Godot: Use internal certs if no certificates are provided

Created on 7 Mar 2018  路  8Comments  路  Source: godotengine/godot

Godot version:

Godot 3.0.2

OS/device including version:

Linux Mint 18.3 Sylvia 64-bit

Issue description:

OpenSSL throws errors when trying to do a HTTPS request.

ERROR: _print_error: Some I/O error occurred. The OpenSSL error queue may contain more information on the error.
   At: modules/openssl/stream_peer_openssl.cpp:429.
ERROR: _print_error: A failure in the SSL library occurred, usually a protocol error.
   At: modules/openssl/stream_peer_openssl.cpp:432.

Steps to reproduce:
I used the example from here http://docs.godotengine.org/en/3.0/tutorials/networking/http_client_class.html and just changed the 'connect_to_host' line to do HTTPS instead.
But I have also included a project where the changes are already made.

Minimal reproduction project:

HTTPSClientTest.tar.gz

enhancement hero wanted! network
Source
picture Keetz
👍3

Most helpful comment

Seeing how many users have problems with this, we really should use the internal certs if empty. :)

picture mhilbrunner on 22 May 2018
👍4

All 8 comments

I can confirm this on latest commit , i'll try to take a look at it

alex9099 picture alex9099 on 9 Mar 2018
👍1

Maybe this is related to #17237 ?

uldall picture uldall on 9 Mar 2018

@Keetz you need to add the trusted CA certificates to project settings -> network -> Ssl -> Certificates.
You can copy the certs in Godot sources (which are used by the editor) to your project location and add that.

We could make Godot use the internal certificates when that setting is empty.
I don't want the internal CA certs to always be valid (in case when a CA goes s* and game devs want to update the certs without recompiling or wait for a new release) but they are a good default for usability.
Does that sound reasonable? @akien-mga

Faless picture Faless on 15 Mar 2018
👍1

@Faless 'project settings -> network -> ssl -> certificates'* ;)
Having default certificates sounds like a good idea to me, based on usability alone, I can't say if it would have any consequences somewhere.

And just to confirm so there is no doubt if anyone else reads this. It does indeed work to add the certificates :+1:

Keetz picture Keetz on 16 Mar 2018
👍1

Godot should rather use the OS provided certificates by default. You think game makers will bother updating their games when the certificates need updating? It's more the OS job to do that.

Stof25 picture Stof25 on 15 Apr 2018
👍2

We could make Godot use the internal certificates when that setting is empty.
I don't want the internal CA certs to always be valid (in case when a CA goes s* and game devs want to update the certs without recompiling or wait for a new release) but they are a good default for usability.
Does that sound reasonable? @akien-mga

@Faless IMO HTTPS working by default is way worth the downside of having to compile Godot or wait for an update to get new default certs.

mhilbrunner picture mhilbrunner on 15 Apr 2018

Seeing how many users have problems with this, we really should use the internal certs if empty. :)

mhilbrunner picture mhilbrunner on 22 May 2018
👍4

Internal certs are used for the editor, but i suppose they can be bundled for the game too?
If anyone is willing to give a try to this, feel free

reduz picture reduz on 7 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

n-pigeon picture n-pigeon  路  3Comments
SleepProgger picture SleepProgger  路  3Comments
testman42 picture testman42  路  3Comments
Zylann picture Zylann  路  3Comments
blurymind picture blurymind  路  3Comments