diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-04-13 21:17:55 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-05-12 09:58:23 +0200 |
| commit | 6fd99823581dd05d27a1ff773b67a8ea616993cc (patch) | |
| tree | 1baf791a581f4ce5a73433434400546b4a4051fe /platform/macos | |
| parent | 4e1d5be9d33e8a14254f0ccd0910743073970413 (diff) | |
| download | redot-engine-6fd99823581dd05d27a1ff773b67a8ea616993cc.tar.gz | |
[TLS] Add support for platform-specific CA bundles.
Adds a new OS::get_system_ca_certs method which can be implemented by
platforms to retrieve the list of trusted CA certificates using OS
specific APIs.
The function should return the certificates in PEM format, and is
currently implemented for Windows/macOS/LinuxBSD(*)/Android.
mbedTLS will fall back to bundled certificates when the OS returns no
certificates.
(*) LinuxBSD does not have a standardized certificates store location.
The current implementation will test for common locations and may
return an empty string on some distributions (falling back to the
bundled certificates).
Diffstat (limited to 'platform/macos')
| -rw-r--r-- | platform/macos/detect.py | 2 | ||||
| -rw-r--r-- | platform/macos/os_macos.h | 2 | ||||
| -rw-r--r-- | platform/macos/os_macos.mm | 29 |
3 files changed, 33 insertions, 0 deletions
diff --git a/platform/macos/detect.py b/platform/macos/detect.py index 1fefdb3c68..7b8d3fd853 100644 --- a/platform/macos/detect.py +++ b/platform/macos/detect.py @@ -235,6 +235,8 @@ def configure(env: "Environment"): "CoreMedia", "-framework", "QuartzCore", + "-framework", + "Security", ] ) env.Append(LIBS=["pthread", "z"]) diff --git a/platform/macos/os_macos.h b/platform/macos/os_macos.h index eb7a30203a..07bae479be 100644 --- a/platform/macos/os_macos.h +++ b/platform/macos/os_macos.h @@ -119,6 +119,8 @@ public: virtual Error move_to_trash(const String &p_path) override; + virtual String get_system_ca_certificates() override; + void run(); OS_MacOS(); diff --git a/platform/macos/os_macos.mm b/platform/macos/os_macos.mm index 74cdef6f25..838ae742fd 100644 --- a/platform/macos/os_macos.mm +++ b/platform/macos/os_macos.mm @@ -30,6 +30,7 @@ #include "os_macos.h" +#include "core/crypto/crypto_core.h" #include "core/version_generated.gen.h" #include "main/main.h" @@ -671,6 +672,34 @@ Error OS_MacOS::move_to_trash(const String &p_path) { return OK; } +String OS_MacOS::get_system_ca_certificates() { + CFArrayRef result; + SecCertificateRef item; + CFDataRef der; + + OSStatus ret = SecTrustCopyAnchorCertificates(&result); + ERR_FAIL_COND_V(ret != noErr, ""); + + CFIndex l = CFArrayGetCount(result); + String certs; + PackedByteArray pba; + for (CFIndex i = 0; i < l; i++) { + item = (SecCertificateRef)CFArrayGetValueAtIndex(result, i); + der = SecCertificateCopyData(item); + int derlen = CFDataGetLength(der); + if (pba.size() < derlen * 3) { + pba.resize(derlen * 3); + } + size_t b64len = 0; + Error err = CryptoCore::b64_encode(pba.ptrw(), pba.size(), &b64len, (unsigned char *)CFDataGetBytePtr(der), derlen); + CFRelease(der); + ERR_CONTINUE(err != OK); + certs += "-----BEGIN CERTIFICATE-----\n" + String((char *)pba.ptr(), b64len) + "\n-----END CERTIFICATE-----\n"; + } + CFRelease(result); + return certs; +} + void OS_MacOS::run() { if (!main_loop) { return; |