From adba870534bdcdd11f0f344e66090be8e2cd9ae4 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Fri, 20 Jan 2023 01:51:35 +0100 Subject: [NET] Refactor TLS configuration. Use a TLSOptions configuration object which is created via static functions. - "TLSOptions.client": uses the standard CA and common name verification. - "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified) - "TLSOptions.server": is the standard server configuration (chain + key) This will allow us to expand the TLS configuration options to include e.g. mutual authentication without bloating the classes that uses StreamPeerTLS and PacketPeerDTLS as underlying peers. --- platform/web/export/editor_http_server.h | 2 +- platform/web/http_client_web.cpp | 10 +++++----- platform/web/http_client_web.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'platform/web') diff --git a/platform/web/export/editor_http_server.h b/platform/web/export/editor_http_server.h index ce6b0be713..80ff779949 100644 --- a/platform/web/export/editor_http_server.h +++ b/platform/web/export/editor_http_server.h @@ -206,7 +206,7 @@ public: tls = Ref(StreamPeerTLS::create()); peer = tls; tls->set_blocking_handshake_enabled(false); - if (tls->accept_stream(tcp, key, cert) != OK) { + if (tls->accept_stream(tcp, TLSOptions::server(key, cert)) != OK) { _clear_client(); return; } diff --git a/platform/web/http_client_web.cpp b/platform/web/http_client_web.cpp index 31f54dad9f..3e4ba5a2ae 100644 --- a/platform/web/http_client_web.cpp +++ b/platform/web/http_client_web.cpp @@ -37,20 +37,20 @@ void HTTPClientWeb::_parse_headers(int p_len, const char **p_headers, void *p_re } } -Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, bool p_tls, bool p_verify_host) { +Error HTTPClientWeb::connect_to_host(const String &p_host, int p_port, Ref p_tls_options) { + ERR_FAIL_COND_V(p_tls_options.is_valid() && p_tls_options->is_server(), ERR_INVALID_PARAMETER); + close(); - if (p_tls && !p_verify_host) { - WARN_PRINT("Disabling HTTPClientWeb's host verification is not supported for the Web platform, host will be verified"); - } port = p_port; - use_tls = p_tls; + use_tls = p_tls_options.is_valid(); host = p_host; String host_lower = host.to_lower(); if (host_lower.begins_with("http://")) { host = host.substr(7, host.length() - 7); + use_tls = false; } else if (host_lower.begins_with("https://")) { use_tls = true; host = host.substr(8, host.length() - 8); diff --git a/platform/web/http_client_web.h b/platform/web/http_client_web.h index 993ec6c0e2..def7837a27 100644 --- a/platform/web/http_client_web.h +++ b/platform/web/http_client_web.h @@ -86,7 +86,7 @@ public: Error request(Method p_method, const String &p_url, const Vector &p_headers, const uint8_t *p_body, int p_body_size) override; - Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) override; + Error connect_to_host(const String &p_host, int p_port = -1, Ref p_tls_options = Ref()) override; void set_connection(const Ref &p_connection) override; Ref get_connection() const override; void close() override; -- cgit v1.2.3