forked from pool/godot
1f1d01a3a7
- Added "linker_pie_flag.patch" in order to link with "-pie". Replaces previous "fix-pie-warning.patch". - "project_certs_fallback.patch" renamed to "certs_fallback.patch". Modified and adapted to Godot source code changes. - bash completion files "godot", "godot-headless", "godot-runner" and "godot-server" added. - Location of documentation in man page adjusted. - godot-rpmlintrc deleted with filter "no-manual-page-for-binary" because this warning doesn't seems to be thrown anymore. - Build option "faster_build" introduced to speed up build during tests. - Removed patch "fix-pie-warning.patch" OBS-URL: https://build.opensuse.org/request/show/777745 OBS-URL: https://build.opensuse.org/package/show/games/godot?expand=0&rev=5
67 lines
2.6 KiB
Diff
67 lines
2.6 KiB
Diff
From: cunix@mail.de
|
|
Date: 2019-04-29 16:00:00
|
|
Subject: System certs as fallback for project certs
|
|
References: https://github.com/godotengine/godot/pull/22066#issuecomment-421565719
|
|
https://github.com/godotengine/godot/pull/22066#issuecomment-422528664
|
|
https://github.com/godotengine/godot/issues/22232
|
|
Upstream: offered to upstream
|
|
|
|
If project has no value set for "network/ssl/certificates" (the default),
|
|
"default_certs" is not filled by function "load_default_certificates" because
|
|
we don't use builtin certs - BUILTIN_CERTS_ENABLED is not defined.
|
|
|
|
We use a distro specific "system_certs_path" as build option and apply it here
|
|
via "_SYSTEM_CERTS_PATH" (defined in included "core/io/certs_compressed.gen.h")
|
|
as fallback for certificates.
|
|
|
|
In result patch restores upstream behavior for certificate usage.
|
|
Difference is:
|
|
Where upstream by default uses hard coded certificates at build time, we hard
|
|
code path to the default certificates as "/var/lib/ca-certificates/ca-bundle.pem".
|
|
This bundle might be updated separately or admin can edit content of this file.
|
|
|
|
User can always define different path via Editor or Project settings.
|
|
|
|
See comments in patch for more details.
|
|
|
|
---
|
|
|
|
diff -r -U 5 a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp
|
|
--- a/modules/mbedtls/crypto_mbedtls.cpp
|
|
+++ b/modules/mbedtls/crypto_mbedtls.cpp
|
|
@@ -44,10 +44,12 @@
|
|
#define PEM_END_CRT "-----END CERTIFICATE-----\n"
|
|
|
|
#include "mbedtls/pem.h"
|
|
#include <mbedtls/debug.h>
|
|
|
|
+#include <string.h>
|
|
+
|
|
CryptoKey *CryptoKeyMbedTLS::create() {
|
|
return memnew(CryptoKeyMbedTLS);
|
|
}
|
|
|
|
Error CryptoKeyMbedTLS::load(String p_path) {
|
|
@@ -204,10 +206,21 @@
|
|
ERR_FAIL_COND(default_certs == NULL);
|
|
|
|
if (p_path != "") {
|
|
// Use certs defined in project settings.
|
|
default_certs->load(p_path);
|
|
+ } else if (strcmp(_SYSTEM_CERTS_PATH, "") != 0) {
|
|
+ // Use system certs only if user did not override in project settings
|
|
+ // and if _SYSTEM_CERTS_PATH is set.
|
|
+ // Should happen if Project Setting "network/ssl/certificates" is empty.
|
|
+ // Editor Setting "network/ssl/editor_ssl_certificates" is already set
|
|
+ // to "_SYSTEM_CERTS_PATH" by default -> This is caught by "if (p_path != "") {".
|
|
+ // But the same fallback might apply for certificates used by editor
|
|
+ // if user has set "network/ssl/editor_ssl_certificates" to "".
|
|
+ // "load_default_certificates" is only called twice with one of
|
|
+ // these parameters.
|
|
+ default_certs->load(_SYSTEM_CERTS_PATH);
|
|
}
|
|
#ifdef BUILTIN_CERTS_ENABLED
|
|
else {
|
|
// Use builtin certs only if user did not override it in project settings.
|
|
PoolByteArray out;
|