TLSOptions

繼承: RefCounted < Object

使用者端與伺服器的 TLS 配置。

說明

TLSOptions 是對 StreamPeerTLSPacketPeerDTLS 類中配置選項的抽象。

無法直接產生實體這個類的物件,應改用靜態方法 client()client_unsafe()server()

# 建立 TLS 使用者端配置,使用自訂 CA 信任鏈。
var client_trusted_cas = load("res://my_trusted_cas.crt")
var client_tls_options = TLSOptions.client(client_trusted_cas)

# 建立 TLS 伺服器配置。
var server_certs = load("res://my_server_cas.crt")
var server_key = load("res://my_server_key.key")
var server_tls_options = TLSOptions.server(server_key, server_certs)

方法

TLSOptions

client(trusted_chain: X509Certificate = null, common_name_override: String = "") static

TLSOptions

client_unsafe(trusted_chain: X509Certificate = null) static

String

get_common_name_override() const

X509Certificate

get_own_certificate() const

CryptoKey

get_private_key() const

X509Certificate

get_trusted_ca_chain() const

bool

is_server() const

bool

is_unsafe_client() const

TLSOptions

server(key: CryptoKey, certificate: X509Certificate) static

方法說明

TLSOptions client(trusted_chain: X509Certificate = null, common_name_override: String = "") static 🔗

Creates a TLS client configuration which validates certificates and their common names (fully qualified domain names).

You can specify a custom trusted_chain of certification authorities (the default CA list will be used if null), and optionally provide a common_name_override if you expect the certificate to have a common name other than the server FQDN.

Note: On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature.

TLSOptions client_unsafe(trusted_chain: X509Certificate = null) static 🔗

建立不安全的 TLS 使用者端配置,憑證驗證為可選項。你可以選擇提供有效的信任鏈 trusted_chain,但永遠不會對憑證的通用名稱進行檢查。這種配置不推薦用於測試之外的用途。

注意:在 Web 平臺上,TLS 驗證始終強制使用 Web 流覽器的 CA 列表。這是一種安全功能。

String get_common_name_override() const 🔗

Returns the common name (domain name) override specified when creating with client().

X509Certificate get_own_certificate() const 🔗

Returns the X509Certificate specified when creating with server().

CryptoKey get_private_key() const 🔗

Returns the CryptoKey specified when creating with server().

X509Certificate get_trusted_ca_chain() const 🔗

Returns the CA X509Certificate chain specified when creating with client() or client_unsafe().

bool is_server() const 🔗

Returns true if created with server(), false otherwise.

bool is_unsafe_client() const 🔗

Returns true if created with client_unsafe(), false otherwise.

TLSOptions server(key: CryptoKey, certificate: X509Certificate) static 🔗

使用提供的金鑰 key 和憑證 certificate 建立 TLS 伺服器配置。

注意:certificate 中應當包含簽章 CA 的完整憑證連結(可以使用通用文字編輯器連接憑證檔)。