Etusivu Tutki Apua
Kirjaudu sisään
godotengine
/
godot-docs
peilaus alkaen https://github.com/godotengine/godot-docs
Tarkkaile 1
Äänestä 1
Fork 0
Tiedostot
Puu: b313607fd7
Branchit Tagit
godot-docs
/
tutorials
/
networking
/
ssl_certificates.rst

ssl_certificates.rst 2.4 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. :article_outdated: True
    2. 

  2. 

  3. .. _doc_ssl_certificates:
    4. 

  4. 

  5. SSL certificates
    6. 

  6. ================
    7. 

  7. 

  8. Introduction
    9. 

  9. ------------
    10. 

  10. 

  11. It is often desired to use SSL connections for communications to avoid
    12. 

  12. "man in the middle" attacks. Godot has a connection wrapper,
    13. 

  13. :ref:`StreamPeerTLS <class_StreamPeerTLS>`,
    14. 

  14. which can take a regular connection and add security around it. The
    15. 

  15. :ref:`HTTPClient <class_HTTPClient>`
    16. 

  16. class also supports HTTPS by using this same wrapper.
    17. 

  17. 

  18. Godot includes SSL certificates from Mozilla, but you can provide your own
    19. 

  19. with a .crt file in the project settings:
    20. 

  20. 

  21. .. image:: img/ssl_certs.png
    22. 

  22. 

  23. This file should contain any number of public certificates in
    24. 

  24. `PEM format <https://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail>`__.
    25. 

  25. 

  26. Of course, remember to add .crt as filter so the exporter recognizes
    27. 

  27. this when exporting your project.
    28. 

  28. 

  29. .. image:: img/add_crt.png
    30. 

  30. 

  31. There are two ways to obtain certificates:
    32. 

  32. 

  33. Approach 1: self signed cert
    34. 

  34. ----------------------------
    35. 

  35. 

  36. The first approach is the simplest: generate a private and public
    37. 

  37. key pair and add the public key (in PEM format) to the .crt file.
    38. 

  38. The private key should go to your server.
    39. 

  39. 

  40. OpenSSL has `some
    41. 

  41. documentation <https://raw.githubusercontent.com/openssl/openssl/master/doc/HOWTO/keys.txt>`__ about
    42. 

  42. this. This approach also **does not require domain validation** nor
    43. 

  43. requires you to spend a considerable amount of money in purchasing
    44. 

  44. certificates from a CA.
    45. 

  45. 

  46. Approach 2: CA cert
    47. 

  47. -------------------
    48. 

  48. 

  49. The second approach consists of using a certificate authority (CA)
    50. 

  50. such as Verisign, Geotrust, etc. This is a more cumbersome process,
    51. 

  51. but it's more "official" and ensures your identity is clearly
    52. 

  52. represented.
    53. 

  53. 

  54. Unless you are working with large companies or corporations, or need
    55. 

  55. to connect to someone else's servers (i.e., connecting to Google or some
    56. 

  56. other REST API provider via HTTPS), this method is not as useful.
    57. 

  57. 

  58. Also, when using a CA issued cert, **you must enable domain
    59. 

  59. validation**, to ensure the domain you are connecting to is the one
    60. 

  60. intended, otherwise any website can issue any certificate in the same CA
    61. 

  61. and it will work.
    62. 

  62. 

  63. If you are using Linux, you can use the supplied certs file, generally
    64. 

  64. located in:
    65. 

  65. 

  66. .. code-block:: none
    67. 

  67. 

  68.     /etc/ssl/certs/ca-certificates.crt
    69. 

  69. 

  70. This file allows HTTPS connections to virtually any website (i.e.,
    71. 

  71. Google, Microsoft, etc.).
    72. 

  72. 

  73. Or pick any of the more specific certificates there if you are
    74. 

  74. connecting to a specific one.
    75. 

  75.