|
@@ -94,9 +94,12 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
|
|
Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
|
|
|
|
|
+ Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
|
|
|
|
|
+ ERR_FAIL_COND_V(err != OK, err);
|
|
|
|
|
+
|
|
|
X509CertificateMbedTLS *cas = NULL;
|
|
X509CertificateMbedTLS *cas = NULL;
|
|
|
|
|
|
|
|
- if (certs.is_valid()) {
|
|
|
|
|
|
|
+ if (p_valid_cas.is_valid()) {
|
|
|
// Locking CA certificates
|
|
// Locking CA certificates
|
|
|
certs = p_valid_cas;
|
|
certs = p_valid_cas;
|
|
|
certs->lock();
|
|
certs->lock();
|
|
@@ -104,12 +107,12 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce
|
|
|
} else {
|
|
} else {
|
|
|
// Fall back to default certificates (no need to lock those).
|
|
// Fall back to default certificates (no need to lock those).
|
|
|
cas = CryptoMbedTLS::get_default_certificates();
|
|
cas = CryptoMbedTLS::get_default_certificates();
|
|
|
- ERR_FAIL_COND_V(cas == NULL, ERR_UNCONFIGURED);
|
|
|
|
|
|
|
+ if (cas == NULL) {
|
|
|
|
|
+ clear();
|
|
|
|
|
+ ERR_FAIL_V_MSG(ERR_UNCONFIGURED, "SSL module failed to initialize!");
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
|
|
|
|
|
- ERR_FAIL_COND_V(err != OK, err);
|
|
|
|
|
-
|
|
|
|
|
// Set valid CAs
|
|
// Set valid CAs
|
|
|
mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL);
|
|
mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL);
|
|
|
mbedtls_ssl_setup(&ssl, &conf);
|
|
mbedtls_ssl_setup(&ssl, &conf);
|
Rémi Verschelde