:github_url: hide .. DO NOT EDIT THIS FILE!!! .. Generated automatically from Godot engine sources. .. Generator: https://github.com/godotengine/godot/tree/master/doc/tools/make_rst.py. .. XML source: https://github.com/godotengine/godot/tree/master/doc/classes/TLSOptions.xml. .. _class_TLSOptions: TLSOptions ========== **Inherits:** :ref:`RefCounted` **<** :ref:`Object` TLS configuration for clients and servers. .. rst-class:: classref-introduction-group Description ----------- TLSOptions abstracts the configuration options for the :ref:`StreamPeerTLS` and :ref:`PacketPeerDTLS` classes. Objects of this class cannot be instantiated directly, and one of the static methods :ref:`client()`, :ref:`client_unsafe()`, or :ref:`server()` should be used instead. .. tabs:: .. code-tab:: gdscript # Create a TLS client configuration which uses our custom trusted CA chain. var client_trusted_cas = load("res://my_trusted_cas.crt") var client_tls_options = TLSOptions.client(client_trusted_cas) # Create a TLS server configuration. var server_certs = load("res://my_server_cas.crt") var server_key = load("res://my_server_key.key") var server_tls_options = TLSOptions.server(server_key, server_certs) .. rst-class:: classref-reftable-group Methods ------- .. table:: :widths: auto +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`TLSOptions` | :ref:`client`\ (\ trusted_chain\: :ref:`X509Certificate` = null, common_name_override\: :ref:`String` = ""\ ) |static| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`TLSOptions` | :ref:`client_unsafe`\ (\ trusted_chain\: :ref:`X509Certificate` = null\ ) |static| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`String` | :ref:`get_common_name_override`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`X509Certificate` | :ref:`get_own_certificate`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`CryptoKey` | :ref:`get_private_key`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`X509Certificate` | :ref:`get_trusted_ca_chain`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`bool` | :ref:`is_server`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`bool` | :ref:`is_unsafe_client`\ (\ ) |const| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | :ref:`TLSOptions` | :ref:`server`\ (\ key\: :ref:`CryptoKey`, certificate\: :ref:`X509Certificate`\ ) |static| | +-----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. rst-class:: classref-section-separator ---- .. rst-class:: classref-descriptions-group Method Descriptions ------------------- .. _class_TLSOptions_method_client: .. rst-class:: classref-method :ref:`TLSOptions` **client**\ (\ trusted_chain\: :ref:`X509Certificate` = null, common_name_override\: :ref:`String` = ""\ ) |static| :ref:`🔗` Creates a TLS client configuration which validates certificates and their common names (fully qualified domain names). You can specify a custom ``trusted_chain`` of certification authorities (the default CA list will be used if ``null``), and optionally provide a ``common_name_override`` if you expect the certificate to have a common name other than the server FQDN. \ **Note:** On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_client_unsafe: .. rst-class:: classref-method :ref:`TLSOptions` **client_unsafe**\ (\ trusted_chain\: :ref:`X509Certificate` = null\ ) |static| :ref:`🔗` Creates an **unsafe** TLS client configuration where certificate validation is optional. You can optionally provide a valid ``trusted_chain``, but the common name of the certificates will never be checked. Using this configuration for purposes other than testing **is not recommended**. \ **Note:** On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_get_common_name_override: .. rst-class:: classref-method :ref:`String` **get_common_name_override**\ (\ ) |const| :ref:`🔗` Returns the common name (domain name) override specified when creating with :ref:`client()`. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_get_own_certificate: .. rst-class:: classref-method :ref:`X509Certificate` **get_own_certificate**\ (\ ) |const| :ref:`🔗` Returns the :ref:`X509Certificate` specified when creating with :ref:`server()`. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_get_private_key: .. rst-class:: classref-method :ref:`CryptoKey` **get_private_key**\ (\ ) |const| :ref:`🔗` Returns the :ref:`CryptoKey` specified when creating with :ref:`server()`. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_get_trusted_ca_chain: .. rst-class:: classref-method :ref:`X509Certificate` **get_trusted_ca_chain**\ (\ ) |const| :ref:`🔗` Returns the CA :ref:`X509Certificate` chain specified when creating with :ref:`client()` or :ref:`client_unsafe()`. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_is_server: .. rst-class:: classref-method :ref:`bool` **is_server**\ (\ ) |const| :ref:`🔗` Returns ``true`` if created with :ref:`server()`, ``false`` otherwise. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_is_unsafe_client: .. rst-class:: classref-method :ref:`bool` **is_unsafe_client**\ (\ ) |const| :ref:`🔗` Returns ``true`` if created with :ref:`client_unsafe()`, ``false`` otherwise. .. rst-class:: classref-item-separator ---- .. _class_TLSOptions_method_server: .. rst-class:: classref-method :ref:`TLSOptions` **server**\ (\ key\: :ref:`CryptoKey`, certificate\: :ref:`X509Certificate`\ ) |static| :ref:`🔗` Creates a TLS server configuration using the provided ``key`` and ``certificate``. \ **Note:** The ``certificate`` should include the full certificate chain up to the signing CA (certificates file can be concatenated using a general purpose text editor). .. |virtual| replace:: :abbr:`virtual (This method should typically be overridden by the user to have any effect.)` .. |required| replace:: :abbr:`required (This method is required to be overridden when extending its base class.)` .. |const| replace:: :abbr:`const (This method has no side effects. It doesn't modify any of the instance's member variables.)` .. |vararg| replace:: :abbr:`vararg (This method accepts any number of arguments after the ones described here.)` .. |constructor| replace:: :abbr:`constructor (This method is used to construct a type.)` .. |static| replace:: :abbr:`static (This method doesn't need an instance to be called, so it can be called directly using the class name.)` .. |operator| replace:: :abbr:`operator (This method describes a valid operator to use with this type as left-hand operand.)` .. |bitfield| replace:: :abbr:`BitField (This value is an integer composed as a bitmask of the following flags.)` .. |void| replace:: :abbr:`void (No return value.)`