Use mbedtls on all platforms & bundle root CAs

Certificate bundle downloaded from https://curl.se/docs/caextract.html.
It is licensed under the MPL 2.0.
This commit is contained in:
Martin Natano
2022-06-06 20:39:41 +02:00
parent 58dd83db8a
commit 258fd61229
6 changed files with 3384 additions and 32 deletions
+3347
View File
File diff suppressed because it is too large Load Diff
+11 -29
View File
@@ -86,16 +86,8 @@ set(IXW_HPP "${IXW_DIR}/IXBench.h"
"${IXW_DIR}/IXWebSocketTransport.h"
"${IXW_DIR}/IXWebSocketVersion.h")
if(APPLE)
list(APPEND IXW_SRC "${IXW_DIR}/IXSocketAppleSSL.cpp")
list(APPEND IXW_HPP "${IXW_DIR}/IXSocketAppleSSL.h")
elseif(WIN32)
list(APPEND IXW_SRC "${IXW_DIR}/IXSocketMbedTLS.cpp")
list(APPEND IXW_HPP "${IXW_DIR}/IXSocketMbedTLS.h")
else()
list(APPEND IXW_SRC "${IXW_DIR}/IXSocketOpenSSL.cpp")
list(APPEND IXW_HPP "${IXW_DIR}/IXSocketOpenSSL.h")
endif()
list(APPEND IXW_SRC "${IXW_DIR}/IXSocketMbedTLS.cpp")
list(APPEND IXW_HPP "${IXW_DIR}/IXSocketMbedTLS.h")
source_group("" FILES ${IXW_SRC} ${IXW_HPP})
@@ -109,25 +101,15 @@ set_property(TARGET "ixwebsocket" PROPERTY CXX_EXTENSIONS OFF)
disable_project_warnings("ixwebsocket")
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_TLS)
if(APPLE)
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_SECURE_TRANSPORT)
target_link_libraries(ixwebsocket "-framework foundation" "-framework security")
elseif(WIN32)
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_MBED_TLS)
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_MBED_TLS_MIN_VERSION_3)
add_subdirectory("mbedtls" EXCLUDE_FROM_ALL)
set_property(TARGET "mbedtls" PROPERTY FOLDER "External Libraries")
set_property(TARGET "mbedcrypto" PROPERTY FOLDER "External Libraries")
set_property(TARGET "mbedx509" PROPERTY FOLDER "External Libraries")
target_link_libraries("ixwebsocket" mbedtls mbedcrypto mbedx509)
else()
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_OPEN_SSL)
find_package(OpenSSL REQUIRED)
add_definitions(${OPENSSL_DEFINITIONS})
target_include_directories(ixwebsocket PUBLIC ${OPENSSL_INCLUDE_DIR})
target_link_libraries(ixwebsocket ${OPENSSL_LIBRARIES})
endif()
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_MBED_TLS)
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_MBED_TLS_MIN_VERSION_3)
set(ENABLE_TESTING OFF CACHE INTERNAL "Don't build tests")
set(GEN_FILES OFF CACHE INTERNAL "Don't generate files (requires perl and python)")
add_subdirectory("mbedtls" EXCLUDE_FROM_ALL)
set_property(TARGET "mbedtls" PROPERTY FOLDER "External Libraries")
set_property(TARGET "mbedcrypto" PROPERTY FOLDER "External Libraries")
set_property(TARGET "mbedx509" PROPERTY FOLDER "External Libraries")
target_link_libraries("ixwebsocket" mbedtls mbedcrypto mbedx509)
target_compile_definitions("ixwebsocket" PRIVATE IXWEBSOCKET_USE_ZLIB)
+21 -2
View File
@@ -6,12 +6,14 @@
#include "RageFileManager.h"
#include "RageLog.h"
#include "RageUtil.h"
#include "SpecialFiles.h"
#include "StdString.h"
#include "ver.h"
#include <ixwebsocket/IXHttpClient.h>
#include <ixwebsocket/IXNetSystem.h>
#include <ixwebsocket/IXUrlParser.h>
#include <ixwebsocket/IXWebSocket.h>
#include <algorithm>
#include <climits>
@@ -72,6 +74,23 @@ NetworkManager::NetworkManager() : httpClient(true), downloadClient(true)
LUA->Release(L);
}
RageFile f;
if(f.Open(SpecialFiles::CA_BUNDLE_PATH))
{
RString data;
f.Read(data);
f.Close();
this->tlsOptions.caFile = data;
}
else
{
LOG->Warn("Reading '%s' failed: %s", SpecialFiles::CA_BUNDLE_PATH.c_str(), f.GetError().c_str());
}
this->httpClient.setTLSOptions(this->tlsOptions);
this->downloadClient.setTLSOptions(this->tlsOptions);
this->ClearDownloads();
}
@@ -214,6 +233,8 @@ WebSocketHandlePtr NetworkManager::WebSocket(const WebSocketArgs& args)
handle->onClose = args.onClose;
handle->webSocket.setUrl(args.url);
handle->webSocket.setTLSOptions(this->tlsOptions);
handle->webSocket.setOnMessageCallback(args.onMessage);
ix::WebSocketHttpHeaders headers;
headers["User-Agent"] = this->GetUserAgent();
@@ -238,8 +259,6 @@ WebSocketHandlePtr NetworkManager::WebSocket(const WebSocketArgs& args)
handle->webSocket.disableAutomaticReconnection();
}
handle->webSocket.setOnMessageCallback(args.onMessage);
handle->webSocket.start();
return handle;
+2
View File
@@ -13,6 +13,7 @@
#include <ixwebsocket/IXHttp.h>
#include <ixwebsocket/IXHttpClient.h>
#include <ixwebsocket/IXSocketTLSOptions.h>
#include <ixwebsocket/IXWebSocket.h>
#include "EnumHelper.h"
@@ -141,6 +142,7 @@ private:
ix::HttpClient httpClient;
ix::HttpClient downloadClient;
ix::SocketTLSOptions tlsOptions;
static Preference<bool> httpEnabled;
static Preference<RString> httpAllowHosts;
+2 -1
View File
@@ -4,7 +4,7 @@
const RString SpecialFiles::PACKAGES_DIR = "Packages/";
const RString SpecialFiles::KEYMAPS_PATH = "Save/Keymaps.ini";
const RString SpecialFiles::EDIT_MODE_KEYMAPS_PATH = "Save/EditMode_Keymaps.ini";
const RString SpecialFiles::PREFERENCES_INI_PATH = "Save/Preferences.ini";
const RString SpecialFiles::PREFERENCES_INI_PATH = "Save/Preferences.ini";
const RString SpecialFiles::THEMES_DIR = "Themes/";
const RString SpecialFiles::LANGUAGES_SUBDIR = "Languages/";
// TODO: A theme should be able to specify a base language.
@@ -15,6 +15,7 @@ const RString SpecialFiles::BASE_THEME_NAME = "_fallback";
const RString SpecialFiles::DEFAULTS_INI_PATH = "Data/Defaults.ini";
const RString SpecialFiles::STATIC_INI_PATH = "Data/Static.ini";
const RString SpecialFiles::TYPE_TXT_FILE = "Data/Type.txt";
const RString SpecialFiles::CA_BUNDLE_PATH = "Data/ca-bundle.crt";
const RString SpecialFiles::SONGS_DIR = "Songs/";
const RString SpecialFiles::COURSES_DIR = "Courses/";
const RString SpecialFiles::NOTESKINS_DIR = "NoteSkins/";
+1
View File
@@ -23,6 +23,7 @@ namespace SpecialFiles
extern const RString DEFAULTS_INI_PATH;
extern const RString STATIC_INI_PATH;
extern const RString TYPE_TXT_FILE;
extern const RString CA_BUNDLE_PATH;
/** @brief The default Songs directory. */
extern const RString SONGS_DIR;
/** @brief The default courses directory. */