godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-12 13:20:55 +00:00
Code Releases Wiki Activity

mbedtls: Don't set TLS max version on Mbed TLS < 3.0

Browse Source 
Relevant for Linux distribution packages which may link against system Mbed TLS.

Fixes #102957.
This commit is contained in:
Rémi Verschelde
2025-02-17 17:51:08 +01:00
parent 93d2706930
commit 5f8b5a34c6
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/classes/ProjectSettings.xml
View File

@@ -2207,6 +2207,7 @@
<member name="network/tls/enable_tls_v1.3" type="bool" setter="" getter="" default="false"> <member name="network/tls/enable_tls_v1.3" type="bool" setter="" getter="" default="false">
If [code]true[/code], enable TLSv1.3 negotiation. If [code]true[/code], enable TLSv1.3 negotiation.
[b]Note:[/b] This is experimental, and may cause connections to fail in some cases (notably, if the remote server uses TLS handshake fragmentation). [b]Note:[/b] This is experimental, and may cause connections to fail in some cases (notably, if the remote server uses TLS handshake fragmentation).
[b]Note:[/b] Only supported when using Mbed TLS 3.0 or later (Linux distribution packages may be compiled against older system Mbed TLS packages), otherwise the maximum supported TLS version is always TLSv1.2.
</member> </member>
<member name="physics/2d/default_angular_damp" type="float" setter="" getter="" default="1.0"> <member name="physics/2d/default_angular_damp" type="float" setter="" getter="" default="1.0">
The default rotational motion damping in 2D. Damping is used to gradually slow down physical objects over time. RigidBodies will fall back to this value when combining their own damping values and no area damping value is present. The default rotational motion damping in 2D. Damping is used to gradually slow down physical objects over time. RigidBodies will fall back to this value when combining their own damping values and no area damping value is present.

4
modules/mbedtls/tls_context_mbedtls.cpp
View File

@@ -147,9 +147,11 @@ Error TLSContextMbedTLS::init_server(int p_transport, Ref<TLSOptions> p_options,
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx)); mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx));
} }
#if MBEDTLS_VERSION_MAJOR >= 3
if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) { if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
} }
#endif
mbedtls_ssl_setup(&tls, &conf); mbedtls_ssl_setup(&tls, &conf);
return OK; return OK;
@@ -194,9 +196,11 @@ Error TLSContextMbedTLS::init_client(int p_transport, const String &p_hostname,
} }
} }
#if MBEDTLS_VERSION_MAJOR >= 3
if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) { if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
} }
#endif
// Set valid CAs // Set valid CAs
mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), nullptr); mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), nullptr);