,7 @@ void StreamPeerMbedTLS::poll() { disconnect_from_stream(); return; } else if (ret < 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return; } @@ -269,11 +269,11 @@ void StreamPeerMbedTLS::poll() { int StreamPeerMbedTLS::get_available_bytes() const { ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0); - return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl)); + return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls)); } StreamPeerMbedTLS::StreamPeerMbedTLS() { - ssl_ctx.instantiate(); + tls_ctx.instantiate(); } StreamPeerMbedTLS::~StreamPeerMbedTLS() { @@ -288,7 +288,7 @@ void StreamPeerMbedTLS::disconnect_from_stream() { Ref<StreamPeerTCP> tcp = base; if (tcp.is_valid() && tcp->get_status() == StreamPeerTCP::STATUS_CONNECTED) { // We are still connected on the socket, try to send close notify. - mbedtls_ssl_close_notify(ssl_ctx->get_context()); + mbedtls_ssl_close_notify(tls_ctx->get_context()); } _cleanup(); @@ -306,12 +306,12 @@ StreamPeerTLS *StreamPeerMbedTLS::_create_func() { return memnew(StreamPeerMbedTLS); } -void StreamPeerMbedTLS::initialize_ssl() { +void StreamPeerMbedTLS::initialize_tls() { _create = _create_func; available = true; } -void StreamPeerMbedTLS::finalize_ssl() { +void StreamPeerMbedTLS::finalize_tls() { available = false; _create = nullptr; } diff --git a/modules/mbedtls/stream_peer_mbedtls.h b/modules/mbedtls/stream_peer_mbedtls.h index 12d06d05ed..9219269539 100644 --- a/modules/mbedtls/stream_peer_mbedtls.h +++ b/modules/mbedtls/stream_peer_mbedtls.h @@ -32,7 +32,7 @@ #define STREAM_PEER_MBEDTLS_H #include "core/io/stream_peer_tls.h" -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" class StreamPeerMbedTLS : public StreamPeerTLS { private: @@ -48,7 +48,7 @@ private: void _cleanup(); protected: - Ref<SSLContextMbedTLS> ssl_ctx; + Ref<TLSContextMbedTLS> tls_ctx; Error _do_handshake(); @@ -69,8 +69,8 @@ public: virtual int get_available_bytes() const; - static void initialize_ssl(); - static void finalize_ssl(); + static void initialize_tls(); + static void finalize_tls(); StreamPeerMbedTLS(); ~StreamPeerMbedTLS(); diff --git a/modules/mbedtls/ssl_context_mbedtls.cpp b/modules/mbedtls/tls_context_mbedtls.cpp index e2dad074cc..1ae7bc0436 100644 --- a/modules/mbedtls/ssl_context_mbedtls.cpp +++ b/modules/mbedtls/tls_context_mbedtls.cpp @@ -1,5 +1,5 @@ /*************************************************************************/ -/* ssl_context_mbedtls.cpp */ +/* tls_context_mbedtls.cpp */ /*************************************************************************/ /* This file is part of: */ /* GODOT ENGINE */ @@ -28,7 +28,7 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" static void my_debug(void *ctx, int level, const char *file, int line, @@ -37,7 +37,7 @@ static void my_debug(void *ctx, int level, fflush(stdout); } -void SSLContextMbedTLS::print_mbedtls_error(int p_ret) { +void TLSContextMbedTLS::print_mbedtls_error(int p_ret) { printf("mbedtls error: returned -0x%x\n\n", -p_ret); fflush(stdout); } @@ -82,12 +82,12 @@ CookieContextMbedTLS::~CookieContextMbedTLS() { clear(); } -/// SSLContextMbedTLS +/// TLSContextMbedTLS -Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) { +Error TLSContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) { ERR_FAIL_COND_V_MSG(inited, ERR_ALREADY_IN_USE, "This SSL context is already active"); - mbedtls_ssl_init(&ssl); + mbedtls_ssl_init(&tls); mbedtls_ssl_config_init(&conf); mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); @@ -110,7 +110,7 @@ Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) return OK; } -Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) { +Error TLSContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) { ERR_FAIL_COND_V(!p_pkey.is_valid(), ERR_INVALID_PARAMETER); ERR_FAIL_COND_V(!p_cert.is_valid(), ERR_INVALID_PARAMETER); @@ -146,11 +146,11 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto cookies = p_cookies; mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx)); } - mbedtls_ssl_setup(&ssl, &conf); + mbedtls_ssl_setup(&tls, &conf); return OK; } -Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { +Error TLSContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode); ERR_FAIL_COND_V(err != OK, err); @@ -172,15 +172,15 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce // Set valid CAs mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), nullptr); - mbedtls_ssl_setup(&ssl, &conf); + mbedtls_ssl_setup(&tls, &conf); return OK; } -void SSLContextMbedTLS::clear() { +void TLSContextMbedTLS::clear() { if (!inited) { return; } - mbedtls_ssl_free(&ssl); + mbedtls_ssl_free(&tls); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); @@ -198,14 +198,14 @@ void SSLContextMbedTLS::clear() { inited = false; } -mbedtls_ssl_context *SSLContextMbedTLS::get_context() { +mbedtls_ssl_context *TLSContextMbedTLS::get_context() { ERR_FAIL_COND_V(!inited, nullptr); - return &ssl; + return &tls; } -SSLContextMbedTLS::SSLContextMbedTLS() { +TLSContextMbedTLS::TLSContextMbedTLS() { } -SSLContextMbedTLS::~SSLContextMbedTLS() { +TLSContextMbedTLS::~TLSContextMbedTLS() { clear(); } diff --git a/modules/mbedtls/ssl_context_mbedtls.h b/modules/mbedtls/tls_context_mbedtls.h index 5883388311..5e7b3dc46e 100644 --- a/modules/mbedtls/ssl_context_mbedtls.h +++ b/modules/mbedtls/tls_context_mbedtls.h @@ -1,5 +1,5 @@ /*************************************************************************/ -/* ssl_context_mbedtls.h */ +/* tls_context_mbedtls.h */ /*************************************************************************/ /* This file is part of: */ /* GODOT ENGINE */ @@ -28,8 +28,8 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#ifndef SSL_CONTEXT_MBEDTLS_H -#define SSL_CONTEXT_MBEDTLS_H +#ifndef TLS_CONTEXT_MBEDTLS_H +#define TLS_CONTEXT_MBEDTLS_H #include "crypto_mbedtls.h" @@ -44,10 +44,10 @@ #include <mbedtls/ssl.h> #include <mbedtls/ssl_cookie.h> -class SSLContextMbedTLS; +class TLSContextMbedTLS; class CookieContextMbedTLS : public RefCounted { - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; protected: bool inited = false; @@ -63,7 +63,7 @@ public: ~CookieContextMbedTLS(); }; -class SSLContextMbedTLS : public RefCounted { +class TLSContextMbedTLS : public RefCounted { protected: bool inited = false; @@ -73,7 +73,7 @@ public: Ref<X509CertificateMbedTLS> certs; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; + mbedtls_ssl_context tls; mbedtls_ssl_config conf; Ref<CookieContextMbedTLS> cookies; @@ -86,8 +86,8 @@ public: mbedtls_ssl_context *get_context(); - SSLContextMbedTLS(); - ~SSLContextMbedTLS(); + TLSContextMbedTLS(); + ~TLSContextMbedTLS(); }; -#endif // SSL_CONTEXT_MBEDTLS_H +#endif // TLS_CONTEXT_MBEDTLS_H diff --git a/modules/websocket/doc_classes/WebSocketClient.xml b/modules/websocket/doc_classes/WebSocketClient.xml index 7d73194ea9..1978d2e7c6 100644 --- a/modules/websocket/doc_classes/WebSocketClient.xml +++ b/modules/websocket/doc_classes/WebSocketClient.xml @@ -24,8 +24,8 @@ If [code]true[/code] is passed as [code]gd_mp_api[/code], the client will behave like a multiplayer peer for the [MultiplayerAPI], connections to non-Godot servers will not work, and [signal data_received] will not be emitted. If [code]false[/code] is passed instead (default), you must call [PacketPeer] functions ([code]put_packet[/code], [code]get_packet[/code], etc.) on the [WebSocketPeer] returned via [code]get_peer(1)[/code] and not on this object directly (e.g. [code]get_peer(1).put_packet(data)[/code]). You can optionally pass a list of [code]custom_headers[/code] to be added to the handshake HTTP request. - [b]Note:[/b] To avoid mixed content warnings or errors in Web, you may have to use a [code]url[/code] that starts with [code]wss://[/code] (secure) instead of [code]ws://[/code]. When doing so, make sure to use the fully qualified domain name that matches the one defined in the server's SSL certificate. Do not connect directly via the IP address for [code]wss://[/code] connections, as it won't match with the SSL certificate. - [b]Note:[/b] Specifying [code]custom_headers[/code] is not supported in Web exports due to browsers restrictions. + [b]Note:[/b] To avoid mixed content warnings or errors in Web, you may have to use a [code]url[/code] that starts with [code]wss://[/code] (secure) instead of [code]ws://[/code]. When doing so, make sure to use the fully qualified domain name that matches the one defined in the server's TLS certificate. Do not connect directly via the IP address for [code]wss://[/code] connections, as it won't match with the TLS certificate. + [b]Note:[/b] Specifying [code]custom_headers[/code] is not supported in Web exports due to browsers' restrictions. </description> </method> <method name="disconnect_from_host"> @@ -50,12 +50,12 @@ </method> </methods> <members> - <member name="trusted_ssl_certificate" type="X509Certificate" setter="set_trusted_ssl_certificate" getter="get_trusted_ssl_certificate"> - If specified, this [X509Certificate] will be the only one accepted when connecting to an SSL host. Any other certificate provided by the server will be regarded as invalid. - [b]Note:[/b] Specifying a custom [code]trusted_ssl_certificate[/code] is not supported in Web exports due to browsers restrictions. + <member name="trusted_tls_certificate" type="X509Certificate" setter="set_trusted_tls_certificate" getter="get_trusted_tls_certificate"> + If specified, this [X509Certificate] will be the only one accepted when connecting to an TLS host. Any other certificate provided by the server will be regarded as invalid. + [b]Note:[/b] Specifying a custom [code]trusted_tls_certificate[/code] is not supported in Web exports due to browsers' restrictions. </member> - <member name="verify_ssl" type="bool" setter="set_verify_ssl_enabled" getter="is_verify_ssl_enabled"> - If [code]true[/code], SSL certificate verification is enabled. + <member name="verify_tls" type="bool" setter="set_verify_tls_enabled" getter="is_verify_tls_enabled"> + If [code]true[/code], TLS certificate verification is enabled. [b]Note:[/b] You must specify the certificates to be used in the Project Settings for it to work when exported. </member> </members> diff --git a/modules/websocket/doc_classes/WebSocketServer.xml b/modules/websocket/doc_classes/WebSocketServer.xml index 19c36700e6..07a55b73f1 100644 --- a/modules/websocket/doc_classes/WebSocketServer.xml +++ b/modules/websocket/doc_classes/WebSocketServer.xml @@ -79,16 +79,16 @@ When not set to [code]*[/code] will restrict incoming connections to the specified IP address. Setting [code]bind_ip[/code] to [code]127.0.0.1[/code] will cause the server to listen only to the local host. </member> <member name="ca_chain" type="X509Certificate" setter="set_ca_chain" getter="get_ca_chain"> - When using SSL (see [member private_key] and [member ssl_certificate]), you can set this to a valid [X509Certificate] to be provided as additional CA chain information during the SSL handshake. + When using TLS (see [member private_key] and [member tls_certificate]), you can set this to a valid [X509Certificate] to be provided as additional CA chain information during the TLS handshake. </member> <member name="handshake_timeout" type="float" setter="set_handshake_timeout" getter="get_handshake_timeout" default="3.0"> The time in seconds before a pending client (i.e. a client that has not yet finished the HTTP handshake) is considered stale and forcefully disconnected. </member> <member name="private_key" type="CryptoKey" setter="set_private_key" getter="get_private_key"> - When set to a valid [CryptoKey] (along with [member ssl_certificate]) will cause the server to require SSL instead of regular TCP (i.e. the [code]wss://[/code] protocol). + When set to a valid [CryptoKey] (along with [member tls_certificate]) will cause the server to require TLS instead of regular TCP (i.e. the [code]wss://[/code] protocol). </member> - <member name="ssl_certificate" type="X509Certificate" setter="set_ssl_certificate" getter="get_ssl_certificate"> - When set to a valid [X509Certificate] (along with [member private_key]) will cause the server to require SSL instead of regular TCP (i.e. the [code]wss://[/code] protocol). + <member name="tls_certificate" type="X509Certificate" setter="set_tls_certificate" getter="get_tls_certificate"> + When set to a valid [X509Certificate] (along with [member private_key]) will cause the server to require TLS instead of regular TCP (i.e. the [code]wss://[/code] protocol). </member> </members> <signals> diff --git a/modules/websocket/emws_client.cpp b/modules/websocket/emws_client.cpp index 65e0703c00..933a1f43e9 100644 --- a/modules/websocket/emws_client.cpp +++ b/modules/websocket/emws_client.cpp @@ -65,7 +65,7 @@ void EMWSClient::_esws_on_close(void *obj, int code, const char *reason, int was client->_on_disconnect(was_clean != 0); } -Error EMWSClient::connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, const Vector<String> p_protocols, const Vector<String> p_custom_headers) { +Error EMWSClient::connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_tls, const Vector<String> p_protocols, const Vector<String> p_custom_headers) { if (_js_id) { godot_js_websocket_destroy(_js_id); _js_id = 0; @@ -84,9 +84,9 @@ Error EMWSClient::connect_to_host(String p_host, String p_path, uint16_t p_port, if (p_custom_headers.size()) { WARN_PRINT_ONCE("Custom headers are not supported in Web platform."); } - if (p_ssl) { + if (p_tls) { str = "wss://"; - if (ssl_cert.is_valid()) { + if (tls_cert.is_valid()) { WARN_PRINT_ONCE("Custom SSL certificate is not supported in Web platform."); } } diff --git a/modules/websocket/emws_client.h b/modules/websocket/emws_client.h index ff63a76753..cdcec31e19 100644 --- a/modules/websocket/emws_client.h +++ b/modules/websocket/emws_client.h @@ -54,7 +54,7 @@ private: public: Error set_buffers(int p_in_buffer, int p_in_packets, int p_out_buffer, int p_out_packets) override; - Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) override; + Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_tls, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) override; Ref<WebSocketPeer> get_peer(int p_peer_id) const override; void disconnect_from_host(int p_code = 1000, String p_reason = "") override; IPAddress get_connected_host() const override; diff --git a/modules/websocket/websocket_client.cpp b/modules/websocket/websocket_client.cpp index 2734b4b88f..0b2d5d1918 100644 --- a/modules/websocket/websocket_client.cpp +++ b/modules/websocket/websocket_client.cpp @@ -48,34 +48,34 @@ Error WebSocketClient::connect_to_url(String p_url, const Vector<String> p_proto Error err = p_url.parse_url(scheme, host, port, path); ERR_FAIL_COND_V_MSG(err != OK, err, "Invalid URL: " + p_url); - bool ssl = false; + bool tls = false; if (scheme == "wss://") { - ssl = true; + tls = true; } if (port == 0) { - port = ssl ? 443 : 80; + port = tls ? 443 : 80; } if (path.is_empty()) { path = "/"; } - return connect_to_host(host, path, port, ssl, p_protocols, p_custom_headers); + return connect_to_host(host, path, port, tls, p_protocols, p_custom_headers); } -void WebSocketClient::set_verify_ssl_enabled(bool p_verify_ssl) { - verify_ssl = p_verify_ssl; +void WebSocketClient::set_verify_tls_enabled(bool p_verify_tls) { + verify_tls = p_verify_tls; } -bool WebSocketClient::is_verify_ssl_enabled() const { - return verify_ssl; +bool WebSocketClient::is_verify_tls_enabled() const { + return verify_tls; } -Ref<X509Certificate> WebSocketClient::get_trusted_ssl_certificate() const { - return ssl_cert; +Ref<X509Certificate> WebSocketClient::get_trusted_tls_certificate() const { + return tls_cert; } -void WebSocketClient::set_trusted_ssl_certificate(Ref<X509Certificate> p_cert) { +void WebSocketClient::set_trusted_tls_certificate(Ref<X509Certificate> p_cert) { ERR_FAIL_COND(get_connection_status() != CONNECTION_DISCONNECTED); - ssl_cert = p_cert; + tls_cert = p_cert; } bool WebSocketClient::is_server() const { @@ -123,15 +123,15 @@ void WebSocketClient::_bind_methods() { ClassDB::bind_method(D_METHOD("disconnect_from_host", "code", "reason"), &WebSocketClient::disconnect_from_host, DEFVAL(1000), DEFVAL("")); ClassDB::bind_method(D_METHOD("get_connected_host"), &WebSocketClient::get_connected_host); ClassDB::bind_method(D_METHOD("get_connected_port"), &WebSocketClient::get_connected_port); - ClassDB::bind_method(D_METHOD("set_verify_ssl_enabled", "enabled"), &WebSocketClient::set_verify_ssl_enabled); - ClassDB::bind_method(D_METHOD("is_verify_ssl_enabled"), &WebSocketClient::is_verify_ssl_enabled); + ClassDB::bind_method(D_METHOD("set_verify_tls_enabled", "enabled"), &WebSocketClient::set_verify_tls_enabled); + ClassDB::bind_method(D_METHOD("is_verify_tls_enabled"), &WebSocketClient::is_verify_tls_enabled); - ADD_PROPERTY(PropertyInfo(Variant::BOOL, "verify_ssl", PROPERTY_HINT_NONE, "", PROPERTY_USAGE_NONE), "set_verify_ssl_enabled", "is_verify_ssl_enabled"); + ADD_PROPERTY(PropertyInfo(Variant::BOOL, "verify_tls", PROPERTY_HINT_NONE, "", PROPERTY_USAGE_NONE), "set_verify_tls_enabled", "is_verify_tls_enabled"); - ClassDB::bind_method(D_METHOD("get_trusted_ssl_certificate"), &WebSocketClient::get_trusted_ssl_certificate); - ClassDB::bind_method(D_METHOD("set_trusted_ssl_certificate", "cert"), &WebSocketClient::set_trusted_ssl_certificate); + ClassDB::bind_method(D_METHOD("get_trusted_tls_certificate"), &WebSocketClient::get_trusted_tls_certificate); + ClassDB::bind_method(D_METHOD("set_trusted_tls_certificate", "cert"), &WebSocketClient::set_trusted_tls_certificate); - ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "trusted_ssl_certificate", PROPERTY_HINT_RESOURCE_TYPE, "X509Certificate", PROPERTY_USAGE_NONE), "set_trusted_ssl_certificate", "get_trusted_ssl_certificate"); + ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "trusted_tls_certificate", PROPERTY_HINT_RESOURCE_TYPE, "X509Certificate", PROPERTY_USAGE_NONE), "set_trusted_tls_certificate", "get_trusted_tls_certificate"); ADD_SIGNAL(MethodInfo("data_received")); ADD_SIGNAL(MethodInfo("connection_established", PropertyInfo(Variant::STRING, "protocol"))); diff --git a/modules/websocket/websocket_client.h b/modules/websocket/websocket_client.h index d6c072ae16..e747aee4e4 100644 --- a/modules/websocket/websocket_client.h +++ b/modules/websocket/websocket_client.h @@ -42,20 +42,20 @@ class WebSocketClient : public WebSocketMultiplayerPeer { protected: Ref<WebSocketPeer> _peer; - bool verify_ssl = true; - Ref<X509Certificate> ssl_cert; + bool verify_tls = true; + Ref<X509Certificate> tls_cert; static void _bind_methods(); public: Error connect_to_url(String p_url, const Vector<String> p_protocols = Vector<String>(), bool gd_mp_api = false, const Vector<String> p_custom_headers = Vector<String>()); - void set_verify_ssl_enabled(bool p_verify_ssl); - bool is_verify_ssl_enabled() const; - Ref<X509Certificate> get_trusted_ssl_certificate() const; - void set_trusted_ssl_certificate(Ref<X509Certificate> p_cert); + void set_verify_tls_enabled(bool p_verify_tls); + bool is_verify_tls_enabled() const; + Ref<X509Certificate> get_trusted_tls_certificate() const; + void set_trusted_tls_certificate(Ref<X509Certificate> p_cert); - virtual Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) = 0; + virtual Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_tls, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) = 0; virtual void disconnect_from_host(int p_code = 1000, String p_reason = "") = 0; virtual IPAddress get_connected_host() const = 0; virtual uint16_t get_connected_port() const = 0; diff --git a/modules/websocket/websocket_server.cpp b/modules/websocket/websocket_server.cpp index b7851b02c4..25a6e420fc 100644 --- a/modules/websocket/websocket_server.cpp +++ b/modules/websocket/websocket_server.cpp @@ -58,9 +58,9 @@ void WebSocketServer::_bind_methods() { ClassDB::bind_method(D_METHOD("set_private_key", "key"), &WebSocketServer::set_private_key); ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "private_key", PROPERTY_HINT_RESOURCE_TYPE, "CryptoKey", PROPERTY_USAGE_NONE), "set_private_key", "get_private_key"); - ClassDB::bind_method(D_METHOD("get_ssl_certificate"), &WebSocketServer::get_ssl_certificate); - ClassDB::bind_method(D_METHOD("set_ssl_certificate", "cert"), &WebSocketServer::set_ssl_certificate); - ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "ssl_certificate", PROPERTY_HINT_RESOURCE_TYPE, "X509Certificate", PROPERTY_USAGE_NONE), "set_ssl_certificate", "get_ssl_certificate"); + ClassDB::bind_method(D_METHOD("get_tls_certificate"), &WebSocketServer::get_tls_certificate); + ClassDB::bind_method(D_METHOD("set_tls_certificate", "cert"), &WebSocketServer::set_tls_certificate); + ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "tls_certificate", PROPERTY_HINT_RESOURCE_TYPE, "X509Certificate", PROPERTY_USAGE_NONE), "set_tls_certificate", "get_tls_certificate"); ClassDB::bind_method(D_METHOD("get_ca_chain"), &WebSocketServer::get_ca_chain); ClassDB::bind_method(D_METHOD("set_ca_chain", "ca_chain"), &WebSocketServer::set_ca_chain); @@ -95,13 +95,13 @@ void WebSocketServer::set_private_key(Ref<CryptoKey> p_key) { private_key = p_key; } -Ref<X509Certificate> WebSocketServer::get_ssl_certificate() const { - return ssl_cert; +Ref<X509Certificate> WebSocketServer::get_tls_certificate() const { + return tls_cert; } -void WebSocketServer::set_ssl_certificate(Ref<X509Certificate> p_cert) { +void WebSocketServer::set_tls_certificate(Ref<X509Certificate> p_cert) { ERR_FAIL_COND(is_listening()); - ssl_cert = p_cert; + tls_cert = p_cert; } Ref<X509Certificate> WebSocketServer::get_ca_chain() const { diff --git a/modules/websocket/websocket_server.h b/modules/websocket/websocket_server.h index ac04c4e57e..de23ee884d 100644 --- a/modules/websocket/websocket_server.h +++ b/modules/websocket/websocket_server.h @@ -46,7 +46,7 @@ protected: static void _bind_methods(); Ref<CryptoKey> private_key; - Ref<X509Certificate> ssl_cert; + Ref<X509Certificate> tls_cert; Ref<X509Certificate> ca_chain; uint32_t handshake_timeout = 3000; @@ -74,8 +74,8 @@ public: Ref<CryptoKey> get_private_key() const; void set_private_key(Ref<CryptoKey> p_key); - Ref<X509Certificate> get_ssl_certificate() const; - void set_ssl_certificate(Ref<X509Certificate> p_cert); + Ref<X509Certificate> get_tls_certificate() const; + void set_tls_certificate(Ref<X509Certificate> p_cert); Ref<X509Certificate> get_ca_chain() const; void set_ca_chain(Ref<X509Certificate> p_ca_chain); diff --git a/modules/websocket/wsl_client.cpp b/modules/websocket/wsl_client.cpp index 290108706b..50ef53e267 100644 --- a/modules/websocket/wsl_client.cpp +++ b/modules/websocket/wsl_client.cpp @@ -161,7 +161,7 @@ bool WSLClient::_verify_headers(String &r_protocol) { return true; } -Error WSLClient::connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, const Vector<String> p_protocols, const Vector<String> p_custom_headers) { +Error WSLClient::connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_tls, const Vector<String> p_protocols, const Vector<String> p_custom_headers) { ERR_FAIL_COND_V(_connection.is_valid(), ERR_ALREADY_IN_USE); ERR_FAIL_COND_V(p_path.is_empty(), ERR_INVALID_PARAMETER); @@ -196,7 +196,7 @@ Error WSLClient::connect_to_host(String p_host, String p_path, uint16_t p_port, return err; } _connection = _tcp; - _use_ssl = p_ssl; + _use_tls = p_tls; _host = p_host; _port = p_port; // Strip edges from protocols. @@ -209,7 +209,7 @@ Error WSLClient::connect_to_host(String p_host, String p_path, uint16_t p_port, _key = WSLPeer::generate_key(); String request = "GET " + p_path + " HTTP/1.1\r\n"; String port = ""; - if ((p_port != 80 && !p_ssl) || (p_port != 443 && p_ssl)) { + if ((p_port != 80 && !p_tls) || (p_port != 443 && p_tls)) { port = ":" + itos(p_port); } request += "Host: " + p_host + port + "\r\n"; @@ -288,27 +288,27 @@ void WSLClient::poll() { break; case StreamPeerTCP::STATUS_CONNECTED: { _ip_candidates.clear(); - Ref<StreamPeerTLS> ssl; - if (_use_ssl) { + Ref<StreamPeerTLS> tls; + if (_use_tls) { if (_connection == _tcp) { // Start SSL handshake - ssl = Ref<StreamPeerTLS>(StreamPeerTLS::create()); - ERR_FAIL_COND_MSG(ssl.is_null(), "SSL is not available in this build."); - ssl->set_blocking_handshake_enabled(false); - if (ssl->connect_to_stream(_tcp, verify_ssl, _host, ssl_cert) != OK) { + tls = Ref<StreamPeerTLS>(StreamPeerTLS::create()); + ERR_FAIL_COND_MSG(tls.is_null(), "SSL is not available in this build."); + tls->set_blocking_handshake_enabled(false); + if (tls->connect_to_stream(_tcp, verify_tls, _host, tls_cert) != OK) { disconnect_from_host(); _on_error(); return; } - _connection = ssl; + _connection = tls; } else { - ssl = static_cast<Ref<StreamPeerTLS>>(_connection); - ERR_FAIL_COND(ssl.is_null()); // Bug? - ssl->poll(); + tls = static_cast<Ref<StreamPeerTLS>>(_connection); + ERR_FAIL_COND(tls.is_null()); // Bug? + tls->poll(); } - if (ssl->get_status() == StreamPeerTLS::STATUS_HANDSHAKING) { + if (tls->get_status() == StreamPeerTLS::STATUS_HANDSHAKING) { return; // Need more polling. - } else if (ssl->get_status() != StreamPeerTLS::STATUS_CONNECTED) { + } else if (tls->get_status() != StreamPeerTLS::STATUS_CONNECTED) { disconnect_from_host(); _on_error(); return; // Error. @@ -356,7 +356,7 @@ void WSLClient::disconnect_from_host(int p_code, String p_reason) { _key = ""; _host = ""; _protocols.clear(); - _use_ssl = false; + _use_tls = false; _request = ""; _requested = 0; diff --git a/modules/websocket/wsl_client.h b/modules/websocket/wsl_client.h index dc4397f04a..dfb989fdd3 100644 --- a/modules/websocket/wsl_client.h +++ b/modules/websocket/wsl_client.h @@ -65,7 +65,7 @@ private: uint16_t _port = 0; Array _ip_candidates; Vector<String> _protocols; - bool _use_ssl = false; + bool _use_tls = false; IP::ResolverID _resolver_id = IP::RESOLVER_INVALID_ID; void _do_handshake(); @@ -73,7 +73,7 @@ private: public: Error set_buffers(int p_in_buffer, int p_in_packets, int p_out_buffer, int p_out_packets) override; - Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_ssl, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) override; + Error connect_to_host(String p_host, String p_path, uint16_t p_port, bool p_tls, const Vector<String> p_protocol = Vector<String>(), const Vector<String> p_custom_headers = Vector<String>()) override; int get_max_packet_size() const override; Ref<WebSocketPeer> get_peer(int p_peer_id) const override; void disconnect_from_host(int p_code = 1000, String p_reason = "") override; diff --git a/modules/websocket/wsl_server.cpp b/modules/websocket/wsl_server.cpp index ddef360cf5..01dcd53839 100644 --- a/modules/websocket/wsl_server.cpp +++ b/modules/websocket/wsl_server.cpp @@ -102,16 +102,16 @@ Error WSLServer::PendingPeer::do_handshake(const Vector<String> p_protocols, uin return ERR_TIMEOUT; } - if (use_ssl) { - Ref<StreamPeerTLS> ssl = static_cast<Ref<StreamPeerTLS>>(connection); - if (ssl.is_null()) { + if (use_tls) { + Ref<StreamPeerTLS> tls = static_cast<Ref<StreamPeerTLS>>(connection); + if (tls.is_null()) { ERR_FAIL_V_MSG(ERR_BUG, "Couldn't get StreamPeerTLS for WebSocket handshake."); } - ssl->poll(); - if (ssl->get_status() == StreamPeerTLS::STATUS_HANDSHAKING) { + tls->poll(); + if (tls->get_status() == StreamPeerTLS::STATUS_HANDSHAKING) { return ERR_BUSY; - } else if (ssl->get_status() != StreamPeerTLS::STATUS_CONNECTED) { - print_verbose(vformat("WebSocket SSL connection error during handshake (StreamPeerTLS status code %d).", ssl->get_status())); + } else if (tls->get_status() != StreamPeerTLS::STATUS_CONNECTED) { + print_verbose(vformat("WebSocket SSL connection error during handshake (StreamPeerTLS status code %d).", tls->get_status())); return FAILED; } } @@ -247,12 +247,12 @@ void WSLServer::poll() { } Ref<PendingPeer> peer = memnew(PendingPeer); - if (private_key.is_valid() && ssl_cert.is_valid()) { - Ref<StreamPeerTLS> ssl = Ref<StreamPeerTLS>(StreamPeerTLS::create()); - ssl->set_blocking_handshake_enabled(false); - ssl->accept_stream(conn, private_key, ssl_cert, ca_chain); - peer->connection = ssl; - peer->use_ssl = true; + if (private_key.is_valid() && tls_cert.is_valid()) { + Ref<StreamPeerTLS> tls = Ref<StreamPeerTLS>(StreamPeerTLS::create()); + tls->set_blocking_handshake_enabled(false); + tls->accept_stream(conn, private_key, tls_cert, ca_chain); + peer->connection = tls; + peer->use_tls = true; } else { peer->connection = conn; } diff --git a/modules/websocket/wsl_server.h b/modules/websocket/wsl_server.h index ce91cfe888..df0c1dc68a 100644 --- a/modules/websocket/wsl_server.h +++ b/modules/websocket/wsl_server.h @@ -51,7 +51,7 @@ private: public: Ref<StreamPeerTCP> tcp; Ref<StreamPeer> connection; - bool use_ssl = false; + bool use_tls = false; uint64_t time = 0; uint8_t req_buf[WSL_MAX_HEADER_SIZE] = {}; |