Attention: Here be dragons
This is the latest
(unstable) version of this documentation, which may document features
not available in or compatible with released stable versions of Godot.
Checking the stable version of the documentation...
TLSOptions
Hérite de : RefCounted < Object
Configuration TLS pour des clients et des serveurs.
Description
TLSOptions abstrait les options de configuration pour les classes StreamPeerTLS et PacketPeerDTLS.
Les objets de cette classe ne peuvent être instanciés directement, et l'une des méthodes statiques client(), client_unsafe() ou server() devraient être utilisées à la place.
# Créer une configuration de client TLS qui utilise notre chaîne de CA approuvée personnalisée.
var cas_approuves_client = load("res://mes_cas_approuves.crt")
var options_tls_client = TLSOptions.client(cas_approuves_client)
# Créer une configuration de serveur TLS.
var certificats_serveur = load("res://mes_cas_serveur.crt")
var cle_serveur = load("res://ma_cle_serveur.key")
var options_tls_serveur = TLSOptions.server(cle_serveur, certificats_serveur)
Méthodes
client(trusted_chain: X509Certificate = null, common_name_override: String = "") static |
|
client_unsafe(trusted_chain: X509Certificate = null) static |
|
get_common_name_override() const |
|
get_own_certificate() const |
|
get_private_key() const |
|
get_trusted_ca_chain() const |
|
is_server() const |
|
is_unsafe_client() const |
|
server(key: CryptoKey, certificate: X509Certificate) static |
Descriptions des méthodes
TLSOptions client(trusted_chain: X509Certificate = null, common_name_override: String = "") static 🔗
Creates a TLS client configuration which validates certificates and their common names (fully qualified domain names).
You can specify a custom trusted_chain of certification authorities (the default CA list will be used if null), and optionally provide a common_name_override if you expect the certificate to have a common name other than the server FQDN.
Note: On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature.
TLSOptions client_unsafe(trusted_chain: X509Certificate = null) static 🔗
Creates an unsafe TLS client configuration where certificate validation is optional. You can optionally provide a valid trusted_chain, but the common name of the certificates will never be checked. Using this configuration for purposes other than testing is not recommended.
Note: On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature.
String get_common_name_override() const 🔗
Returns the common name (domain name) override specified when creating with client().
X509Certificate get_own_certificate() const 🔗
Returns the X509Certificate specified when creating with server().
CryptoKey get_private_key() const 🔗
Returns the CryptoKey specified when creating with server().
X509Certificate get_trusted_ca_chain() const 🔗
Returns the CA X509Certificate chain specified when creating with client() or client_unsafe().
Returns true if created with server(), false otherwise.
bool is_unsafe_client() const 🔗
Returns true if created with client_unsafe(), false otherwise.
TLSOptions server(key: CryptoKey, certificate: X509Certificate) static 🔗
Creates a TLS server configuration using the provided key and certificate.
Note: The certificate should include the full certificate chain up to the signing CA (certificates file can be concatenated using a general purpose text editor).