[Net] Rename "ssl" references to "tls" in methods and members.
This commit is contained in:
Fabio Alessandrelli
@ -39,7 +39,7 @@
|
||||
#include <mbedtls/ssl.h>
|
||||
|
||||
class CryptoMbedTLS;
|
||||
class SSLContextMbedTLS;
|
||||
class TLSContextMbedTLS;
|
||||
class CryptoKeyMbedTLS : public CryptoKey {
|
||||
private:
|
||||
mbedtls_pk_context pkey;
|
||||
@ -69,7 +69,7 @@ public:
|
||||
_FORCE_INLINE_ void unlock() { locks--; }
|
||||
|
||||
friend class CryptoMbedTLS;
|
||||
friend class SSLContextMbedTLS;
|
||||
friend class TLSContextMbedTLS;
|
||||
};
|
||||
|
||||
class X509CertificateMbedTLS : public X509Certificate {
|
||||
@ -98,7 +98,7 @@ public:
|
||||
_FORCE_INLINE_ void unlock() { locks--; }
|
||||
|
||||
friend class CryptoMbedTLS;
|
||||
friend class SSLContextMbedTLS;
|
||||
friend class TLSContextMbedTLS;
|
||||
};
|
||||
|
||||
class HMACContextMbedTLS : public HMACContext {
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
#define DTLS_SERVER_MBEDTLS_H
|
||||
|
||||
#include "core/io/dtls_server.h"
|
||||
#include "ssl_context_mbedtls.h"
|
||||
#include "tls_context_mbedtls.h"
|
||||
|
||||
class DTLSServerMbedTLS : public DTLSServer {
|
||||
private:
|
||||
|
||||
@ -79,7 +79,7 @@ int PacketPeerMbedDTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) {
|
||||
}
|
||||
|
||||
void PacketPeerMbedDTLS::_cleanup() {
|
||||
ssl_ctx->clear();
|
||||
tls_ctx->clear();
|
||||
base = Ref<PacketPeer>();
|
||||
status = STATUS_DISCONNECTED;
|
||||
}
|
||||
@ -91,16 +91,16 @@ int PacketPeerMbedDTLS::_set_cookie() {
|
||||
uint16_t port = base->get_packet_port();
|
||||
memcpy(client_id, addr.get_ipv6(), 16);
|
||||
memcpy(&client_id[16], (uint8_t *)&port, 2);
|
||||
return mbedtls_ssl_set_client_transport_id(ssl_ctx->get_context(), client_id, 18);
|
||||
return mbedtls_ssl_set_client_transport_id(tls_ctx->get_context(), client_id, 18);
|
||||
}
|
||||
|
||||
Error PacketPeerMbedDTLS::_do_handshake() {
|
||||
int ret = 0;
|
||||
while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) {
|
||||
while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
if (ret != MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
|
||||
ERR_PRINT("TLS handshake error: " + itos(ret));
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
}
|
||||
_cleanup();
|
||||
status = STATUS_ERROR;
|
||||
@ -121,12 +121,12 @@ Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_vali
|
||||
int ret = 0;
|
||||
int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE;
|
||||
|
||||
Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs);
|
||||
Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs);
|
||||
ERR_FAIL_COND_V(err != OK, err);
|
||||
|
||||
mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data());
|
||||
mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
|
||||
mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data());
|
||||
mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
|
||||
|
||||
status = STATUS_HANDSHAKING;
|
||||
|
||||
@ -139,13 +139,13 @@ Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_vali
|
||||
}
|
||||
|
||||
Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain, Ref<CookieContextMbedTLS> p_cookies) {
|
||||
Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies);
|
||||
Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies);
|
||||
ERR_FAIL_COND_V(err != OK, err);
|
||||
|
||||
base = p_base;
|
||||
base->set_blocking_mode(false);
|
||||
|
||||
mbedtls_ssl_session_reset(ssl_ctx->get_context());
|
||||
mbedtls_ssl_session_reset(tls_ctx->get_context());
|
||||
|
||||
int ret = _set_cookie();
|
||||
if (ret != 0) {
|
||||
@ -153,8 +153,8 @@ Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey>
|
||||
ERR_FAIL_V_MSG(FAILED, "Error setting DTLS client cookie");
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
|
||||
mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
|
||||
|
||||
status = STATUS_HANDSHAKING;
|
||||
|
||||
@ -173,11 +173,11 @@ Error PacketPeerMbedDTLS::put_packet(const uint8_t *p_buffer, int p_bytes) {
|
||||
return OK;
|
||||
}
|
||||
|
||||
int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_buffer, p_bytes);
|
||||
int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_buffer, p_bytes);
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
ret = 0; // non blocking io
|
||||
} else if (ret <= 0) {
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
_cleanup();
|
||||
return ERR_CONNECTION_ERROR;
|
||||
}
|
||||
@ -190,7 +190,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) {
|
||||
|
||||
r_bytes = 0;
|
||||
|
||||
int ret = mbedtls_ssl_read(ssl_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE);
|
||||
int ret = mbedtls_ssl_read(tls_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE);
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
ret = 0; // non blocking io
|
||||
} else if (ret <= 0) {
|
||||
@ -200,7 +200,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) {
|
||||
} else {
|
||||
_cleanup();
|
||||
status = STATUS_ERROR;
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
}
|
||||
return ERR_CONNECTION_ERROR;
|
||||
}
|
||||
@ -220,7 +220,7 @@ void PacketPeerMbedDTLS::poll() {
|
||||
|
||||
ERR_FAIL_COND(!base.is_valid());
|
||||
|
||||
int ret = mbedtls_ssl_read(ssl_ctx->get_context(), nullptr, 0);
|
||||
int ret = mbedtls_ssl_read(tls_ctx->get_context(), nullptr, 0);
|
||||
|
||||
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
|
||||
@ -229,7 +229,7 @@ void PacketPeerMbedDTLS::poll() {
|
||||
} else {
|
||||
_cleanup();
|
||||
status = STATUS_ERROR;
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -237,7 +237,7 @@ void PacketPeerMbedDTLS::poll() {
|
||||
int PacketPeerMbedDTLS::get_available_packet_count() const {
|
||||
ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0);
|
||||
|
||||
return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl)) > 0 ? 1 : 0;
|
||||
return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls)) > 0 ? 1 : 0;
|
||||
}
|
||||
|
||||
int PacketPeerMbedDTLS::get_max_packet_size() const {
|
||||
@ -245,7 +245,7 @@ int PacketPeerMbedDTLS::get_max_packet_size() const {
|
||||
}
|
||||
|
||||
PacketPeerMbedDTLS::PacketPeerMbedDTLS() {
|
||||
ssl_ctx.instantiate();
|
||||
tls_ctx.instantiate();
|
||||
}
|
||||
|
||||
PacketPeerMbedDTLS::~PacketPeerMbedDTLS() {
|
||||
@ -261,7 +261,7 @@ void PacketPeerMbedDTLS::disconnect_from_peer() {
|
||||
int ret = 0;
|
||||
// Send SSL close notification, blocking, but ignore other errors.
|
||||
do {
|
||||
ret = mbedtls_ssl_close_notify(ssl_ctx->get_context());
|
||||
ret = mbedtls_ssl_close_notify(tls_ctx->get_context());
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
#define PACKET_PEER_MBED_DTLS_H
|
||||
|
||||
#include "core/io/packet_peer_dtls.h"
|
||||
#include "ssl_context_mbedtls.h"
|
||||
#include "tls_context_mbedtls.h"
|
||||
|
||||
#include <mbedtls/timing.h>
|
||||
|
||||
@ -56,7 +56,7 @@ private:
|
||||
void _cleanup();
|
||||
|
||||
protected:
|
||||
Ref<SSLContextMbedTLS> ssl_ctx;
|
||||
Ref<TLSContextMbedTLS> tls_ctx;
|
||||
mbedtls_timing_delay_context timer;
|
||||
|
||||
Error _do_handshake();
|
||||
|
||||
@ -45,7 +45,7 @@ void initialize_mbedtls_module(ModuleInitializationLevel p_level) {
|
||||
}
|
||||
|
||||
CryptoMbedTLS::initialize_crypto();
|
||||
StreamPeerMbedTLS::initialize_ssl();
|
||||
StreamPeerMbedTLS::initialize_tls();
|
||||
PacketPeerMbedDTLS::initialize_dtls();
|
||||
DTLSServerMbedTLS::initialize();
|
||||
}
|
||||
@ -57,6 +57,6 @@ void uninitialize_mbedtls_module(ModuleInitializationLevel p_level) {
|
||||
|
||||
DTLSServerMbedTLS::finalize();
|
||||
PacketPeerMbedDTLS::finalize_dtls();
|
||||
StreamPeerMbedTLS::finalize_ssl();
|
||||
StreamPeerMbedTLS::finalize_tls();
|
||||
CryptoMbedTLS::finalize_crypto();
|
||||
}
|
||||
|
||||
@ -74,18 +74,18 @@ int StreamPeerMbedTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) {
|
||||
}
|
||||
|
||||
void StreamPeerMbedTLS::_cleanup() {
|
||||
ssl_ctx->clear();
|
||||
tls_ctx->clear();
|
||||
base = Ref<StreamPeer>();
|
||||
status = STATUS_DISCONNECTED;
|
||||
}
|
||||
|
||||
Error StreamPeerMbedTLS::_do_handshake() {
|
||||
int ret = 0;
|
||||
while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) {
|
||||
while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
// An error occurred.
|
||||
ERR_PRINT("TLS handshake error: " + itos(ret));
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
disconnect_from_stream();
|
||||
status = STATUS_ERROR;
|
||||
return FAILED;
|
||||
@ -108,11 +108,11 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida
|
||||
base = p_base;
|
||||
int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE;
|
||||
|
||||
Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs);
|
||||
Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs);
|
||||
ERR_FAIL_COND_V(err != OK, err);
|
||||
|
||||
mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data());
|
||||
mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data());
|
||||
mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
|
||||
status = STATUS_HANDSHAKING;
|
||||
|
||||
@ -127,12 +127,12 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida
|
||||
Error StreamPeerMbedTLS::accept_stream(Ref<StreamPeer> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain) {
|
||||
ERR_FAIL_COND_V(p_base.is_null(), ERR_INVALID_PARAMETER);
|
||||
|
||||
Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert);
|
||||
Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert);
|
||||
ERR_FAIL_COND_V(err != OK, err);
|
||||
|
||||
base = p_base;
|
||||
|
||||
mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr);
|
||||
|
||||
status = STATUS_HANDSHAKING;
|
||||
|
||||
@ -173,7 +173,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in
|
||||
return OK;
|
||||
}
|
||||
|
||||
int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_data, p_bytes);
|
||||
int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_data, p_bytes);
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
// Non blocking IO
|
||||
ret = 0;
|
||||
@ -182,7 +182,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in
|
||||
disconnect_from_stream();
|
||||
return ERR_FILE_EOF;
|
||||
} else if (ret <= 0) {
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
disconnect_from_stream();
|
||||
return ERR_CONNECTION_ERROR;
|
||||
}
|
||||
@ -216,7 +216,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r
|
||||
|
||||
r_received = 0;
|
||||
|
||||
int ret = mbedtls_ssl_read(ssl_ctx->get_context(), p_buffer, p_bytes);
|
||||
int ret = mbedtls_ssl_read(tls_ctx->get_context(), p_buffer, p_bytes);
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
ret = 0; // non blocking io
|
||||
} else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
|
||||
@ -224,7 +224,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r
|
||||
disconnect_from_stream();
|
||||
return ERR_FILE_EOF;
|
||||
} else if (ret <= 0) {
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
disconnect_from_stream();
|
||||
return ERR_CONNECTION_ERROR;
|
||||
}
|
||||
@ -245,7 +245,7 @@ void StreamPeerMbedTLS::poll() {
|
||||
// We could pass nullptr as second parameter, but some behaviour sanitizers don't seem to like that.
|
||||
// Passing a 1 byte buffer to workaround it.
|
||||
uint8_t byte;
|
||||
int ret = mbedtls_ssl_read(ssl_ctx->get_context(), &byte, 0);
|
||||
int ret = mbedtls_ssl_read(tls_ctx->get_context(), &byte, 0);
|
||||
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
// Nothing to read/write (non blocking IO)
|
||||
@ -254,7 +254,7 @@ void StreamPeerMbedTLS::poll() {
|
||||
disconnect_from_stream();
|
||||
return;
|
||||
} else if (ret < 0) {
|
||||
SSLContextMbedTLS::print_mbedtls_error(ret);
|
||||
TLSContextMbedTLS::print_mbedtls_error(ret);
|
||||
disconnect_from_stream();
|
||||
return;
|
||||
}
|
||||
@ -269,11 +269,11 @@ void StreamPeerMbedTLS::poll() {
|
||||
int StreamPeerMbedTLS::get_available_bytes() const {
|
||||
ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0);
|
||||
|
||||
return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl));
|
||||
return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls));
|
||||
}
|
||||
|
||||
StreamPeerMbedTLS::StreamPeerMbedTLS() {
|
||||
ssl_ctx.instantiate();
|
||||
tls_ctx.instantiate();
|
||||
}
|
||||
|
||||
StreamPeerMbedTLS::~StreamPeerMbedTLS() {
|
||||
@ -288,7 +288,7 @@ void StreamPeerMbedTLS::disconnect_from_stream() {
|
||||
Ref<StreamPeerTCP> tcp = base;
|
||||
if (tcp.is_valid() && tcp->get_status() == StreamPeerTCP::STATUS_CONNECTED) {
|
||||
// We are still connected on the socket, try to send close notify.
|
||||
mbedtls_ssl_close_notify(ssl_ctx->get_context());
|
||||
mbedtls_ssl_close_notify(tls_ctx->get_context());
|
||||
}
|
||||
|
||||
_cleanup();
|
||||
@ -306,12 +306,12 @@ StreamPeerTLS *StreamPeerMbedTLS::_create_func() {
|
||||
return memnew(StreamPeerMbedTLS);
|
||||
}
|
||||
|
||||
void StreamPeerMbedTLS::initialize_ssl() {
|
||||
void StreamPeerMbedTLS::initialize_tls() {
|
||||
_create = _create_func;
|
||||
available = true;
|
||||
}
|
||||
|
||||
void StreamPeerMbedTLS::finalize_ssl() {
|
||||
void StreamPeerMbedTLS::finalize_tls() {
|
||||
available = false;
|
||||
_create = nullptr;
|
||||
}
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
#define STREAM_PEER_MBEDTLS_H
|
||||
|
||||
#include "core/io/stream_peer_tls.h"
|
||||
#include "ssl_context_mbedtls.h"
|
||||
#include "tls_context_mbedtls.h"
|
||||
|
||||
class StreamPeerMbedTLS : public StreamPeerTLS {
|
||||
private:
|
||||
@ -48,7 +48,7 @@ private:
|
||||
void _cleanup();
|
||||
|
||||
protected:
|
||||
Ref<SSLContextMbedTLS> ssl_ctx;
|
||||
Ref<TLSContextMbedTLS> tls_ctx;
|
||||
|
||||
Error _do_handshake();
|
||||
|
||||
@ -69,8 +69,8 @@ public:
|
||||
|
||||
virtual int get_available_bytes() const;
|
||||
|
||||
static void initialize_ssl();
|
||||
static void finalize_ssl();
|
||||
static void initialize_tls();
|
||||
static void finalize_tls();
|
||||
|
||||
StreamPeerMbedTLS();
|
||||
~StreamPeerMbedTLS();
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*************************************************************************/
|
||||
/* ssl_context_mbedtls.cpp */
|
||||
/* tls_context_mbedtls.cpp */
|
||||
/*************************************************************************/
|
||||
/* This file is part of: */
|
||||
/* GODOT ENGINE */
|
||||
@ -28,7 +28,7 @@
|
||||
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
|
||||
/*************************************************************************/
|
||||
|
||||
#include "ssl_context_mbedtls.h"
|
||||
#include "tls_context_mbedtls.h"
|
||||
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
@ -37,7 +37,7 @@ static void my_debug(void *ctx, int level,
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
void SSLContextMbedTLS::print_mbedtls_error(int p_ret) {
|
||||
void TLSContextMbedTLS::print_mbedtls_error(int p_ret) {
|
||||
printf("mbedtls error: returned -0x%x\n\n", -p_ret);
|
||||
fflush(stdout);
|
||||
}
|
||||
@ -82,12 +82,12 @@ CookieContextMbedTLS::~CookieContextMbedTLS() {
|
||||
clear();
|
||||
}
|
||||
|
||||
/// SSLContextMbedTLS
|
||||
/// TLSContextMbedTLS
|
||||
|
||||
Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) {
|
||||
Error TLSContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) {
|
||||
ERR_FAIL_COND_V_MSG(inited, ERR_ALREADY_IN_USE, "This SSL context is already active");
|
||||
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_init(&tls);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
@ -110,7 +110,7 @@ Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode)
|
||||
return OK;
|
||||
}
|
||||
|
||||
Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) {
|
||||
Error TLSContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) {
|
||||
ERR_FAIL_COND_V(!p_pkey.is_valid(), ERR_INVALID_PARAMETER);
|
||||
ERR_FAIL_COND_V(!p_cert.is_valid(), ERR_INVALID_PARAMETER);
|
||||
|
||||
@ -146,11 +146,11 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto
|
||||
cookies = p_cookies;
|
||||
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx));
|
||||
}
|
||||
mbedtls_ssl_setup(&ssl, &conf);
|
||||
mbedtls_ssl_setup(&tls, &conf);
|
||||
return OK;
|
||||
}
|
||||
|
||||
Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
|
||||
Error TLSContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
|
||||
Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
|
||||
ERR_FAIL_COND_V(err != OK, err);
|
||||
|
||||
@ -172,15 +172,15 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce
|
||||
|
||||
// Set valid CAs
|
||||
mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), nullptr);
|
||||
mbedtls_ssl_setup(&ssl, &conf);
|
||||
mbedtls_ssl_setup(&tls, &conf);
|
||||
return OK;
|
||||
}
|
||||
|
||||
void SSLContextMbedTLS::clear() {
|
||||
void TLSContextMbedTLS::clear() {
|
||||
if (!inited) {
|
||||
return;
|
||||
}
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_free(&tls);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
@ -198,14 +198,14 @@ void SSLContextMbedTLS::clear() {
|
||||
inited = false;
|
||||
}
|
||||
|
||||
mbedtls_ssl_context *SSLContextMbedTLS::get_context() {
|
||||
mbedtls_ssl_context *TLSContextMbedTLS::get_context() {
|
||||
ERR_FAIL_COND_V(!inited, nullptr);
|
||||
return &ssl;
|
||||
return &tls;
|
||||
}
|
||||
|
||||
SSLContextMbedTLS::SSLContextMbedTLS() {
|
||||
TLSContextMbedTLS::TLSContextMbedTLS() {
|
||||
}
|
||||
|
||||
SSLContextMbedTLS::~SSLContextMbedTLS() {
|
||||
TLSContextMbedTLS::~TLSContextMbedTLS() {
|
||||
clear();
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*************************************************************************/
|
||||
/* ssl_context_mbedtls.h */
|
||||
/* tls_context_mbedtls.h */
|
||||
/*************************************************************************/
|
||||
/* This file is part of: */
|
||||
/* GODOT ENGINE */
|
||||
@ -28,8 +28,8 @@
|
||||
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
|
||||
/*************************************************************************/
|
||||
|
||||
#ifndef SSL_CONTEXT_MBEDTLS_H
|
||||
#define SSL_CONTEXT_MBEDTLS_H
|
||||
#ifndef TLS_CONTEXT_MBEDTLS_H
|
||||
#define TLS_CONTEXT_MBEDTLS_H
|
||||
|
||||
#include "crypto_mbedtls.h"
|
||||
|
||||
@ -44,10 +44,10 @@
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_cookie.h>
|
||||
|
||||
class SSLContextMbedTLS;
|
||||
class TLSContextMbedTLS;
|
||||
|
||||
class CookieContextMbedTLS : public RefCounted {
|
||||
friend class SSLContextMbedTLS;
|
||||
friend class TLSContextMbedTLS;
|
||||
|
||||
protected:
|
||||
bool inited = false;
|
||||
@ -63,7 +63,7 @@ public:
|
||||
~CookieContextMbedTLS();
|
||||
};
|
||||
|
||||
class SSLContextMbedTLS : public RefCounted {
|
||||
class TLSContextMbedTLS : public RefCounted {
|
||||
protected:
|
||||
bool inited = false;
|
||||
|
||||
@ -73,7 +73,7 @@ public:
|
||||
Ref<X509CertificateMbedTLS> certs;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_context tls;
|
||||
mbedtls_ssl_config conf;
|
||||
|
||||
Ref<CookieContextMbedTLS> cookies;
|
||||
@ -86,8 +86,8 @@ public:
|
||||
|
||||
mbedtls_ssl_context *get_context();
|
||||
|
||||
SSLContextMbedTLS();
|
||||
~SSLContextMbedTLS();
|
||||
TLSContextMbedTLS();
|
||||
~TLSContextMbedTLS();
|
||||
};
|
||||
|
||||
#endif // SSL_CONTEXT_MBEDTLS_H
|
||||
#endif // TLS_CONTEXT_MBEDTLS_H
|
||||
Reference in New Issue
Block a user