Merge pull request godotengine#65460 from Faless/net/4.x_ssl_to_tls_more

[Net] Rename "ssl" references to "tls" in methods and members.
jarnovanderlinden · Sep 8, 2022 · a51dc70 · a51dc70
2 parents cdb121d + a95d792
commit a51dc70
Show file tree

Hide file tree

Showing 46 changed files with 285 additions and 285 deletions.
diff --git a/core/io/http_client.cpp b/core/io/http_client.cpp
@@ -138,7 +138,7 @@ PackedStringArray HTTPClient::_get_response_headers() {
 }
 
 void HTTPClient::_bind_methods() {
-	ClassDB::bind_method(D_METHOD("connect_to_host", "host", "port", "use_ssl", "verify_host"), &HTTPClient::connect_to_host, DEFVAL(-1), DEFVAL(false), DEFVAL(true));
+	ClassDB::bind_method(D_METHOD("connect_to_host", "host", "port", "use_tls", "verify_host"), &HTTPClient::connect_to_host, DEFVAL(-1), DEFVAL(false), DEFVAL(true));
 	ClassDB::bind_method(D_METHOD("set_connection", "connection"), &HTTPClient::set_connection);
 	ClassDB::bind_method(D_METHOD("get_connection"), &HTTPClient::get_connection);
 	ClassDB::bind_method(D_METHOD("request_raw", "method", "url", "headers", "body"), &HTTPClient::_request_raw);
@@ -190,7 +190,7 @@ void HTTPClient::_bind_methods() {
 	BIND_ENUM_CONSTANT(STATUS_REQUESTING); // Request in progress
 	BIND_ENUM_CONSTANT(STATUS_BODY); // Request resulted in body which must be read
 	BIND_ENUM_CONSTANT(STATUS_CONNECTION_ERROR);
-	BIND_ENUM_CONSTANT(STATUS_SSL_HANDSHAKE_ERROR);
+	BIND_ENUM_CONSTANT(STATUS_TLS_HANDSHAKE_ERROR);
 
 	BIND_ENUM_CONSTANT(RESPONSE_CONTINUE);
 	BIND_ENUM_CONSTANT(RESPONSE_SWITCHING_PROTOCOLS);

diff --git a/core/io/http_client.h b/core/io/http_client.h
@@ -138,7 +138,7 @@ class HTTPClient : public RefCounted {
 		STATUS_REQUESTING, // Request in progress
 		STATUS_BODY, // Request resulted in body, which must be read
 		STATUS_CONNECTION_ERROR,
-		STATUS_SSL_HANDSHAKE_ERROR,
+		STATUS_TLS_HANDSHAKE_ERROR,
 
 	};
 
@@ -168,7 +168,7 @@ class HTTPClient : public RefCounted {
 	Error verify_headers(const Vector<String> &p_headers);
 
 	virtual Error request(Method p_method, const String &p_url, const Vector<String> &p_headers, const uint8_t *p_body, int p_body_size) = 0;
-	virtual Error connect_to_host(const String &p_host, int p_port = -1, bool p_ssl = false, bool p_verify_host = true) = 0;
+	virtual Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) = 0;
 
 	virtual void set_connection(const Ref<StreamPeer> &p_connection) = 0;
 	virtual Ref<StreamPeer> get_connection() const = 0;

diff --git a/core/io/http_client_tcp.cpp b/core/io/http_client_tcp.cpp
@@ -39,29 +39,29 @@ HTTPClient *HTTPClientTCP::_create_func() {
 	return memnew(HTTPClientTCP);
 }
 
-Error HTTPClientTCP::connect_to_host(const String &p_host, int p_port, bool p_ssl, bool p_verify_host) {
+Error HTTPClientTCP::connect_to_host(const String &p_host, int p_port, bool p_tls, bool p_verify_host) {
 	close();
 
 	conn_port = p_port;
 	conn_host = p_host;
 
 	ip_candidates.clear();
 
-	ssl = p_ssl;
-	ssl_verify_host = p_verify_host;
+	tls = p_tls;
+	tls_verify_host = p_verify_host;
 
 	String host_lower = conn_host.to_lower();
 	if (host_lower.begins_with("http://")) {
 		conn_host = conn_host.substr(7, conn_host.length() - 7);
 	} else if (host_lower.begins_with("https://")) {
-		ssl = true;
+		tls = true;
 		conn_host = conn_host.substr(8, conn_host.length() - 8);
 	}
 
 	ERR_FAIL_COND_V(conn_host.length() < HOST_MIN_LEN, ERR_INVALID_PARAMETER);
 
 	if (conn_port < 0) {
-		if (ssl) {
+		if (tls) {
 			conn_port = PORT_HTTPS;
 		} else {
 			conn_port = PORT_HTTP;
@@ -70,11 +70,11 @@ Error HTTPClientTCP::connect_to_host(const String &p_host, int p_port, bool p_ss
 
 	connection = tcp_connection;
 
-	if (ssl && https_proxy_port != -1) {
+	if (tls && https_proxy_port != -1) {
 		proxy_client.instantiate(); // Needs proxy negotiation.
 		server_host = https_proxy_host;
 		server_port = https_proxy_port;
-	} else if (!ssl && http_proxy_port != -1) {
+	} else if (!tls && http_proxy_port != -1) {
 		server_host = http_proxy_host;
 		server_port = http_proxy_port;
 	} else {
@@ -107,7 +107,7 @@ Error HTTPClientTCP::connect_to_host(const String &p_host, int p_port, bool p_ss
 void HTTPClientTCP::set_connection(const Ref<StreamPeer> &p_connection) {
 	ERR_FAIL_COND_MSG(p_connection.is_null(), "Connection is not a reference to a valid StreamPeer object.");
 
-	if (ssl) {
+	if (tls) {
 		ERR_FAIL_NULL_MSG(Object::cast_to<StreamPeerTLS>(p_connection.ptr()),
 				"Connection is not a reference to a valid StreamPeerTLS object.");
 	}
@@ -156,7 +156,7 @@ Error HTTPClientTCP::request(Method p_method, const String &p_url, const Vector<
 	}
 
 	String uri = p_url;
-	if (!ssl && http_proxy_port != -1) {
+	if (!tls && http_proxy_port != -1) {
 		uri = vformat("http://%s:%d%s", conn_host, conn_port, p_url);
 	}
 
@@ -181,7 +181,7 @@ Error HTTPClientTCP::request(Method p_method, const String &p_url, const Vector<
 		}
 	}
 	if (add_host) {
-		if ((ssl && conn_port == PORT_HTTPS) || (!ssl && conn_port == PORT_HTTP)) {
+		if ((tls && conn_port == PORT_HTTPS) || (!tls && conn_port == PORT_HTTP)) {
 			// Don't append the standard ports.
 			request += "Host: " + conn_host + "\r\n";
 		} else {
@@ -316,7 +316,7 @@ Error HTTPClientTCP::poll() {
 					return OK;
 				} break;
 				case StreamPeerTCP::STATUS_CONNECTED: {
-					if (ssl && proxy_client.is_valid()) {
+					if (tls && proxy_client.is_valid()) {
 						Error err = proxy_client->poll();
 						if (err == ERR_UNCONFIGURED) {
 							proxy_client->set_connection(tcp_connection);
@@ -357,42 +357,42 @@ Error HTTPClientTCP::poll() {
 								return ERR_CANT_CONNECT;
 							} break;
 						}
-					} else if (ssl) {
-						Ref<StreamPeerTLS> ssl;
+					} else if (tls) {
+						Ref<StreamPeerTLS> tls;
 						if (!handshaking) {
 							// Connect the StreamPeerTLS and start handshaking.
-							ssl = Ref<StreamPeerTLS>(StreamPeerTLS::create());
-							ssl->set_blocking_handshake_enabled(false);
-							Error err = ssl->connect_to_stream(tcp_connection, ssl_verify_host, conn_host);
+							tls = Ref<StreamPeerTLS>(StreamPeerTLS::create());
+							tls->set_blocking_handshake_enabled(false);
+							Error err = tls->connect_to_stream(tcp_connection, tls_verify_host, conn_host);
 							if (err != OK) {
 								close();
-								status = STATUS_SSL_HANDSHAKE_ERROR;
+								status = STATUS_TLS_HANDSHAKE_ERROR;
 								return ERR_CANT_CONNECT;
 							}
-							connection = ssl;
+							connection = tls;
 							handshaking = true;
 						} else {
-							// We are already handshaking, which means we can use your already active SSL connection.
-							ssl = static_cast<Ref<StreamPeerTLS>>(connection);
-							if (ssl.is_null()) {
+							// We are already handshaking, which means we can use your already active TLS connection.
+							tls = static_cast<Ref<StreamPeerTLS>>(connection);
+							if (tls.is_null()) {
 								close();
-								status = STATUS_SSL_HANDSHAKE_ERROR;
+								status = STATUS_TLS_HANDSHAKE_ERROR;
 								return ERR_CANT_CONNECT;
 							}
 
-							ssl->poll(); // Try to finish the handshake.
+							tls->poll(); // Try to finish the handshake.
 						}
 
-						if (ssl->get_status() == StreamPeerTLS::STATUS_CONNECTED) {
+						if (tls->get_status() == StreamPeerTLS::STATUS_CONNECTED) {
 							// Handshake has been successful.
 							handshaking = false;
 							ip_candidates.clear();
 							status = STATUS_CONNECTED;
 							return OK;
-						} else if (ssl->get_status() != StreamPeerTLS::STATUS_HANDSHAKING) {
+						} else if (tls->get_status() != StreamPeerTLS::STATUS_HANDSHAKING) {
 							// Handshake has failed.
 							close();
-							status = STATUS_SSL_HANDSHAKE_ERROR;
+							status = STATUS_TLS_HANDSHAKE_ERROR;
 							return ERR_CANT_CONNECT;
 						}
 						// ... we will need to poll more for handshake to finish.
@@ -421,7 +421,7 @@ Error HTTPClientTCP::poll() {
 		case STATUS_BODY:
 		case STATUS_CONNECTED: {
 			// Check if we are still connected.
-			if (ssl) {
+			if (tls) {
 				Ref<StreamPeerTLS> tmp = connection;
 				tmp->poll();
 				if (tmp->get_status() != StreamPeerTLS::STATUS_CONNECTED) {
@@ -548,7 +548,7 @@ Error HTTPClientTCP::poll() {
 			return ERR_UNCONFIGURED;
 		} break;
 		case STATUS_CONNECTION_ERROR:
-		case STATUS_SSL_HANDSHAKE_ERROR: {
+		case STATUS_TLS_HANDSHAKE_ERROR: {
 			return ERR_CONNECTION_ERROR;
 		} break;
 		case STATUS_CANT_CONNECT: {

diff --git a/core/io/http_client_tcp.h b/core/io/http_client_tcp.h
@@ -46,8 +46,8 @@ class HTTPClientTCP : public HTTPClient {
 	String http_proxy_host;
 	int https_proxy_port = -1; // Proxy server for https requests.
 	String https_proxy_host;
-	bool ssl = false;
-	bool ssl_verify_host = false;
+	bool tls = false;
+	bool tls_verify_host = false;
 	bool blocking = false;
 	bool handshaking = false;
 	bool head_request = false;
@@ -79,7 +79,7 @@ class HTTPClientTCP : public HTTPClient {
 
 	Error request(Method p_method, const String &p_url, const Vector<String> &p_headers, const uint8_t *p_body, int p_body_size) override;
 
-	Error connect_to_host(const String &p_host, int p_port = -1, bool p_ssl = false, bool p_verify_host = true) override;
+	Error connect_to_host(const String &p_host, int p_port = -1, bool p_tls = false, bool p_verify_host = true) override;
 	void set_connection(const Ref<StreamPeer> &p_connection) override;
 	Ref<StreamPeer> get_connection() const override;
 	void close() override;

diff --git a/core/register_core_types.cpp b/core/register_core_types.cpp
@@ -284,8 +284,8 @@ void register_core_settings() {
 	ProjectSettings::get_singleton()->set_custom_property_info("network/limits/tcp/connect_timeout_seconds", PropertyInfo(Variant::INT, "network/limits/tcp/connect_timeout_seconds", PROPERTY_HINT_RANGE, "1,1800,1"));
 	GLOBAL_DEF_RST("network/limits/packet_peer_stream/max_buffer_po2", (16));
 	ProjectSettings::get_singleton()->set_custom_property_info("network/limits/packet_peer_stream/max_buffer_po2", PropertyInfo(Variant::INT, "network/limits/packet_peer_stream/max_buffer_po2", PROPERTY_HINT_RANGE, "0,64,1,or_greater"));
-	GLOBAL_DEF("network/ssl/certificate_bundle_override", "");
-	ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificate_bundle_override", PropertyInfo(Variant::STRING, "network/ssl/certificate_bundle_override", PROPERTY_HINT_FILE, "*.crt"));
+	GLOBAL_DEF("network/tls/certificate_bundle_override", "");
+	ProjectSettings::get_singleton()->set_custom_property_info("network/tls/certificate_bundle_override", PropertyInfo(Variant::STRING, "network/tls/certificate_bundle_override", PROPERTY_HINT_FILE, "*.crt"));
 
 	int worker_threads = GLOBAL_DEF("threading/worker_pool/max_threads", -1);
 	bool low_priority_use_system_threads = GLOBAL_DEF("threading/worker_pool/use_system_threads_for_low_priority_tasks", true);

diff --git a/doc/classes/EditorSettings.xml b/doc/classes/EditorSettings.xml
@@ -616,8 +616,8 @@
 			The port number to use to contact the HTTP and HTTPS proxy in the editor (for the asset library and export template downloads). See also [member network/http_proxy/host].
 			[b]Note:[/b] Godot currently doesn't automatically use system proxy settings, so you have to enter them manually here if needed.
 		</member>
-		<member name="network/ssl/editor_ssl_certificates" type="String" setter="" getter="">
-			The SSL certificate bundle to use for HTTP requests made within the editor (e.g. from the AssetLib tab). If left empty, the [url=https://github.com/godotengine/godot/blob/master/thirdparty/certs/ca-certificates.crt]included Mozilla certificate bundle[/url] will be used.
+		<member name="network/tls/editor_tls_certificates" type="String" setter="" getter="">
+			The TLS certificate bundle to use for HTTP requests made within the editor (e.g. from the AssetLib tab). If left empty, the [url=https://github.com/godotengine/godot/blob/master/thirdparty/certs/ca-certificates.crt]included Mozilla certificate bundle[/url] will be used.
 		</member>
 		<member name="project_manager/sorting_order" type="int" setter="" getter="">
 			The sorting order to use in the project manager. When changing the sorting order in the project manager, this setting is set permanently in the editor settings.

diff --git a/doc/classes/HTTPClient.xml b/doc/classes/HTTPClient.xml
@@ -7,17 +7,17 @@
 		Hyper-text transfer protocol client (sometimes called "User Agent"). Used to make HTTP requests to download web content, upload files and other data or to communicate with various services, among other use cases.
 		See the [HTTPRequest] node for a higher-level alternative.
 		[b]Note:[/b] This client only needs to connect to a host once (see [method connect_to_host]) to send multiple requests. Because of this, methods that take URLs usually take just the part after the host instead of the full URL, as the client is already connected to a host. See [method request] for a full example and to get started.
-		A [HTTPClient] should be reused between multiple requests or to connect to different hosts instead of creating one client per request. Supports SSL and SSL server certificate verification. HTTP status codes in the 2xx range indicate success, 3xx redirection (i.e. "try again, but over here"), 4xx something was wrong with the request, and 5xx something went wrong on the server's side.
+		A [HTTPClient] should be reused between multiple requests or to connect to different hosts instead of creating one client per request. Supports Transport Layer Security (TLS), including server certificate verification. HTTP status codes in the 2xx range indicate success, 3xx redirection (i.e. "try again, but over here"), 4xx something was wrong with the request, and 5xx something went wrong on the server's side.
 		For more information on HTTP, see https://developer.mozilla.org/en-US/docs/Web/HTTP (or read RFC 2616 to get it straight from the source: https://tools.ietf.org/html/rfc2616).
 		[b]Note:[/b] When exporting to Android, make sure to enable the [code]INTERNET[/code] permission in the Android export preset before exporting the project or using one-click deploy. Otherwise, network communication of any kind will be blocked by Android.
-		[b]Note:[/b] It's recommended to use transport encryption (SSL/TLS) and to avoid sending sensitive information (such as login credentials) in HTTP GET URL parameters. Consider using HTTP POST requests or HTTP headers for such information instead.
+		[b]Note:[/b] It's recommended to use transport encryption (TLS) and to avoid sending sensitive information (such as login credentials) in HTTP GET URL parameters. Consider using HTTP POST requests or HTTP headers for such information instead.
 		[b]Note:[/b] When performing HTTP requests from a project exported to Web, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header.
-		[b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
-		[b]Warning:[/b] SSL/TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
+		[b]Note:[/b] TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
+		[b]Warning:[/b] TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
 	</description>
 	<tutorials>
 		<link title="HTTP client class">$DOCS_URL/tutorials/networking/http_client_class.html</link>
-		<link title="SSL certificates">$DOCS_URL/tutorials/networking/ssl_certificates.html</link>
+		<link title="TLS certificates">$DOCS_URL/tutorials/networking/ssl_certificates.html</link>
 	</tutorials>
 	<methods>
 		<method name="close">
@@ -30,13 +30,13 @@
 			<return type="int" enum="Error" />
 			<param index="0" name="host" type="String" />
 			<param index="1" name="port" type="int" default="-1" />
-			<param index="2" name="use_ssl" type="bool" default="false" />
+			<param index="2" name="use_tls" type="bool" default="false" />
 			<param index="3" name="verify_host" type="bool" default="true" />
 			<description>
 				Connects to a host. This needs to be done before any requests are sent.
 				The host should not have http:// prepended but will strip the protocol identifier if provided.
-				If no [param port] is specified (or [code]-1[/code] is used), it is automatically set to 80 for HTTP and 443 for HTTPS (if [param use_ssl] is enabled).
-				[param verify_host] will check the SSL identity of the host if set to [code]true[/code].
+				If no [param port] is specified (or [code]-1[/code] is used), it is automatically set to 80 for HTTP and 443 for HTTPS (if [param use_tls] is enabled).
+				[param verify_host] will check the TLS identity of the host if set to [code]true[/code].
 			</description>
 		</method>
 		<method name="get_response_body_length" qualifiers="const">
@@ -262,8 +262,8 @@
 		<constant name="STATUS_CONNECTION_ERROR" value="8" enum="Status">
 			Status: Error in HTTP connection.
 		</constant>
-		<constant name="STATUS_SSL_HANDSHAKE_ERROR" value="9" enum="Status">
-			Status: Error in SSL handshake.
+		<constant name="STATUS_TLS_HANDSHAKE_ERROR" value="9" enum="Status">
+			Status: Error in TLS handshake.
 		</constant>
 		<constant name="RESPONSE_CONTINUE" value="100" enum="ResponseCode">
 			HTTP status code [code]100 Continue[/code]. Interim response that indicates everything so far is OK and that the client should continue with the request (or ignore this status if already finished).