godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-04 12:00:25 +00:00
Code Releases Wiki Activity

[NET] Refactor TLS configuration.

Browse Source 
Use a TLSOptions configuration object which is created via static
functions.

- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)

This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
This commit is contained in:
Fabio Alessandrelli
2023-01-20 01:51:35 +01:00
parent 2afa175195
commit adba870534
47 changed files with 338 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/websocket/websocket_multiplayer_peer.cpp
View File

@@ -54,11 +54,9 @@ void WebSocketMultiplayerPeer::_clear() {
connection_status = CONNECTION_DISCONNECTED;
unique_id = 0;
peers_map.clear();
use_tls = false;
tcp_server.unref();
pending_peers.clear();
tls_certificate.unref();
tls_key.unref();
tls_server_options.unref();
if (current_packet.data != nullptr) {
memfree(current_packet.data);
current_packet.data = nullptr;
@@ -73,8 +71,8 @@ void WebSocketMultiplayerPeer::_clear() {
}
void WebSocketMultiplayerPeer::_bind_methods() {
ClassDB::bind_method(D_METHOD("create_client", "url", "verify_tls", "tls_certificate"), &WebSocketMultiplayerPeer::create_client, DEFVAL(true), DEFVAL(Ref<X509Certificate>()));
ClassDB::bind_method(D_METHOD("create_server", "port", "bind_address", "tls_key", "tls_certificate"), &WebSocketMultiplayerPeer::create_server, DEFVAL("*"), DEFVAL(Ref<CryptoKey>()), DEFVAL(Ref<X509Certificate>()));
ClassDB::bind_method(D_METHOD("create_client", "url", "tls_client_options"), &WebSocketMultiplayerPeer::create_client, DEFVAL(Ref<TLSOptions>()));
ClassDB::bind_method(D_METHOD("create_server", "port", "bind_address", "tls_server_options"), &WebSocketMultiplayerPeer::create_server, DEFVAL("*"), DEFVAL(Ref<TLSOptions>()));
ClassDB::bind_method(D_METHOD("get_peer", "peer_id"), &WebSocketMultiplayerPeer::get_peer);
ClassDB::bind_method(D_METHOD("get_peer_address", "id"), &WebSocketMultiplayerPeer::get_peer_address);
@@ -179,8 +177,9 @@ int WebSocketMultiplayerPeer::get_max_packet_size() const {
return get_outbound_buffer_size() - PROTO_SIZE;
}
Error WebSocketMultiplayerPeer::create_server(int p_port, IPAddress p_bind_ip, Ref<CryptoKey> p_tls_key, Ref<X509Certificate> p_tls_certificate) {
Error WebSocketMultiplayerPeer::create_server(int p_port, IPAddress p_bind_ip, Ref<TLSOptions> p_options) {
ERR_FAIL_COND_V(get_connection_status() != CONNECTION_DISCONNECTED, ERR_ALREADY_IN_USE);
ERR_FAIL_COND_V(p_options.is_valid() && !p_options->is_server(), ERR_INVALID_PARAMETER);
_clear();
tcp_server.instantiate();
Error err = tcp_server->listen(p_port, p_bind_ip);
@@ -190,20 +189,16 @@ Error WebSocketMultiplayerPeer::create_server(int p_port, IPAddress p_bind_ip, R
}
unique_id = 1;
connection_status = CONNECTION_CONNECTED;
// TLS config
tls_key = p_tls_key;
tls_certificate = p_tls_certificate;
if (tls_key.is_valid() && tls_certificate.is_valid()) {
use_tls = true;
}
tls_server_options = p_options;
return OK;
}
Error WebSocketMultiplayerPeer::create_client(const String &p_url, bool p_verify_tls, Ref<X509Certificate> p_tls_certificate) {
Error WebSocketMultiplayerPeer::create_client(const String &p_url, Ref<TLSOptions> p_options) {
ERR_FAIL_COND_V(get_connection_status() != CONNECTION_DISCONNECTED, ERR_ALREADY_IN_USE);
ERR_FAIL_COND_V(p_options.is_valid() && p_options->is_server(), ERR_INVALID_PARAMETER);
_clear();
Ref<WebSocketPeer> peer = _create_peer();
Error err = peer->connect_to_url(p_url, p_verify_tls, p_tls_certificate);
Error err = peer->connect_to_url(p_url, p_options);
if (err != OK) {
return err;
}
@@ -334,14 +329,14 @@ void WebSocketMultiplayerPeer::_poll_server() {
to_remove.insert(id); // Error.
continue;
}
if (!use_tls) {
if (tls_server_options.is_null()) {
peer.ws = _create_peer();
peer.ws->accept_stream(peer.tcp);
continue;
} else {
if (peer.connection == peer.tcp) {
Ref<StreamPeerTLS> tls = Ref<StreamPeerTLS>(StreamPeerTLS::create());
Error err = tls->accept_stream(peer.tcp, tls_key, tls_certificate);
Error err = tls->accept_stream(peer.tcp, tls_server_options);
if (err != OK) {
to_remove.insert(id);
continue;