From adba870534bdcdd11f0f344e66090be8e2cd9ae4 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Fri, 20 Jan 2023 01:51:35 +0100 Subject: [NET] Refactor TLS configuration. Use a TLSOptions configuration object which is created via static functions. - "TLSOptions.client": uses the standard CA and common name verification. - "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified) - "TLSOptions.server": is the standard server configuration (chain + key) This will allow us to expand the TLS configuration options to include e.g. mutual authentication without bloating the classes that uses StreamPeerTLS and PacketPeerDTLS as underlying peers. --- core/io/http_client_tcp.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'core/io/http_client_tcp.h') diff --git a/core/io/http_client_tcp.h b/core/io/http_client_tcp.h index 97ac2d76a7..6060c975bc 100644 --- a/core/io/http_client_tcp.h +++ b/core/io/http_client_tcp.h @@ -33,6 +33,8 @@ #include "http_client.h" +#include "core/crypto/crypto.h" + class HTTPClientTCP : public HTTPClient { private: Status status = STATUS_DISCONNECTED; @@ -46,11 +48,10 @@ private: String http_proxy_host; int https_proxy_port = -1; // Proxy server for https requests. String https_proxy_host; - bool tls = false; - bool tls_verify_host = false; bool blocking = false; bool handshaking = false; bool head_request = false; + Ref tls_options; Vector response_str; @@ -79,7 +80,7 @@ public: Error request(Method p_method, const String &p_url, const Vector &p_headers, const uint8_t *p_body, int p_body_size) override; - Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) override; + Error connect_to_host(const String &p_host, int p_port = -1, Ref p_tls_options = Ref()) override; void set_connection(const Ref &p_connection) override; Ref get_connection() const override; void close() override; -- cgit v1.2.3