Attention: Here be dragons
This is the latest
(unstable) version of this documentation, which may document features
not available in or compatible with released stable versions of Godot.
Checking the stable version of the documentation...
TLSOptions
繼承: RefCounted < Object
使用者端與伺服器的 TLS 配置。
說明
TLSOptions 是對 StreamPeerTLS 和 PacketPeerDTLS 類中配置選項的抽象。
無法直接產生實體這個類的物件,應改用靜態方法 client()、client_unsafe() 或 server()。
# 建立 TLS 使用者端配置,使用自訂 CA 信任鏈。
var client_trusted_cas = load("res://my_trusted_cas.crt")
var client_tls_options = TLSOptions.client(client_trusted_cas)
# 建立 TLS 伺服器配置。
var server_certs = load("res://my_server_cas.crt")
var server_key = load("res://my_server_key.key")
var server_tls_options = TLSOptions.server(server_key, server_certs)
方法
client(trusted_chain: X509Certificate = null, common_name_override: String = "") static |
|
client_unsafe(trusted_chain: X509Certificate = null) static |
|
get_common_name_override() const |
|
get_own_certificate() const |
|
get_private_key() const |
|
get_trusted_ca_chain() const |
|
is_server() const |
|
is_unsafe_client() const |
|
server(key: CryptoKey, certificate: X509Certificate) static |
方法說明
TLSOptions client(trusted_chain: X509Certificate = null, common_name_override: String = "") static 🔗
Creates a TLS client configuration which validates certificates and their common names (fully qualified domain names).
You can specify a custom trusted_chain of certification authorities (the default CA list will be used if null), and optionally provide a common_name_override if you expect the certificate to have a common name other than the server FQDN.
Note: On the Web platform, TLS verification is always enforced against the CA list of the web browser. This is considered a security feature.
TLSOptions client_unsafe(trusted_chain: X509Certificate = null) static 🔗
建立不安全的 TLS 使用者端配置,憑證驗證為可選項。你可以選擇提供有效的信任鏈 trusted_chain,但永遠不會對憑證的通用名稱進行檢查。這種配置不推薦用於測試之外的用途。
注意:在 Web 平臺上,TLS 驗證始終強制使用 Web 流覽器的 CA 列表。這是一種安全功能。
String get_common_name_override() const 🔗
Returns the common name (domain name) override specified when creating with client().
X509Certificate get_own_certificate() const 🔗
Returns the X509Certificate specified when creating with server().
CryptoKey get_private_key() const 🔗
Returns the CryptoKey specified when creating with server().
X509Certificate get_trusted_ca_chain() const 🔗
Returns the CA X509Certificate chain specified when creating with client() or client_unsafe().
Returns true if created with server(), false otherwise.
bool is_unsafe_client() const 🔗
Returns true if created with client_unsafe(), false otherwise.
TLSOptions server(key: CryptoKey, certificate: X509Certificate) static 🔗
使用提供的金鑰 key 和憑證 certificate 建立 TLS 伺服器配置。
注意:certificate 中應當包含簽章 CA 的完整憑證連結(可以使用通用文字編輯器連接憑證檔)。