2013-06-24 09:04:00 +00:00
//This file should be easily portable.
//The biggest strength of this plugin system is that ALL interactions are performed via
//named functions, this makes it *really* easy to port plugins from one engine to annother.
# include "quakedef.h"
2017-06-21 01:24:25 +00:00
# include "netinc.h"
2016-11-15 22:22:04 +00:00
2017-05-18 10:24:09 +00:00
# ifndef GNUTLS_STATIC
# define GNUTLS_DYNAMIC //statically linking is bad, because that just dynamically links to a .so that probably won't exist.
//on the other hand, it does validate that the function types are correct.
# endif
2016-11-15 22:22:04 +00:00
2013-06-24 09:04:00 +00:00
# ifdef HAVE_GNUTLS
2017-09-20 11:27:13 +00:00
# include <gnutls/gnutls.h>
2018-08-24 00:35:16 +00:00
# if GNUTLS_VERSION_MAJOR >= 3
# include <gnutls/abstract.h>
# endif
2017-09-20 11:27:13 +00:00
# include <gnutls/x509.h>
# if GNUTLS_VERSION_MAJOR >= 3 && defined(HAVE_DTLS)
# include <gnutls/dtls.h>
# else
# undef HAVE_DTLS
2016-11-02 08:01:21 +00:00
# endif
2017-09-20 11:27:13 +00:00
# define gnutls_connection_end_t unsigned int
# if GNUTLS_VERSION_MAJOR < 3 || (GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR < 3)
# define GNUTLS_SONUM 26 //cygwin or something.
# endif
# if GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR == 3
# define GNUTLS_SOPREFIX "-deb0" //not sure what this is about.
# define GNUTLS_SONUM 28 //debian jessie
# endif
# if GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR == 4
# define GNUTLS_SONUM 30 //ubuntu 16.04
# endif
# if GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR == 5
# define GNUTLS_SONUM 30 //debian stretch
# endif
# if GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR > 5
# define GNUTLS_SONUM 30 //no idea what the future holds. maybe we'll be lucky...
# endif
# ifndef GNUTLS_SONUM
# pragma message "GNUTLS version not recognised. Will probably not be loadable."
# endif
# ifndef GNUTLS_SOPREFIX
# define GNUTLS_SOPREFIX
# endif
2016-11-02 08:01:21 +00:00
2018-08-24 00:35:16 +00:00
# if GNUTLS_VERSION_MAJOR >= 3
2016-11-02 08:01:21 +00:00
# if GNUTLS_VERSION_MAJOR >= 3
2016-11-15 22:22:04 +00:00
# define GNUTLS_HAVE_SYSTEMTRUST
2016-11-02 08:01:21 +00:00
# endif
# if GNUTLS_VERSION_MAJOR >= 4 || (GNUTLS_VERSION_MAJOR == 3 && (GNUTLS_VERSION_MINOR > 1 || (GNUTLS_VERSION_MINOR == 1 && GNUTLS_VERSION_PATCH >= 1)))
2016-11-15 22:22:04 +00:00
# define GNUTLS_HAVE_VERIFY3
2016-11-02 08:01:21 +00:00
# endif
2016-11-15 22:22:04 +00:00
2017-09-20 11:27:13 +00:00
2022-01-19 08:27:42 +00:00
2016-11-15 22:22:04 +00:00
# ifdef GNUTLS_HAVE_SYSTEMTRUST
2022-01-30 05:55:01 +00:00
# define GNUTLS_TRUSTFUNCS GNUTLS_FUNC(gnutls_certificate_set_x509_system_trust,int,(gnutls_certificate_credentials_t cred))
2016-11-02 08:01:21 +00:00
# else
2022-01-30 05:55:01 +00:00
# define GNUTLS_TRUSTFUNCS GNUTLS_FUNC(gnutls_certificate_set_x509_trust_file,void,(void))
2016-11-02 08:01:21 +00:00
# endif
2016-11-15 22:22:04 +00:00
# ifdef GNUTLS_HAVE_VERIFY3
2016-11-02 08:01:21 +00:00
# define GNUTLS_VERIFYFUNCS \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_certificate_verify_peers3 , int , ( gnutls_session_t session , const char * hostname , unsigned int * status ) ) \
GNUTLS_FUNC ( gnutls_certificate_verification_status_print , int , ( unsigned int status , gnutls_certificate_type_t type , gnutls_datum_t * out , unsigned int flags ) ) \
GNUTLS_FUNC ( gnutls_certificate_type_get , gnutls_certificate_type_t , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_certificate_get_peers , const gnutls_datum_t * , ( gnutls_session_t session , unsigned int * list_size ) )
2016-11-02 08:01:21 +00:00
# else
# define GNUTLS_VERIFYFUNCS \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_certificate_verify_peers2 , int , ( gnutls_session_t session , unsigned int * status ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_check_hostname , unsigned , ( gnutls_x509_crt_t cert , const char * hostname ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_import , int , ( gnutls_x509_crt_t cert , const gnutls_datum_t * data , gnutls_x509_crt_fmt_t format ) ) \
GNUTLS_FUNC ( gnutls_certificate_get_peers , const gnutls_datum_t * , ( gnutls_session_t session , unsigned int * list_size ) )
2016-11-02 08:01:21 +00:00
# endif
2017-05-18 10:24:09 +00:00
# ifdef HAVE_DTLS
# define GNUTLS_DTLS_STUFF \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_key_generate , int , ( gnutls_datum_t * key , unsigned int key_size ) ) \
GNUTLS_FUNC ( gnutls_privkey_sign_hash , int , ( gnutls_privkey_t signer , gnutls_digest_algorithm_t hash_algo , unsigned int flags , const gnutls_datum_t * hash_data , gnutls_datum_t * signature ) ) \
GNUTLS_FUNC ( gnutls_certificate_get_x509_key , int , ( gnutls_certificate_credentials_t res , unsigned index , gnutls_x509_privkey_t * key ) ) \
GNUTLS_FUNC ( gnutls_transport_set_pull_timeout_function , void , ( gnutls_session_t session , gnutls_pull_timeout_func func ) ) \
GNUTLS_FUNC ( gnutls_dtls_cookie_verify , int , ( gnutls_datum_t * key , void * client_data , size_t client_data_size , void * _msg , size_t msg_size , gnutls_dtls_prestate_st * prestate ) ) \
GNUTLS_FUNC ( gnutls_dtls_cookie_send , int , ( gnutls_datum_t * key , void * client_data , size_t client_data_size , gnutls_dtls_prestate_st * prestate , gnutls_transport_ptr_t ptr , gnutls_push_func push_func ) ) \
GNUTLS_FUNC ( gnutls_dtls_prestate_set , void , ( gnutls_session_t session , gnutls_dtls_prestate_st * prestate ) ) \
GNUTLS_FUNC ( gnutls_dtls_set_mtu , void , ( gnutls_session_t session , unsigned int mtu ) ) \
GNUTLS_FUNC ( gnutls_psk_allocate_server_credentials , int , ( gnutls_psk_server_credentials_t * sc ) ) \
GNUTLS_FUNC ( gnutls_psk_set_server_credentials_function , void , ( gnutls_psk_server_credentials_t cred , gnutls_psk_server_credentials_function * func ) ) \
GNUTLS_FUNC ( gnutls_psk_set_server_credentials_hint , int , ( gnutls_psk_server_credentials_t res , const char * hint ) ) \
GNUTLS_FUNC ( gnutls_psk_allocate_client_credentials , int , ( gnutls_psk_client_credentials_t * sc ) ) \
GNUTLS_FUNC ( gnutls_psk_set_client_credentials_function , void , ( gnutls_psk_client_credentials_t cred , gnutls_psk_client_credentials_function * func ) ) \
GNUTLS_FUNC ( gnutls_psk_client_get_hint , const char * , ( gnutls_session_t session ) )
2017-05-18 10:24:09 +00:00
# else
# define GNUTLS_DTLS_STUFF
# endif
2016-11-02 08:01:21 +00:00
2017-09-20 11:27:13 +00:00
# define GNUTLS_X509_STUFF \
2023-02-20 08:35:56 +00:00
GNUTLS_FUNC ( gnutls_certificate_server_set_request , void , ( gnutls_session_t session , gnutls_certificate_request_t req ) ) \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_sec_param_to_pk_bits , unsigned int , ( gnutls_pk_algorithm_t algo , gnutls_sec_param_t param ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_init , int , ( gnutls_x509_crt_t * cert ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_deinit , void , ( gnutls_x509_crt_t cert ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_import , int , ( gnutls_x509_crt_t cert , const gnutls_datum_t * data , gnutls_x509_crt_fmt_t format ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_version , int , ( gnutls_x509_crt_t crt , unsigned int version ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_activation_time , int , ( gnutls_x509_crt_t cert , time_t act_time ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_expiration_time , int , ( gnutls_x509_crt_t cert , time_t exp_time ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_serial , int , ( gnutls_x509_crt_t cert , const void * serial , size_t serial_size ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_dn , int , ( gnutls_x509_crt_t crt , const char * dn , const char * * err ) ) \
2023-02-20 08:35:56 +00:00
GNUTLS_FUNC ( gnutls_x509_crt_get_dn3 , int , ( gnutls_x509_crt_t crt , gnutls_datum_t * dn , unsigned flags ) ) \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_x509_crt_set_issuer_dn , int , ( gnutls_x509_crt_t crt , const char * dn , const char * * err ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_set_key , int , ( gnutls_x509_crt_t crt , gnutls_x509_privkey_t key ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_export2 , int , ( gnutls_x509_crt_t cert , gnutls_x509_crt_fmt_t format , gnutls_datum_t * out ) ) \
GNUTLS_FUNC ( gnutls_x509_privkey_init , int , ( gnutls_x509_privkey_t * key ) ) \
GNUTLS_FUNC ( gnutls_x509_privkey_deinit , void , ( gnutls_x509_privkey_t key ) ) \
GNUTLS_FUNC ( gnutls_x509_privkey_generate , int , ( gnutls_x509_privkey_t key , gnutls_pk_algorithm_t algo , unsigned int bits , unsigned int flags ) ) \
GNUTLS_FUNC ( gnutls_x509_privkey_export2 , int , ( gnutls_x509_privkey_t key , gnutls_x509_crt_fmt_t format , gnutls_datum_t * out ) ) \
GNUTLS_FUNC ( gnutls_x509_crt_privkey_sign , int , ( gnutls_x509_crt_t crt , gnutls_x509_crt_t issuer , gnutls_privkey_t issuer_key , gnutls_digest_algorithm_t dig , unsigned int flags ) ) \
GNUTLS_FUNC ( gnutls_privkey_init , int , ( gnutls_privkey_t * key ) ) \
GNUTLS_FUNC ( gnutls_privkey_deinit , void , ( gnutls_privkey_t key ) ) \
GNUTLS_FUNC ( gnutls_privkey_import_x509 , int , ( gnutls_privkey_t pkey , gnutls_x509_privkey_t key , unsigned int flags ) ) \
GNUTLS_FUNC ( gnutls_certificate_set_x509_key_mem , int , ( gnutls_certificate_credentials_t res , const gnutls_datum_t * cert , const gnutls_datum_t * key , gnutls_x509_crt_fmt_t type ) ) \
GNUTLS_FUNC ( gnutls_pubkey_init , int , ( gnutls_pubkey_t * key ) ) \
GNUTLS_FUNC ( gnutls_pubkey_deinit , void , ( gnutls_pubkey_t key ) ) \
GNUTLS_FUNC ( gnutls_pubkey_import_x509 , int , ( gnutls_pubkey_t key , gnutls_x509_crt_t crt , unsigned int flags ) ) \
2023-02-20 08:35:56 +00:00
GNUTLS_FUNC ( gnutls_pubkey_verify_hash2 , int , ( gnutls_pubkey_t key , gnutls_sign_algorithm_t algo , unsigned int flags , const gnutls_datum_t * hash , const gnutls_datum_t * signature ) ) \
GNUTLS_FUNC ( gnutls_certificate_get_ours , const gnutls_datum_t * , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_certificate_get_crt_raw , int , ( gnutls_certificate_credentials_t sc , unsigned idx1 , unsigned idx2 , gnutls_datum_t * cert ) )
2017-09-20 11:27:13 +00:00
2016-11-02 08:01:21 +00:00
# define GNUTLS_FUNCS \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_bye , int , ( gnutls_session_t session , gnutls_close_request_t how ) ) \
GNUTLS_FUNC ( gnutls_alert_get , gnutls_alert_description_t , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_alert_get_name , const char * , ( gnutls_alert_description_t alert ) ) \
2024-05-30 13:00:38 +00:00
GNUTLS_FUNC ( gnutls_strerror , const char * , ( int error ) ) \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_handshake , int , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_transport_set_ptr , void , ( gnutls_session_t session , gnutls_transport_ptr_t ptr ) ) \
GNUTLS_FUNC ( gnutls_transport_set_push_function , void , ( gnutls_session_t session , gnutls_push_func push_func ) ) \
GNUTLS_FUNC ( gnutls_transport_set_pull_function , void , ( gnutls_session_t session , gnutls_pull_func pull_func ) ) \
GNUTLS_FUNC ( gnutls_transport_set_errno , void , ( gnutls_session_t session , int err ) ) \
GNUTLS_FUNC ( gnutls_error_is_fatal , int , ( int error ) ) \
GNUTLS_FUNC ( gnutls_credentials_set , int , ( gnutls_session_t , gnutls_credentials_type_t type , void * cred ) ) \
GNUTLS_FUNC ( gnutls_init , int , ( gnutls_session_t * session , gnutls_connection_end_t con_end ) ) \
GNUTLS_FUNC ( gnutls_deinit , void , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_set_default_priority , int , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_certificate_allocate_credentials , int , ( gnutls_certificate_credentials_t * sc ) ) \
GNUTLS_FUNC ( gnutls_certificate_free_credentials , void , ( gnutls_certificate_credentials_t sc ) ) \
GNUTLS_FUNC ( gnutls_session_channel_binding , int , ( gnutls_session_t session , gnutls_channel_binding_t cbtype , gnutls_datum_t * cb ) ) \
GNUTLS_FUNC ( gnutls_global_init , int , ( void ) ) \
GNUTLS_FUNC ( gnutls_global_deinit , void , ( void ) ) \
GNUTLS_FUNC ( gnutls_record_send , ssize_t , ( gnutls_session_t session , const void * data , size_t sizeofdata ) ) \
GNUTLS_FUNC ( gnutls_record_recv , ssize_t , ( gnutls_session_t session , void * data , size_t sizeofdata ) ) \
GNUTLS_FUNC ( gnutls_certificate_set_verify_function , void , ( gnutls_certificate_credentials_t cred , gnutls_certificate_verify_function * func ) ) \
GNUTLS_FUNC ( gnutls_session_get_ptr , void * , ( gnutls_session_t session ) ) \
GNUTLS_FUNC ( gnutls_session_set_ptr , void , ( gnutls_session_t session , void * ptr ) ) \
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
GNUTLS_FUNCPTR ( gnutls_malloc , void * , ( size_t sz ) , ( sz ) ) \
GNUTLS_FUNCPTR ( gnutls_free , void , ( void * ptr ) , ( ptr ) ) \
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_server_name_set , int , ( gnutls_session_t session , gnutls_server_name_type_t type , const void * name , size_t name_length ) ) \
2016-11-02 08:01:21 +00:00
GNUTLS_TRUSTFUNCS \
GNUTLS_VERIFYFUNCS \
2017-09-20 11:27:13 +00:00
GNUTLS_DTLS_STUFF \
GNUTLS_X509_STUFF
2016-11-02 08:01:21 +00:00
2013-06-24 09:04:00 +00:00
2022-01-30 05:55:01 +00:00
# ifdef GNUTLS_DYNAMIC
# define GNUTLS_FUNC(n,ret,args) static ret (VARGS *q##n)args;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
# define GNUTLS_FUNCPTR(n,ret,arglist,callargs) static ret (VARGS **q##n)arglist;
2013-11-21 23:02:28 +00:00
# else
2022-01-30 05:55:01 +00:00
# define GNUTLS_FUNC(n,ret,args) static ret (VARGS *q##n)args = n;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
# define GNUTLS_FUNCPTR(n,ret,arglist,callargs) static ret VARGS q##n arglist {return n(callargs);};
2013-11-21 23:02:28 +00:00
# endif
2017-05-18 10:24:09 +00:00
# ifdef HAVE_DTLS
2022-01-30 05:55:01 +00:00
GNUTLS_FUNC ( gnutls_set_default_priority_append , int , ( gnutls_session_t session , const char * add_prio , const char * * err_pos , unsigned flags ) )
2017-05-18 10:24:09 +00:00
# endif
2022-01-30 05:55:01 +00:00
GNUTLS_FUNCS
2017-05-18 10:24:09 +00:00
2022-01-30 05:55:01 +00:00
# undef GNUTLS_FUNC
# undef GNUTLS_FUNCPTR
# if defined(GNUTLS_DYNAMIC) && defined(HAVE_DTLS)
static int VARGS fallback_gnutls_set_default_priority_append ( gnutls_session_t session , const char * add_prio , const char * * err_pos , unsigned flags )
{
return qgnutls_set_default_priority ( session ) ;
}
# endif
static struct
{
# ifdef GNUTLS_DYNAMIC
dllhandle_t * hmod ;
# endif
int initstatus [ 2 ] ;
} gnutls ;
static qboolean Init_GNUTLS ( void )
{
# ifdef GNUTLS_DYNAMIC
dllfunction_t functable [ ] =
{
# define GNUTLS_FUNC(nam,ret,args) {(void**)&q##nam, #nam},
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
# define GNUTLS_FUNCPTR(nam,ret,arglist,calllist) {(void**)&q##nam, #nam},
2022-01-30 05:55:01 +00:00
GNUTLS_FUNCS
# undef GNUTLS_FUNC
# undef GNUTLS_FUNCPTR
2013-06-24 09:04:00 +00:00
{ NULL , NULL }
} ;
2016-11-02 08:01:21 +00:00
# ifdef GNUTLS_SONUM
# ifdef __CYGWIN__
2022-01-30 05:55:01 +00:00
gnutls . hmod = Sys_LoadLibrary ( " cyggnutls " GNUTLS_SOPREFIX " - " STRINGIFY ( GNUTLS_SONUM ) " .dll " , functable ) ;
2016-11-02 08:01:21 +00:00
# else
2022-01-30 05:55:01 +00:00
gnutls . hmod = Sys_LoadLibrary ( " libgnutls " GNUTLS_SOPREFIX " .so. " STRINGIFY ( GNUTLS_SONUM ) , functable ) ;
2016-11-02 08:01:21 +00:00
# endif
2013-11-21 23:02:28 +00:00
# else
2022-01-30 05:55:01 +00:00
gnutls . hmod = Sys_LoadLibrary ( " libgnutls " GNUTLS_SOPREFIX " .so " , functable ) ; //hope and pray
2013-11-21 23:02:28 +00:00
# endif
2022-01-30 05:55:01 +00:00
if ( ! gnutls . hmod )
2013-06-24 09:04:00 +00:00
return false ;
2022-01-19 08:27:42 +00:00
2022-01-28 10:48:21 +00:00
# ifdef HAVE_DTLS
2022-01-30 05:55:01 +00:00
qgnutls_set_default_priority_append = Sys_GetAddressForName ( gnutls . hmod , " gnutls_set_default_priority_append " ) ;
2022-01-19 08:27:42 +00:00
if ( ! qgnutls_set_default_priority_append )
qgnutls_set_default_priority_append = fallback_gnutls_set_default_priority_append ;
2022-01-28 10:48:21 +00:00
# endif
2013-06-24 09:04:00 +00:00
# endif
2016-11-02 08:01:21 +00:00
return true ;
}
2013-06-24 09:04:00 +00:00
typedef struct
{
vfsfile_t funcs ;
vfsfile_t * stream ;
2013-11-21 23:02:28 +00:00
char certname [ 512 ] ;
2013-06-24 09:04:00 +00:00
gnutls_session_t session ;
qboolean handshaking ;
2016-07-12 00:40:13 +00:00
qboolean datagram ;
2013-06-24 09:04:00 +00:00
2020-10-06 03:17:28 +00:00
int pullerror ; //adding these two because actual networking errors are not getting represented properly, at least with regard to timeouts.
int pusherror ;
2022-01-28 10:48:01 +00:00
gnutls_certificate_credentials_t certcred ;
hashfunc_t * peerhashfunc ;
qbyte peerdigest [ DIGEST_MAXSIZE ] ;
2017-05-18 10:24:09 +00:00
qboolean challenging ; //not sure this is actually needed, but hey.
void * cbctx ;
neterr_t ( * cbpush ) ( void * cbctx , const qbyte * data , size_t datasize ) ;
qbyte * readdata ;
size_t readsize ;
2017-05-28 08:17:25 +00:00
# ifdef HAVE_DTLS
2017-05-18 10:24:09 +00:00
gnutls_dtls_prestate_st prestate ;
2017-05-28 08:17:25 +00:00
# endif
2017-05-18 10:24:09 +00:00
// int mtu;
2013-06-24 09:04:00 +00:00
} gnutlsfile_t ;
2022-01-16 18:41:34 +00:00
static void SSL_SetCertificateName ( gnutlsfile_t * f , const char * hostname )
{
int i ;
if ( hostname )
{
const char * host = strstr ( hostname , " :// " ) ;
if ( host )
hostname = host + 3 ;
//any dtls:// prefix will have been stripped now.
if ( * hostname = = ' [ ' )
{ //eg: [::1]:foo - skip the lead [ and strip the ] and any trailing data (hopefully just a :port or nothing)
hostname + + ;
host = strchr ( hostname , ' ] ' ) ;
if ( host & & host - hostname < sizeof ( f - > certname ) )
{
memcpy ( f - > certname , hostname , host - hostname ) ;
f - > certname [ host - hostname ] = 0 ;
hostname = f - > certname ;
}
}
else
{ //eg: 127.0.0.1:port - strip the port number if specified.
host = strchr ( hostname , ' : ' ) ;
if ( host & & host - hostname < sizeof ( f - > certname ) )
{
memcpy ( f - > certname , hostname , host - hostname ) ;
f - > certname [ host - hostname ] = 0 ;
hostname = f - > certname ;
}
}
for ( i = 0 ; hostname [ i ] ; i + + )
{
if ( hostname [ i ] > = ' a ' & & hostname [ i ] < = ' z ' )
;
else if ( hostname [ i ] > = ' A ' & & hostname [ i ] < = ' Z ' )
;
else if ( hostname [ i ] > = ' 0 ' & & hostname [ i ] < = ' 9 ' )
;
else if ( hostname [ i ] = = ' - ' | | hostname [ i ] = = ' . ' )
;
else
{
hostname = NULL ; //something invalid. bum.
break ;
}
}
//we should have a cleaned up host name now, ready for (ab)use in certificates.
}
if ( ! hostname )
* f - > certname = 0 ;
else if ( hostname = = f - > certname )
;
else if ( strlen ( hostname ) > = sizeof ( f - > certname ) )
* f - > certname = 0 ;
else
memcpy ( f - > certname , hostname , strlen ( hostname ) + 1 ) ;
}
2013-11-21 23:02:28 +00:00
# define CAFILE " / etc / ssl / certs / ca-certificates.crt"
2019-06-05 20:48:06 +00:00
static void SSL_Close ( vfsfile_t * vfs )
2013-06-24 09:04:00 +00:00
{
gnutlsfile_t * file = ( void * ) vfs ;
2019-06-05 20:48:06 +00:00
file - > handshaking = true ; //so further attempts to use it will fail.
2013-11-21 23:02:28 +00:00
if ( file - > session )
2018-03-06 16:46:57 +00:00
{
2016-11-02 08:01:21 +00:00
qgnutls_bye ( file - > session , file - > datagram ? GNUTLS_SHUT_WR : GNUTLS_SHUT_RDWR ) ;
2018-03-06 16:46:57 +00:00
qgnutls_deinit ( file - > session ) ;
2019-06-05 20:48:06 +00:00
file - > session = NULL ;
2018-03-06 16:46:57 +00:00
}
2022-01-30 05:55:01 +00:00
if ( file - > certcred )
{
qgnutls_certificate_free_credentials ( file - > certcred ) ;
file - > certcred = NULL ;
}
2020-02-26 00:37:52 +00:00
}
static qboolean QDECL SSL_CloseFile ( vfsfile_t * vfs )
{
gnutlsfile_t * file = ( void * ) vfs ;
SSL_Close ( vfs ) ;
2013-11-21 23:02:28 +00:00
if ( file - > stream )
2019-06-05 20:48:06 +00:00
{
2013-11-21 23:02:28 +00:00
VFS_CLOSE ( file - > stream ) ;
2019-06-05 20:48:06 +00:00
file - > stream = NULL ;
}
2022-01-28 10:48:01 +00:00
if ( file - > certcred )
qgnutls_certificate_free_credentials ( file - > certcred ) ;
2019-06-05 20:48:06 +00:00
Z_Free ( vfs ) ;
2016-02-15 06:01:17 +00:00
return true ;
2013-06-24 09:04:00 +00:00
}
2017-04-09 05:43:08 +00:00
2020-08-13 08:39:48 +00:00
static int SSL_CheckUserTrust ( gnutls_session_t session , gnutlsfile_t * file , int gcertcode )
2017-09-20 11:27:13 +00:00
{
2020-08-13 08:39:48 +00:00
int ret = gcertcode ? GNUTLS_E_CERTIFICATE_ERROR : GNUTLS_E_SUCCESS ;
2022-01-30 07:18:34 +00:00
# if defined(HAVE_CLIENT) && defined(HAVE_DTLS)
2020-08-13 08:39:48 +00:00
unsigned int ferrcode ;
2017-09-20 11:27:13 +00:00
//when using dtls, we expect self-signed certs and persistent trust.
if ( file - > datagram )
{
qbyte * certdata ;
size_t certsize ;
unsigned int certcount , j ;
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( session , & certcount ) ;
for ( certsize = 0 , j = 0 ; j < certcount ; j + + )
certsize + = certlist [ j ] . size ;
certdata = malloc ( certsize ) ;
for ( certsize = 0 , j = 0 ; j < certcount ; j + + )
{
memcpy ( certdata + certsize , certlist [ j ] . data , certlist [ j ] . size ) ;
certsize + = certlist [ j ] . size ;
}
2020-08-13 08:39:48 +00:00
//if gcertcode is 0 then we can still pin it.
ferrcode = 0 ;
if ( gcertcode & GNUTLS_CERT_SIGNER_NOT_FOUND )
ferrcode | = CERTLOG_MISSINGCA ;
if ( gcertcode & GNUTLS_CERT_UNEXPECTED_OWNER )
ferrcode | = CERTLOG_WRONGHOST ;
if ( gcertcode & GNUTLS_CERT_EXPIRED )
ferrcode | = CERTLOG_EXPIRED ;
if ( gcertcode & ~ ( GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_UNEXPECTED_OWNER | GNUTLS_CERT_EXPIRED ) )
ferrcode | = CERTLOG_UNKNOWN ;
if ( CertLog_ConnectOkay ( file - > certname , certdata , certsize , ferrcode ) )
ret = GNUTLS_E_SUCCESS ; //user has previously authorised it.
2017-09-20 11:27:13 +00:00
else
2020-08-13 08:39:48 +00:00
ret = GNUTLS_E_CERTIFICATE_ERROR ; //user didn't trust it yet
2017-09-20 11:27:13 +00:00
free ( certdata ) ;
}
# endif
2020-08-13 08:39:48 +00:00
return ret ;
2017-09-20 11:27:13 +00:00
}
2013-11-21 23:02:28 +00:00
static int QDECL SSL_CheckCert ( gnutls_session_t session )
{
2016-11-02 08:01:21 +00:00
gnutlsfile_t * file = qgnutls_session_get_ptr ( session ) ;
2013-11-21 23:02:28 +00:00
unsigned int certstatus ;
2017-04-09 05:43:08 +00:00
qboolean preverified = false ;
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
size_t knownsize ;
qbyte * knowndata = TLS_GetKnownCertificate ( file - > certname , & knownsize ) ;
if ( knowndata )
2017-04-09 05:43:08 +00:00
{
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
unsigned int certcount , j ;
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( session , & certcount ) ;
if ( ! certlist | | ! certcount )
{
BZ_Free ( knowndata ) ;
return GNUTLS_E_CERTIFICATE_ERROR ;
}
else
2017-04-09 05:43:08 +00:00
{
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
size_t offset = 0 ;
for ( j = 0 ; j < certcount ; offset + = certlist [ j + + ] . size )
2017-04-09 05:43:08 +00:00
{
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
if ( certlist [ j ] . size + offset > knownsize )
break ; //overflow...
if ( memcmp ( certlist [ j ] . data , knowndata + offset , certlist [ j ] . size ) )
break ;
}
2017-04-09 05:43:08 +00:00
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
if ( j & & j = = certcount & & offset = = knownsize )
preverified = true ;
else
{
# ifdef _DEBUG
for ( j = 0 , offset = 0 ; j < certcount ; j + + )
offset + = certlist [ j ] . size ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
Con_Printf ( " %s cert % " PRIuSIZE " bytes (chain %u) \n " , file - > certname , offset , certcount ) ;
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
Con_Printf ( " /*%s*/ \" " , file - > certname ) ;
for ( j = 0 ; file - > certname [ j ] ; j + + )
Con_Printf ( " \\ x%02x " , file - > certname [ j ] ^ 0xff ) ;
Con_Printf ( " \\ xff " ) ;
Con_Printf ( " \\ x%02x \\ x%02x " , ( unsigned ) offset & 0xff , ( ( unsigned ) offset > > 8 ) & 0xff ) ;
for ( j = 0 ; j < certcount ; j + + )
2017-04-09 05:43:08 +00:00
{
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
unsigned char * data = certlist [ j ] . data ;
unsigned int datasize = certlist [ j ] . size , k ;
for ( k = 0 ; k < datasize ; k + + )
Con_Printf ( " \\ x%02x " , data [ k ] ^ 0xff ) ;
2017-04-09 05:43:08 +00:00
}
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
Con_Printf ( " \" , \n \n " ) ;
2017-04-09 05:43:08 +00:00
# endif
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
Con_Printf ( CON_ERROR " %s: Reported certificate does not match known certificate. Possible MITM attack, alternatively just an outdated client. \n " , file - > certname ) ;
BZ_Free ( knowndata ) ;
return GNUTLS_E_CERTIFICATE_ERROR ;
2017-04-09 05:43:08 +00:00
}
}
Too many changes, sorry.
Change revision displays, use the SVN commit date instead of using __DATE__ (when there's no local changes). This should allow reproducible builds.
Added s_al_disable cvar, to block openal and all the various problems people have had with it, without having to name an explicit fallback (which would vary by system).
Add mastervolume cvar (for ss).
Add r_shadows 2 (aka fake shadows - for ss).
Add scr_loadingscreen_aspect -1 setting, to disable levelshots entirely, also disables the progress bar (for ss).
Better support for some effectinfo hacks (for ss).
Added dpcompat_nocsqcwarnings (because of lazy+buggy mods like ss).
Rework the dpcsqc versions of project+unproject builtins for better compat (for ss).
Added dpcompat_csqcinputeventtypes to block unexpected csqc input events (for ss).
Better compat with DP's loadfont console command (for ss).
Added dpcompat_smallerfonts cvar to replicate a DP bug (for ss).
Detect dp's m_draw extension, to work around it (for ss).
Cvar dpcompat_ignoremodificationtimes added. A value of 0 favour the most recently modified file, 1 will use DP-like alphabetically sorted preferences (for ss).
loadfont builtin can now accept outline=1 in the sizes arg for slightly more readable fonts.
Fix bbox calcs for rotated entities, fix needed for r_ignorenetpvs 0.
Hackily parse emoji.json to provide :poop: etc suggestions.
Skip prediction entirely when there's no local entity info. This fixes stair-smoothing in xonotic.
screenshot_cubemap will now capture half-float images when saving to ktx or dds files.
Fix support for xcf files larger than 4gb, mostly to avoid compiler warnings.
Fixed size of gfx/loading.lmp when replacement textures are used.
Added mipmap support for rg8 and l8a8 textures.
r_hdr_framebuffer cvar updated to support format names instead of random negative numbers. Description updated to name some interesting ones.
Perform autoupdate _checks_ ONLY with explicit user confirmation (actual updating already needed user confirmation, but this extra step should reduce the chances of us getting wrongly accused of exfiltrating user data if we're run in a sandbox - we ONLY ever included the updating engine's version in the checks, though there's nothing we can do to avoid sending the user's router's IP).
Removed the 'summon satan all over your harddrive' quit message, in case paranoid security researchers are idiots and don't bother doing actual research.
Removed the triptohell.info and fte.triptohell.info certificates, they really need to stop being self-signed. The updates domain is still self-signed for autoupdates.
Video drivers are now able to report supported video resolutions, visible to menuqc. Currently only works with SDL2 builds.
Added setmousepos builtin. Should work with glx+win32 build.
VF_SKYROOM_CAMERA can now accept an extra two args, setviewprop(VF_SKYROOM_CAMERA, org, axis, degrees).
Removed v_skyroom_origin+v_skyroom_orientation cvars in favour just v_skyroom, which should make it behave more like the 'fog' command (used when csqc isn't overriding).
Added R_EndPolygonRibbon builtin to make it faster+easier to generate textured ribbon/cable/etc wide lines (for TW).
sdl: Fix up sys_sdl.c's file enumeration to support wildcards in directories.
edit command now displays end1.bin/end2.bin correctly, because we can.
Finally add support for f_modified - though ruleset_allow_larger_models and ruleset_allow_overlong_sounds generally make it redundant.
Fix threading race condition in sha1 lookups.
Updated f_ruleset to include the same extra flags reported by ezquake.
A mod's default.fmf file can now contain an eg 'mainconfig config.cfg' line (to explicitly set the main config saved with cfg_save_auto 1 etc).
fmf: basegame steam:GameName/GameDir can be used to try to load a mod directory from an installed steam game. The resulting gamedir will be read-only.
HOMEDIR CHANGE: use homedirs only if the basedir cannot be written or a homedir already exists, which should further reduce the probability of microsoft randomly uploading our data to their cloud (but mostly because its annoying to never know where your data is written).
Fixed buf_cvarlist, should work in xonotic now, and without segfaults.
Added an extra arg to URI_Get_Callback calls - the response size, also changed the tempstring to contain all bytes of the response, you need to be careful about nulls though.
Try to work around nvidia's forced-panning bug on x11 when changing video modes. This might screw with other programs.
sdl: support custom icons.
sdl: support choosing a specific display.
Added some documentation to menuqc builtins.
menusys: use outlines for slightly more readable fonts.
menusys: switch vid_width and vid_height combos into a single video mode combo to set both according to reported video modes.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5581 fc73d0e0-1445-4013-8a0c-d673dee63da5
2019-11-20 03:09:50 +00:00
BZ_Free ( knowndata ) ;
2017-04-09 05:43:08 +00:00
}
2013-11-21 23:02:28 +00:00
2016-11-15 22:22:04 +00:00
# ifdef GNUTLS_HAVE_VERIFY3
2016-11-02 08:01:21 +00:00
if ( qgnutls_certificate_verify_peers3 ( session , file - > certname , & certstatus ) > = 0 )
2013-11-21 23:02:28 +00:00
{
2020-09-08 05:11:09 +00:00
gnutls_datum_t out = { NULL , 0 } ;
gnutls_certificate_type_t type ;
int ret ;
2017-04-09 05:43:08 +00:00
2020-09-08 05:11:09 +00:00
if ( preverified & & ( certstatus & ~ GNUTLS_CERT_EXPIRED ) = = ( GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND ) )
return 0 ;
ret = SSL_CheckUserTrust ( session , file , certstatus ) ;
if ( ! ret )
return ret ;
2013-11-21 23:02:28 +00:00
2020-09-08 05:11:09 +00:00
type = qgnutls_certificate_type_get ( session ) ;
if ( qgnutls_certificate_verification_status_print ( certstatus , type , & out , 0 ) > = 0 )
{
Con_Printf ( CON_ERROR " %s: %s (%x) \n " , file - > certname , out . data , certstatus ) ;
( * qgnutls_free ) ( out . data ) ;
}
else
Con_Printf ( CON_ERROR " %s: UNKNOWN STATUS (%x) \n " , file - > certname , certstatus ) ;
2013-11-21 23:02:28 +00:00
2020-09-08 05:11:09 +00:00
if ( tls_ignorecertificateerrors . ival )
{
Con_Printf ( CON_ERROR " %s: Ignoring certificate errors (tls_ignorecertificateerrors is %i) \n " , file - > certname , tls_ignorecertificateerrors . ival ) ;
return 0 ;
}
}
2013-11-21 23:02:28 +00:00
# else
2016-11-02 08:01:21 +00:00
if ( qgnutls_certificate_verify_peers2 ( session , & certstatus ) > = 0 )
2013-11-21 23:02:28 +00:00
{
int certslen ;
//grab the certificate
2016-11-02 08:01:21 +00:00
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( session , & certslen ) ;
2013-11-21 23:02:28 +00:00
if ( certlist & & certslen )
{
//and make sure the hostname on it actually makes sense.
2020-08-13 08:39:48 +00:00
int ret ;
2013-11-21 23:02:28 +00:00
gnutls_x509_crt_t cert ;
2016-11-02 08:01:21 +00:00
qgnutls_x509_crt_init ( & cert ) ;
qgnutls_x509_crt_import ( cert , certlist , GNUTLS_X509_FMT_DER ) ;
if ( qgnutls_x509_crt_check_hostname ( cert , file - > certname ) )
2013-11-21 23:02:28 +00:00
{
2018-01-22 19:18:04 +00:00
if ( preverified & & ( certstatus & ~ GNUTLS_CERT_EXPIRED ) = = ( GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND ) )
2017-04-09 05:43:08 +00:00
return 0 ;
2020-08-13 08:39:48 +00:00
ret = SSL_CheckUserTrust ( session , file , certstatus ) ; //looks okay... pin it by default...
if ( ! ret )
return ret ;
2013-11-21 23:02:28 +00:00
if ( certstatus & GNUTLS_CERT_SIGNER_NOT_FOUND )
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Certificate authority is not recognised \n " , file - > certname ) ;
2013-11-21 23:02:28 +00:00
else if ( certstatus & GNUTLS_CERT_INSECURE_ALGORITHM )
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Certificate uses insecure algorithm \n " , file - > certname ) ;
2013-11-21 23:02:28 +00:00
else if ( certstatus & ( GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE | GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED | GNUTLS_CERT_EXPIRED | GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_ACTIVATED ) )
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Certificate has expired or was revoked or not yet valid \n " , file - > certname ) ;
2013-11-21 23:02:28 +00:00
else if ( certstatus & GNUTLS_CERT_SIGNATURE_FAILURE )
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Certificate signature failure \n " , file - > certname ) ;
2013-11-21 23:02:28 +00:00
else
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Certificate error \n " , file - > certname ) ;
if ( tls_ignorecertificateerrors . ival )
2013-11-21 23:02:28 +00:00
{
2019-06-05 20:48:06 +00:00
Con_Printf ( CON_ERROR " %s: Ignoring certificate errors (tls_ignorecertificateerrors is %i) \n " , file - > certname , tls_ignorecertificateerrors . ival ) ;
2013-11-21 23:02:28 +00:00
return 0 ;
}
}
2016-07-12 00:40:13 +00:00
else
2019-06-05 20:48:06 +00:00
Con_DPrintf ( CON_ERROR " %s: certificate is for a different domain \n " , file - > certname ) ;
2013-11-21 23:02:28 +00:00
}
}
2020-09-08 05:11:09 +00:00
# endif
2013-11-21 23:02:28 +00:00
2019-06-05 20:48:06 +00:00
Con_DPrintf ( CON_ERROR " %s: rejecting certificate \n " , file - > certname ) ;
2020-09-08 05:11:09 +00:00
return GNUTLS_E_CERTIFICATE_ERROR ;
2013-11-21 23:02:28 +00:00
}
2022-01-28 10:48:21 +00:00
# ifdef HAVE_DTLS
2022-01-28 10:48:01 +00:00
static int QDECL SSL_CheckFingerprint ( gnutls_session_t session )
{ //actual certificate doesn't matter so long as it matches the hash we expect.
gnutlsfile_t * file = qgnutls_session_get_ptr ( session ) ;
unsigned int certcount , j ;
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( session , & certcount ) ;
if ( certlist & & certcount )
{
qbyte digest [ DIGEST_MAXSIZE ] ;
void * ctx = alloca ( file - > peerhashfunc - > contextsize ) ;
file - > peerhashfunc - > init ( ctx ) ;
for ( j = 0 ; j < certcount ; j + + )
file - > peerhashfunc - > process ( ctx , certlist [ j ] . data , certlist [ j ] . size ) ;
file - > peerhashfunc - > terminate ( digest , ctx ) ;
if ( ! memcmp ( digest , file - > peerdigest , file - > peerhashfunc - > digestsize ) )
return 0 ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
Con_Printf ( CON_ERROR " %s: certificate chain (%i) does not match fingerprint \n " , * file - > certname ? file - > certname : " <anon> " , certcount ) ;
2022-01-28 10:48:01 +00:00
}
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
else
Con_Printf ( CON_ERROR " %s: peer did not provide any certificate \n " , * file - > certname ? file - > certname : " <anon> " ) ;
2022-01-28 10:48:01 +00:00
return GNUTLS_E_CERTIFICATE_ERROR ;
}
2022-01-28 10:48:21 +00:00
# endif
2022-01-28 10:48:01 +00:00
2013-11-21 23:02:28 +00:00
//return 1 to read data.
2020-02-26 00:37:52 +00:00
//-1 for error
//0 for not ready
2018-10-11 10:31:23 +00:00
static int SSL_DoHandshake ( gnutlsfile_t * file )
2013-11-21 23:02:28 +00:00
{
int err ;
//session was previously closed = error
if ( ! file - > session )
2017-05-18 10:24:09 +00:00
{
2020-02-26 00:37:52 +00:00
//Sys_Printf("null session\n");
2020-10-06 03:17:28 +00:00
return VFS_ERROR_UNSPECIFIED ;
2017-05-18 10:24:09 +00:00
}
2013-11-21 23:02:28 +00:00
2016-11-02 08:01:21 +00:00
err = qgnutls_handshake ( file - > session ) ;
2013-11-21 23:02:28 +00:00
if ( err < 0 )
{ //non-fatal errors can just handshake again the next time the caller checks to see if there's any data yet
//(e_again or e_intr)
2016-11-02 08:01:21 +00:00
if ( ! qgnutls_error_is_fatal ( err ) )
2013-11-21 23:02:28 +00:00
return 0 ;
2020-02-11 18:06:10 +00:00
if ( developer . ival )
{
if ( err = = GNUTLS_E_FATAL_ALERT_RECEIVED )
2022-01-08 10:01:05 +00:00
{ //peer doesn't like us.
gnutls_alert_description_t desc = qgnutls_alert_get ( file - > session ) ;
Con_Printf ( CON_ERROR " GNU%sTLS: %s: %s(%i) \n " , file - > datagram ? " D " : " " , file - > certname , qgnutls_alert_get_name ( desc ) , desc ) ;
}
2020-02-11 18:06:10 +00:00
else
2024-05-30 13:00:38 +00:00
{
2020-02-11 18:06:10 +00:00
//we didn't like the peer.
2024-05-30 13:00:38 +00:00
Con_Printf ( CON_ERROR " GNU%sTLS: %s: %s(%i) \n " , file - > datagram ? " D " : " " , file - > certname , qgnutls_strerror ( err ) , err ) ;
}
2020-02-11 18:06:10 +00:00
}
2013-11-21 23:02:28 +00:00
// Con_Printf("%s: abort\n", file->certname);
2020-10-06 03:17:28 +00:00
switch ( err )
{
2022-01-08 10:01:05 +00:00
case GNUTLS_E_INSUFFICIENT_CREDENTIALS :
2020-10-06 03:17:28 +00:00
case GNUTLS_E_CERTIFICATE_ERROR : err = VFS_ERROR_UNTRUSTED ; break ;
2022-01-16 18:41:34 +00:00
case GNUTLS_E_SESSION_EOF :
2020-10-06 03:17:28 +00:00
case GNUTLS_E_PREMATURE_TERMINATION : err = VFS_ERROR_EOF ; break ;
case GNUTLS_E_PUSH_ERROR : err = file - > pusherror ; break ;
case GNUTLS_E_PULL_ERROR : err = file - > pullerror ; break ;
default : err = VFS_ERROR_UNSPECIFIED ; break ;
}
SSL_Close ( & file - > funcs ) ;
return err ;
2013-11-21 23:02:28 +00:00
}
file - > handshaking = false ;
return 1 ;
}
static int QDECL SSL_Read ( struct vfsfile_s * f , void * buffer , int bytestoread )
2013-06-24 09:04:00 +00:00
{
gnutlsfile_t * file = ( void * ) f ;
int read ;
if ( file - > handshaking )
{
2013-11-21 23:02:28 +00:00
read = SSL_DoHandshake ( file ) ;
if ( read < = 0 )
return read ;
2013-06-24 09:04:00 +00:00
}
2020-02-11 18:06:10 +00:00
if ( ! bytestoread ) //gnutls doesn't like this.
2020-10-06 03:17:28 +00:00
return VFS_ERROR_UNSPECIFIED ; //caller is expecting data that we can never return, or something.
2020-02-11 18:06:10 +00:00
2016-11-02 08:01:21 +00:00
read = qgnutls_record_recv ( file - > session , buffer , bytestoread ) ;
2013-06-24 09:04:00 +00:00
if ( read < 0 )
{
2016-11-02 08:01:21 +00:00
if ( read = = GNUTLS_E_PREMATURE_TERMINATION )
{
2017-04-10 07:52:18 +00:00
Con_Printf ( " TLS Premature Termination from %s \n " , file - > certname ) ;
2020-10-06 03:17:28 +00:00
return VFS_ERROR_EOF ;
2016-11-02 08:01:21 +00:00
}
else if ( read = = GNUTLS_E_REHANDSHAKE )
{
file - > handshaking = false ; //gnutls_safe_renegotiation_status();
//if false, 'recommended' to send an GNUTLS_A_NO_RENEGOTIATION alert, no idea how.
}
else if ( ! qgnutls_error_is_fatal ( read ) )
2017-04-10 07:52:18 +00:00
return 0 ; //caller is expected to try again later, no real need to loop here, just in case it repeats (eg E_AGAIN)
2013-06-24 09:04:00 +00:00
else
{
2022-08-07 23:49:33 +00:00
if ( read = = GNUTLS_E_PULL_ERROR )
Con_Printf ( " GNUTLS_E_PULL_ERROR (%s) \n " , file - > certname ) ;
else
Con_Printf ( " GNUTLS Read Warning %i (bufsize %i) \n " , read , bytestoread ) ;
2013-06-24 09:04:00 +00:00
return - 1 ;
}
}
else if ( read = = 0 )
2020-10-06 03:17:28 +00:00
return VFS_ERROR_EOF ; //closed by remote connection.
2013-06-24 09:04:00 +00:00
return read ;
}
2013-11-21 23:02:28 +00:00
static int QDECL SSL_Write ( struct vfsfile_s * f , const void * buffer , int bytestowrite )
2013-06-24 09:04:00 +00:00
{
gnutlsfile_t * file = ( void * ) f ;
int written ;
if ( file - > handshaking )
{
2013-11-21 23:02:28 +00:00
written = SSL_DoHandshake ( file ) ;
if ( written < = 0 )
return written ;
2013-06-24 09:04:00 +00:00
}
2016-11-02 08:01:21 +00:00
written = qgnutls_record_send ( file - > session , buffer , bytestowrite ) ;
2013-06-24 09:04:00 +00:00
if ( written < 0 )
{
2016-11-02 08:01:21 +00:00
if ( ! qgnutls_error_is_fatal ( written ) )
2013-06-24 09:04:00 +00:00
return 0 ;
else
{
2022-07-28 02:18:05 +00:00
Con_DPrintf ( " GNUTLS Send Error %i (%i bytes) \n " , written , bytestowrite ) ;
2020-10-06 03:17:28 +00:00
return VFS_ERROR_UNSPECIFIED ;
2013-06-24 09:04:00 +00:00
}
}
else if ( written = = 0 )
2020-10-06 03:17:28 +00:00
return VFS_ERROR_EOF ; //closed by remote connection.
2013-06-24 09:04:00 +00:00
return written ;
}
2014-03-30 00:39:37 +00:00
static qboolean QDECL SSL_Seek ( struct vfsfile_s * file , qofs_t pos )
2013-06-24 09:04:00 +00:00
{
return false ;
}
2014-03-30 00:39:37 +00:00
static qofs_t QDECL SSL_Tell ( struct vfsfile_s * file )
2013-06-24 09:04:00 +00:00
{
return 0 ;
}
2014-03-30 00:39:37 +00:00
static qofs_t QDECL SSL_GetLen ( struct vfsfile_s * file )
2013-06-24 09:04:00 +00:00
{
return 0 ;
}
# include <errno.h>
/*functions for gnutls to call when it wants to send data*/
static ssize_t SSL_Push ( gnutls_transport_ptr_t p , const void * data , size_t size )
{
gnutlsfile_t * file = p ;
2017-05-18 10:24:09 +00:00
// Sys_Printf("SSL_Push: %u\n", size);
2013-06-24 09:04:00 +00:00
int done = VFS_WRITE ( file - > stream , data , size ) ;
2020-02-26 00:37:52 +00:00
if ( done < = 0 )
2013-06-24 09:04:00 +00:00
{
2020-10-06 03:17:28 +00:00
int eno ;
file - > pusherror = done ;
switch ( done )
{
case VFS_ERROR_EOF : return 0 ;
case VFS_ERROR_DNSFAILURE :
case VFS_ERROR_NORESPONSE : eno = ECONNRESET ; break ;
case VFS_ERROR_TRYLATER : eno = EAGAIN ; break ;
2021-04-14 05:21:04 +00:00
case VFS_ERROR_REFUSED : eno = ECONNREFUSED ; break ;
// case VFS_ERROR_UNSPECIFIED:
// case VFS_ERROR_DNSFAILURE:
// case VFS_ERROR_WRONGCERT:
// case VFS_ERROR_UNTRUSTED:
2020-10-06 03:17:28 +00:00
default : eno = ECONNRESET ; break ;
}
qgnutls_transport_set_errno ( file - > session , eno ) ;
2013-06-24 09:04:00 +00:00
return - 1 ;
}
return done ;
}
static ssize_t SSL_Pull ( gnutls_transport_ptr_t p , void * data , size_t size )
{
2016-07-12 00:40:13 +00:00
gnutlsfile_t * file = p ;
2017-05-18 10:24:09 +00:00
// Sys_Printf("SSL_Pull: %u\n", size);
2016-07-12 00:40:13 +00:00
int done = VFS_READ ( file - > stream , data , size ) ;
2020-02-26 00:37:52 +00:00
if ( done < = 0 )
2016-07-12 00:40:13 +00:00
{
2020-10-06 03:17:28 +00:00
int eno ;
file - > pullerror = done ;
switch ( done )
{
case VFS_ERROR_EOF : return 0 ;
case VFS_ERROR_DNSFAILURE :
case VFS_ERROR_NORESPONSE : eno = ECONNRESET ; break ;
case VFS_ERROR_TRYLATER : eno = EAGAIN ; break ;
2021-04-14 05:21:04 +00:00
case VFS_ERROR_REFUSED : eno = ECONNREFUSED ; break ;
2020-10-06 03:17:28 +00:00
default : eno = ECONNRESET ; break ;
}
qgnutls_transport_set_errno ( file - > session , eno ) ;
2016-07-12 00:40:13 +00:00
return - 1 ;
}
return done ;
2013-06-24 09:04:00 +00:00
}
2017-05-18 10:24:09 +00:00
static ssize_t DTLS_Push ( gnutls_transport_ptr_t p , const void * data , size_t size )
2013-06-24 09:04:00 +00:00
{
2017-05-18 10:24:09 +00:00
gnutlsfile_t * file = p ;
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
neterr_t ne = file - > cbpush ( file - > cbctx , data , size ) ;
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
// Sys_Printf("DTLS_Push: %u, err=%i\n", (unsigned)size, (int)ne);
2013-06-24 09:04:00 +00:00
2022-01-08 10:01:05 +00:00
if ( ! file - > session )
return ne ? - 1 : size ;
2017-05-18 10:24:09 +00:00
switch ( ne )
2016-11-02 08:01:21 +00:00
{
2017-05-18 10:24:09 +00:00
case NETERR_CLOGGED :
2022-08-07 23:49:33 +00:00
case NETERR_NOROUTE :
2017-05-18 10:24:09 +00:00
qgnutls_transport_set_errno ( file - > session , EAGAIN ) ;
return - 1 ;
case NETERR_MTU :
qgnutls_transport_set_errno ( file - > session , EMSGSIZE ) ;
return - 1 ;
case NETERR_DISCONNECTED :
qgnutls_transport_set_errno ( file - > session , EPERM ) ;
return - 1 ;
default :
qgnutls_transport_set_errno ( file - > session , 0 ) ;
return size ;
2016-11-02 08:01:21 +00:00
}
2017-05-18 10:24:09 +00:00
}
static ssize_t DTLS_Pull ( gnutls_transport_ptr_t p , void * data , size_t size )
{
gnutlsfile_t * file = p ;
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
// Sys_Printf("DTLS_Pull: %u of %u\n", size, file->readsize);
if ( ! file - > readsize )
{ //no data left
// Sys_Printf("DTLS_Pull: EAGAIN\n");
qgnutls_transport_set_errno ( file - > session , EAGAIN ) ;
return - 1 ;
}
else if ( file - > readsize > size )
{ //buffer passed is smaller than available data
// Sys_Printf("DTLS_Pull: EMSGSIZE\n");
memcpy ( data , file - > readdata , size ) ;
file - > readsize = 0 ;
qgnutls_transport_set_errno ( file - > session , EMSGSIZE ) ;
return - 1 ;
}
else
{ //buffer is big enough to read it all
size = file - > readsize ;
file - > readsize = 0 ;
// Sys_Printf("DTLS_Pull: reading %i\n", size);
memcpy ( data , file - > readdata , size ) ;
qgnutls_transport_set_errno ( file - > session , 0 ) ;
return size ;
}
}
2017-05-28 08:17:25 +00:00
# ifdef HAVE_DTLS
2017-05-18 10:24:09 +00:00
static int DTLS_Pull_Timeout ( gnutls_transport_ptr_t p , unsigned int timeout )
{ //gnutls (pointlessly) requires this function for dtls.
gnutlsfile_t * f = p ;
// Sys_Printf("DTLS_Pull_Timeout %i, %i\n", timeout, f->readsize);
return f - > readsize > 0 ? 1 : 0 ;
}
2017-05-28 08:17:25 +00:00
# endif
2017-05-18 10:24:09 +00:00
# ifdef USE_ANON
static gnutls_anon_client_credentials_t anoncred [ 2 ] ;
# else
static gnutls_certificate_credentials_t xcred [ 2 ] ;
2022-01-16 18:41:34 +00:00
static qboolean servercertfail ;
2016-07-12 00:40:13 +00:00
# endif
2017-05-28 08:17:25 +00:00
# ifdef HAVE_DTLS
2017-05-18 10:24:09 +00:00
static gnutls_datum_t cookie_key ;
2017-05-28 08:17:25 +00:00
# endif
2016-07-12 00:40:13 +00:00
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
static vfsfile_t * SSL_OpenPrivKey ( char * displayname , size_t displaysize )
2020-03-25 21:29:30 +00:00
{
# define privname "privkey.pem"
vfsfile_t * privf ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
const char * mode = displayname ? " wb " : " rb " ;
2020-03-25 21:29:30 +00:00
int i = COM_CheckParm ( " -privkey " ) ;
if ( i + + )
{
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( displayname )
if ( ! FS_DisplayPath ( com_argv [ i ] , FS_SYSTEM , displayname , displaysize ) )
Q_strncpyz ( displayname , com_argv [ i ] , displaysize ) ;
2020-03-25 21:29:30 +00:00
privf = FS_OpenVFS ( com_argv [ i ] , mode , FS_SYSTEM ) ;
}
else
{
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( displayname )
if ( ! FS_DisplayPath ( privname , FS_ROOT , displayname , displaysize ) )
2020-03-25 21:29:30 +00:00
return NULL ;
privf = FS_OpenVFS ( privname , mode , FS_ROOT ) ;
}
return privf ;
# undef privname
}
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
static vfsfile_t * SSL_OpenPubKey ( char * displayname , size_t displaysize )
2020-03-25 21:29:30 +00:00
{
2020-09-29 07:09:01 +00:00
# define fullchainname "fullchain.pem"
2020-03-25 21:29:30 +00:00
# define pubname "cert.pem"
2020-09-29 07:09:01 +00:00
vfsfile_t * pubf = NULL ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
const char * mode = displayname ? " wb " : " rb " ;
2020-03-25 21:29:30 +00:00
int i = COM_CheckParm ( " -pubkey " ) ;
if ( i + + )
{
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( displayname )
Q_strncpyz ( displayname , com_argv [ i ] , displaysize ) ;
2020-03-25 21:29:30 +00:00
pubf = FS_OpenVFS ( com_argv [ i ] , mode , FS_SYSTEM ) ;
}
else
{
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( ! pubf & & ( ! displayname | | FS_DisplayPath ( fullchainname , FS_ROOT , displayname , displaysize ) ) )
2020-09-29 07:09:01 +00:00
pubf = FS_OpenVFS ( fullchainname , mode , FS_ROOT ) ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( ! pubf & & ( ! displayname | | FS_DisplayPath ( pubname , FS_ROOT , displayname , displaysize ) ) )
2020-09-29 07:09:01 +00:00
pubf = FS_OpenVFS ( pubname , mode , FS_ROOT ) ;
2020-03-25 21:29:30 +00:00
}
return pubf ;
# undef pubname
}
2018-10-11 10:31:23 +00:00
static qboolean SSL_LoadPrivateCert ( gnutls_certificate_credentials_t cred )
2017-09-20 11:27:13 +00:00
{
int ret = - 1 ;
gnutls_datum_t priv , pub ;
2020-03-25 21:29:30 +00:00
vfsfile_t * privf = SSL_OpenPrivKey ( NULL , 0 ) ;
vfsfile_t * pubf = SSL_OpenPubKey ( NULL , 0 ) ;
const char * hostname = NULL ;
int i = COM_CheckParm ( " -certhost " ) ;
if ( i )
hostname = com_argv [ i + 1 ] ;
2017-09-20 11:27:13 +00:00
memset ( & priv , 0 , sizeof ( priv ) ) ;
memset ( & pub , 0 , sizeof ( pub ) ) ;
2022-01-16 18:41:34 +00:00
if ( ( ! privf | | ! pubf ) ) // && hostname)
2017-09-20 11:27:13 +00:00
{ //not found? generate a new one.
//FIXME: how to deal with race conditions with multiple servers on the same host?
//delay till the first connection? we at least write both files at the sameish time.
//even so they might get different certs the first time the server(s) run.
2020-01-09 15:35:40 +00:00
//TODO: implement a lockfile
2017-09-20 11:27:13 +00:00
gnutls_x509_privkey_t key ;
gnutls_x509_crt_t cert ;
char serial [ 64 ] ;
const char * errstr ;
gnutls_pk_algorithm_t privalgo = GNUTLS_PK_RSA ;
2020-03-25 21:29:30 +00:00
2023-12-22 09:30:43 +00:00
if ( privf )
{
VFS_CLOSE ( privf ) ;
privf = NULL ;
}
if ( pubf )
{
VFS_CLOSE ( pubf ) ;
pubf = NULL ;
}
2017-09-20 11:27:13 +00:00
Con_Printf ( " Generating new GNUTLS key+cert... \n " ) ;
qgnutls_x509_privkey_init ( & key ) ;
ret = qgnutls_x509_privkey_generate ( key , privalgo , qgnutls_sec_param_to_pk_bits ( privalgo , GNUTLS_SEC_PARAM_HIGH ) , 0 ) ;
if ( ret < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_privkey_generate failed: %i \n " , ret ) ;
2017-09-20 11:27:13 +00:00
ret = qgnutls_x509_privkey_export2 ( key , GNUTLS_X509_FMT_PEM , & priv ) ;
if ( ret < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_privkey_export2 failed: %i \n " , ret ) ;
2017-09-20 11:27:13 +00:00
//stoopid browsers insisting that serial numbers are different even on throw-away self-signed certs.
//we should probably just go and make our own root ca/master. post it a cert and get a signed one (with sequential serial) back or something.
//we'll probably want something like that for client certs anyway, for stat tracking.
Q_snprintfz ( serial , sizeof ( serial ) , " %u " , ( unsigned ) time ( NULL ) ) ;
qgnutls_x509_crt_init ( & cert ) ;
qgnutls_x509_crt_set_version ( cert , 1 ) ;
qgnutls_x509_crt_set_activation_time ( cert , time ( NULL ) - 1 ) ;
qgnutls_x509_crt_set_expiration_time ( cert , time ( NULL ) + ( time_t ) 10 * 365 * 24 * 60 * 60 ) ;
qgnutls_x509_crt_set_serial ( cert , serial , strlen ( serial ) ) ;
2020-03-25 21:29:30 +00:00
if ( ! hostname )
/*qgnutls_x509_crt_set_key_usage(cert, GNUTLS_KEY_DIGITAL_SIGNATURE)*/ ;
else
{
if ( qgnutls_x509_crt_set_dn ( cert , va ( " CN=%s " , hostname ) , & errstr ) < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_crt_set_dn failed: %s \n " , errstr ) ;
2020-03-25 21:29:30 +00:00
if ( qgnutls_x509_crt_set_issuer_dn ( cert , va ( " CN=%s " , hostname ) , & errstr ) < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_crt_set_issuer_dn failed: %s \n " , errstr ) ;
2020-03-25 21:29:30 +00:00
// qgnutls_x509_crt_set_key_usage(cert, GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_DATA_ENCIPHERMENT|);
}
2017-09-20 11:27:13 +00:00
qgnutls_x509_crt_set_key ( cert , key ) ;
/*sign it with our private key*/
{
gnutls_privkey_t akey ;
qgnutls_privkey_init ( & akey ) ;
qgnutls_privkey_import_x509 ( akey , key , GNUTLS_PRIVKEY_IMPORT_COPY ) ;
ret = qgnutls_x509_crt_privkey_sign ( cert , cert , akey , GNUTLS_DIG_SHA256 , 0 ) ;
if ( ret < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_crt_privkey_sign failed: %i \n " , ret ) ;
2017-09-20 11:27:13 +00:00
qgnutls_privkey_deinit ( akey ) ;
}
ret = qgnutls_x509_crt_export2 ( cert , GNUTLS_X509_FMT_PEM , & pub ) ;
qgnutls_x509_crt_deinit ( cert ) ;
qgnutls_x509_privkey_deinit ( key ) ;
2018-03-24 04:02:09 +00:00
if ( ret < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_x509_crt_export2 failed: %i \n " , ret ) ;
2017-09-20 11:27:13 +00:00
if ( priv . size & & pub . size )
{
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
char displayname [ MAX_OSPATH ] ;
privf = SSL_OpenPrivKey ( displayname , sizeof ( displayname ) ) ;
2017-09-20 11:27:13 +00:00
if ( privf )
{
VFS_WRITE ( privf , priv . data , priv . size ) ;
VFS_CLOSE ( privf ) ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
Con_Printf ( " Wrote %s \n " , displayname ) ;
2017-09-20 11:27:13 +00:00
}
2018-03-24 04:02:09 +00:00
// memset(priv.data, 0, priv.size);
( * qgnutls_free ) ( priv . data ) ;
2017-09-20 11:27:13 +00:00
memset ( & priv , 0 , sizeof ( priv ) ) ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
pubf = SSL_OpenPubKey ( displayname , sizeof ( displayname ) ) ;
2017-09-20 11:27:13 +00:00
if ( pubf )
{
VFS_WRITE ( pubf , pub . data , pub . size ) ;
VFS_CLOSE ( pubf ) ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
Con_Printf ( " Wrote %s \n " , displayname ) ;
2017-09-20 11:27:13 +00:00
}
2018-03-24 04:02:09 +00:00
( * qgnutls_free ) ( pub . data ) ;
2017-09-20 11:27:13 +00:00
memset ( & pub , 0 , sizeof ( pub ) ) ;
2020-03-25 21:29:30 +00:00
privf = SSL_OpenPrivKey ( NULL , 0 ) ;
pubf = SSL_OpenPubKey ( NULL , 0 ) ;
2017-09-20 11:27:13 +00:00
Con_Printf ( " Certificate generated \n " ) ;
}
}
if ( privf & & pubf )
{
//read the two files now
priv . size = VFS_GETLEN ( privf ) ;
2018-03-24 04:02:09 +00:00
priv . data = ( * qgnutls_malloc ) ( priv . size + 1 ) ;
2017-09-20 11:27:13 +00:00
if ( priv . size ! = VFS_READ ( privf , priv . data , priv . size ) )
priv . size = 0 ;
priv . data [ priv . size ] = 0 ;
pub . size = VFS_GETLEN ( pubf ) ;
2018-03-24 04:02:09 +00:00
pub . data = ( * qgnutls_malloc ) ( pub . size + 1 ) ;
2017-09-20 11:27:13 +00:00
if ( pub . size ! = VFS_READ ( pubf , pub . data , pub . size ) )
pub . size = 0 ;
pub . data [ pub . size ] = 0 ;
2022-01-30 05:55:01 +00:00
VFS_CLOSE ( privf ) ;
VFS_CLOSE ( pubf ) ;
2017-09-20 11:27:13 +00:00
}
//FIXME: extend the expiration time if its old?
if ( priv . size & & pub . size )
{ //submit them to gnutls
ret = qgnutls_certificate_set_x509_key_mem ( cred , & pub , & priv , GNUTLS_X509_FMT_PEM ) ;
2022-07-28 02:18:05 +00:00
if ( ret = = GNUTLS_E_CERTIFICATE_KEY_MISMATCH )
Con_Printf ( CON_ERROR " gnutls_certificate_set_x509_key_mem failed: GNUTLS_E_CERTIFICATE_KEY_MISMATCH \n " ) ;
else if ( ret < 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_certificate_set_x509_key_mem failed: %i \n " , ret ) ;
2017-09-20 11:27:13 +00:00
}
else
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " Unable to read/generate cert ('-certhost HOSTNAME' commandline arguments to autogenerate one) \n " ) ;
2017-09-20 11:27:13 +00:00
memset ( priv . data , 0 , priv . size ) ; //just in case. FIXME: we didn't scrub the filesystem code. libc has its own caches etc. lets hope that noone comes up with some way to scrape memory remotely (although if they can inject code then we've lost either way so w/e)
2018-03-24 04:02:09 +00:00
if ( priv . data )
( * qgnutls_free ) ( priv . data ) ;
if ( pub . data )
( * qgnutls_free ) ( pub . data ) ;
2017-09-20 11:27:13 +00:00
return ret > = 0 ;
}
2017-05-18 10:24:09 +00:00
qboolean SSL_InitGlobal ( qboolean isserver )
{
2020-09-08 05:11:09 +00:00
int err ;
2017-06-21 01:24:25 +00:00
isserver = ! ! isserver ;
2018-03-06 16:46:57 +00:00
if ( COM_CheckParm ( " -notls " ) )
return false ;
2018-03-25 09:36:14 +00:00
# ifdef LOADERTHREAD
2018-03-24 04:02:09 +00:00
if ( com_resourcemutex )
Sys_LockMutex ( com_resourcemutex ) ;
2018-03-25 09:36:14 +00:00
# endif
2022-01-30 05:55:01 +00:00
if ( ! gnutls . initstatus [ isserver ] )
2013-06-24 09:04:00 +00:00
{
2017-05-18 10:24:09 +00:00
if ( ! Init_GNUTLS ( ) )
2013-06-24 09:04:00 +00:00
{
2018-03-25 09:36:14 +00:00
# ifdef LOADERTHREAD
2018-03-24 04:02:09 +00:00
if ( com_resourcemutex )
Sys_UnlockMutex ( com_resourcemutex ) ;
2018-03-25 09:36:14 +00:00
# endif
2017-05-18 10:24:09 +00:00
Con_Printf ( " GnuTLS " GNUTLS_VERSION " library not available. \n " ) ;
return false ;
}
2022-01-30 05:55:01 +00:00
gnutls . initstatus [ isserver ] = true ;
2017-05-18 10:24:09 +00:00
qgnutls_global_init ( ) ;
2017-05-28 08:17:25 +00:00
# ifdef HAVE_DTLS
2017-05-18 10:24:09 +00:00
if ( isserver )
qgnutls_key_generate ( & cookie_key , GNUTLS_COOKIE_KEY_SIZE ) ;
2017-05-28 08:17:25 +00:00
# endif
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
# ifdef USE_ANON
qgnutls_anon_allocate_client_credentials ( & anoncred [ isserver ] ) ;
# else
qgnutls_certificate_allocate_credentials ( & xcred [ isserver ] ) ;
2013-11-21 23:02:28 +00:00
2016-11-15 22:22:04 +00:00
# ifdef GNUTLS_HAVE_SYSTEMTRUST
2020-09-08 05:11:09 +00:00
err = qgnutls_certificate_set_x509_system_trust ( xcred [ isserver ] ) ;
if ( err < = 0 )
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " gnutls_certificate_set_x509_system_trust: error %i. \n " , err ) ;
2013-11-21 23:02:28 +00:00
# else
2017-05-18 10:24:09 +00:00
qgnutls_certificate_set_x509_trust_file ( xcred [ isserver ] , CAFILE , GNUTLS_X509_FMT_PEM ) ;
2014-03-30 00:39:37 +00:00
# endif
2013-06-24 09:04:00 +00:00
2018-03-25 09:36:14 +00:00
# ifdef LOADERTHREAD
2018-03-24 04:02:09 +00:00
if ( com_resourcemutex )
Sys_UnlockMutex ( com_resourcemutex ) ;
2018-03-25 09:36:14 +00:00
# endif
2017-05-18 10:24:09 +00:00
if ( isserver )
{
2017-09-20 11:27:13 +00:00
# if 1
if ( ! SSL_LoadPrivateCert ( xcred [ isserver ] ) )
2022-01-16 18:41:34 +00:00
servercertfail = true ;
2017-09-20 11:27:13 +00:00
# else
2017-05-23 07:48:45 +00:00
int ret = - 1 ;
char keyfile [ MAX_OSPATH ] ;
char certfile [ MAX_OSPATH ] ;
* keyfile = * certfile = 0 ;
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
if ( FS_SystemPath ( " key.pem " , FS_ROOT , keyfile , sizeof ( keyfile ) ) )
if ( FS_SystemPath ( " cert.pem " , FS_ROOT , certfile , sizeof ( certfile ) ) )
2017-06-21 01:24:25 +00:00
ret = qgnutls_certificate_set_x509_key_file ( xcred [ isserver ] , certfile , keyfile , GNUTLS_X509_FMT_PEM ) ;
2017-05-18 10:24:09 +00:00
if ( ret < 0 )
{
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " No certificate or key was found in %s and %s \n " , certfile , keyfile ) ;
2022-01-30 05:55:01 +00:00
gnutls . initstatus [ isserver ] = - 1 ;
2017-05-18 10:24:09 +00:00
}
2017-09-20 11:27:13 +00:00
# endif
2013-06-24 09:04:00 +00:00
}
2017-05-18 10:24:09 +00:00
else
2023-02-20 08:35:56 +00:00
{
2017-05-18 10:24:09 +00:00
qgnutls_certificate_set_verify_function ( xcred [ isserver ] , SSL_CheckCert ) ;
2023-02-20 08:35:56 +00:00
// qgnutls_certificate_set_retrieve_function (xcred[isserver], SSL_FindClientCert);
}
2017-05-18 10:24:09 +00:00
# endif
2013-06-24 09:04:00 +00:00
}
2018-03-06 16:46:57 +00:00
else
2018-03-24 04:02:09 +00:00
{
2018-03-25 09:36:14 +00:00
# ifdef LOADERTHREAD
2018-03-24 04:02:09 +00:00
if ( com_resourcemutex )
2018-03-25 09:36:14 +00:00
Sys_UnlockMutex ( com_resourcemutex ) ;
# endif
2018-03-24 04:02:09 +00:00
}
2013-06-24 09:04:00 +00:00
2022-01-30 05:55:01 +00:00
if ( gnutls . initstatus [ isserver ] < 0 )
2017-05-18 10:24:09 +00:00
return false ;
return true ;
}
2022-01-30 05:55:01 +00:00
void GnuTLS_Shutdown ( void )
{
int isserver ;
for ( isserver = 0 ; isserver < 2 ; isserver + + )
if ( gnutls . initstatus [ isserver ] )
{
qgnutls_certificate_free_credentials ( xcred [ isserver ] ) ;
xcred [ isserver ] = NULL ;
gnutls . initstatus [ isserver ] = false ;
qgnutls_global_deinit ( ) ; //refcounted.
}
Added sys_openfile console command(and menu option) to web and flatpak(via cmake+dbus) builds, to 'install' packages on sandboxed systems a bit more easily.
Cmake: Add FTE_WERROR option, defaults to true in debug builds and off in release builds (in case future compilers have issues).
Cmake: Pull in libXscreensaver so we don't get interrupted by screensavers when playing demos.
Make: Added `make webcl-rel` for a web build without server bloat (eg for sites focused on demo playback. Yes, this means you XantoM).
fteqcc: Include the decompiler in fteqcc (non-gui) builds ('-d' arg).
fteqcc: Decompiler can now mostly handle hexen2 mods without any unknown opcodes.
Allow ezHud and OpenSSL to be compiled as in-engine plugins, potentially for web and windows ports respectively.
Web: Fix support for ogg vorbis. Add support for voip.
Web: Added basic support for WebXR.
QTV: Don't try seeking on unseekable qtv streams. Don't spam when developer 1 is set.
QTV: add support for some eztv extensions.
MVD: added hack to use ktx's vweps in mvd where mvdsv doesn't bother to record the info.
qwfwd: hack around a hack in qwfwd, allowing it to work again.
recording: favour qwd in single player, instead of mvd.
Protocol: reduce client memory used for precache names. Bump maximum precache counts - some people are just abusive, yes you Orl.
hexen2: add enough clientside protocol compat to play the demo included with h2mp. lacks effects.
in_xflip: restored this setting.
fs_hidesyspaths: new cvar, defaults to enabled so you won't find your username or whatever turning up in screenshots or the like. change it to 0 before debuging stuff eg via 'path'.
gl_overbright_models: Added cvar to match QS.
netchan: Added MTU determination, we'll no longer fail to connect when routers stupidly drop icmp packets.
Win: try a few other versions of xinput too.
CSQC: Added a CSQC_GenerateMaterial function, to give the csqc a chance to generate custom materials.
MenuQC: Added support for the skeletal objects API.
2024-04-09 17:13:59 +00:00
# ifdef HAVE_DTLS
if ( cookie_key . data )
{
( * qgnutls_free ) ( cookie_key . data ) ;
memset ( & cookie_key , 0 , sizeof ( cookie_key ) ) ;
}
# endif
2022-01-30 05:55:01 +00:00
# ifdef GNUTLS_DYNAMIC
if ( gnutls . hmod )
Sys_CloseLibrary ( gnutls . hmod ) ;
gnutls . hmod = NULL ;
# endif
}
2022-01-16 18:41:34 +00:00
# ifdef HAVE_DTLS
2022-01-08 10:01:05 +00:00
static int GetPSKForUser ( gnutls_session_t sess , const char * username , gnutls_datum_t * key )
2022-01-16 18:41:34 +00:00
{ //serverside. name must match what we expect (this isn't very secure), and we return the key we require for that user name.
if ( ! strcmp ( username , dtls_psk_user . string ) )
{
key - > size = ( strlen ( dtls_psk_key . string ) + 1 ) / 2 ;
key - > data = ( * qgnutls_malloc ) ( key - > size ) ;
key - > size = Base16_DecodeBlock ( dtls_psk_key . string , key - > data , key - > size ) ;
return 0 ;
}
return - 1 ;
}
static int GetPSKForServer ( gnutls_session_t sess , char * * username , gnutls_datum_t * key )
{ //clientside. return the appropriate username for the hint, along with the matching key.
//this could be made more fancy with a database, but we'll keep it simple with cvars.
const char * svhint = qgnutls_psk_client_get_hint ( sess ) ;
if ( ! svhint )
svhint = " " ;
if ( ( ! * dtls_psk_hint . string & & * dtls_psk_user . string ) | | ( * dtls_psk_hint . string & & ! strcmp ( svhint , dtls_psk_hint . string ) ) )
{ //okay, hints match (or ours is unset), report our user as appropriate.
2022-01-16 18:41:59 +00:00
# ifndef NOLEGACY
if ( * svhint )
{
//Try to avoid crashing QE servers by recognising its hint and blocking it when the hashes of the user+key are wrong.
if ( CalcHashInt ( & hash_sha1 , svhint , strlen ( svhint ) ) = = 0xb6c27b61 )
{
if ( strcmp ( svhint , dtls_psk_user . string ) | | CalcHashInt ( & hash_sha1 , dtls_psk_key . string , strlen ( dtls_psk_key . string ) ) ! = 0x3dd348e4 )
{
Con_Printf ( CON_WARNING " Possible QEx Server, please set your ^[%s \\ type \\ %s^] and ^[%s \\ type \\ %s^] cvars correctly, their current values are likely to crash the server. \n " , dtls_psk_user . name , dtls_psk_user . name , dtls_psk_key . name , dtls_psk_key . name ) ;
2023-02-20 08:35:56 +00:00
return - 1 ; //don't report anything.
2022-01-16 18:41:59 +00:00
}
}
}
# endif
2022-01-16 18:41:34 +00:00
* username = strcpy ( ( * qgnutls_malloc ) ( strlen ( dtls_psk_user . string ) + 1 ) , dtls_psk_user . string ) ;
key - > size = ( strlen ( dtls_psk_key . string ) + 1 ) / 2 ;
key - > data = ( * qgnutls_malloc ) ( key - > size ) ;
key - > size = Base16_DecodeBlock ( dtls_psk_key . string , key - > data , key - > size ) ;
return 0 ;
}
else if ( ! * dtls_psk_user . string & & ! * dtls_psk_hint . string )
Con_Printf ( CON_ERROR " Server requires a Pre-Shared Key (hint: \" %s \" ). Please set %s, %s, and %s accordingly. \n " , svhint , dtls_psk_hint . name , dtls_psk_user . name , dtls_psk_key . name ) ;
else
Con_Printf ( CON_ERROR " Server requires different Pre-Shared Key credentials (hint: \" %s \" , expected \" %s \" ). Please set %s, %s, and %s accordingly. \n " , svhint , dtls_psk_hint . string , dtls_psk_hint . name , dtls_psk_user . name , dtls_psk_key . name ) ;
2022-01-08 10:01:05 +00:00
return - 1 ;
}
# endif
2018-10-11 10:31:23 +00:00
static qboolean SSL_InitConnection ( gnutlsfile_t * newf , qboolean isserver , qboolean datagram )
2017-05-18 10:24:09 +00:00
{
// Initialize TLS session
2023-02-20 08:35:56 +00:00
qgnutls_init ( & newf - > session , ( ( newf - > certcred ) ? GNUTLS_FORCE_CLIENT_CERT : 0 )
| GNUTLS_NONBLOCK
| ( isserver ? GNUTLS_SERVER : GNUTLS_CLIENT )
| ( datagram ? GNUTLS_DATAGRAM : 0 ) ) ;
2017-05-18 10:24:09 +00:00
if ( ! isserver )
qgnutls_server_name_set ( newf - > session , GNUTLS_NAME_DNS , newf - > certname , strlen ( newf - > certname ) ) ;
qgnutls_session_set_ptr ( newf - > session , newf ) ;
2022-01-28 10:48:01 +00:00
if ( newf - > certcred )
{
2023-02-20 08:35:56 +00:00
qgnutls_certificate_server_set_request ( newf - > session , GNUTLS_CERT_REQUIRE ) ; //we will need to validate their fingerprint.
2022-01-28 10:48:01 +00:00
qgnutls_credentials_set ( newf - > session , GNUTLS_CRD_CERTIFICATE , newf - > certcred ) ;
qgnutls_set_default_priority ( newf - > session ) ;
}
else
{
2017-05-18 10:24:09 +00:00
# ifdef USE_ANON
2022-01-28 10:48:01 +00:00
//qgnutls_kx_set_priority (newf->session, kx_prio);
qgnutls_credentials_set ( newf - > session , GNUTLS_CRD_ANON , anoncred [ isserver ] ) ;
2017-05-18 10:24:09 +00:00
# else
2022-01-16 18:41:34 +00:00
# ifdef HAVE_DTLS
2024-05-03 16:52:58 +00:00
# if defined(MASTERONLY)
qgnutls_certificate_server_set_request ( newf - > session , GNUTLS_CERT_IGNORE ) ; //don't request a cert. masters don't really need it and chrome bugs out if you connect to a websocket server that offers for the client to provide one. chrome users will just have to stick to webrtc.
# else
2023-02-20 08:35:56 +00:00
qgnutls_certificate_server_set_request ( newf - > session , GNUTLS_CERT_REQUEST ) ; //request a cert, we'll use it for fingerprints.
2024-05-03 16:52:58 +00:00
# endif
2023-02-20 08:35:56 +00:00
2022-01-28 10:48:01 +00:00
if ( datagram & & ! isserver )
{ //do psk as needed. we can still do the cert stuff if the server isn't doing psk.
gnutls_psk_client_credentials_t pskcred ;
qgnutls_psk_allocate_client_credentials ( & pskcred ) ;
qgnutls_psk_set_client_credentials_function ( pskcred , GetPSKForServer ) ;
qgnutls_set_default_priority_append ( newf - > session , " +ECDHE-PSK:+DHE-PSK:+PSK " , NULL , 0 ) ;
qgnutls_credentials_set ( newf - > session , GNUTLS_CRD_PSK , pskcred ) ;
}
else if ( datagram & & isserver & & ( * dtls_psk_user . string | | servercertfail ) )
{ //offer some arbitrary PSK for dtls clients.
gnutls_psk_server_credentials_t pskcred ;
qgnutls_psk_allocate_server_credentials ( & pskcred ) ;
qgnutls_psk_set_server_credentials_function ( pskcred , GetPSKForUser ) ;
if ( * dtls_psk_hint . string )
qgnutls_psk_set_server_credentials_hint ( pskcred , dtls_psk_hint . string ) ;
qgnutls_set_default_priority_append ( newf - > session , ( " -KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK " ) + ( servercertfail ? 0 : 8 ) , NULL , 0 ) ;
qgnutls_credentials_set ( newf - > session , GNUTLS_CRD_PSK , pskcred ) ;
}
else
2022-01-08 10:01:05 +00:00
# endif
2022-01-28 10:48:01 +00:00
{
// Use default priorities for regular tls sessions
qgnutls_set_default_priority ( newf - > session ) ;
}
2017-05-18 10:24:09 +00:00
# endif
2022-01-28 10:48:01 +00:00
if ( xcred [ isserver ] )
qgnutls_credentials_set ( newf - > session , GNUTLS_CRD_CERTIFICATE , xcred [ isserver ] ) ;
}
2017-05-18 10:24:09 +00:00
// tell gnutls how to send/receive data
qgnutls_transport_set_ptr ( newf - > session , newf ) ;
qgnutls_transport_set_push_function ( newf - > session , datagram ? DTLS_Push : SSL_Push ) ;
//qgnutls_transport_set_vec_push_function(newf->session, SSL_PushV);
qgnutls_transport_set_pull_function ( newf - > session , datagram ? DTLS_Pull : SSL_Pull ) ;
2017-05-28 08:17:25 +00:00
# ifdef HAVE_DTLS
2017-05-18 10:24:09 +00:00
if ( datagram )
qgnutls_transport_set_pull_timeout_function ( newf - > session , DTLS_Pull_Timeout ) ;
2017-05-28 08:17:25 +00:00
# endif
2017-05-18 10:24:09 +00:00
newf - > handshaking = true ;
return true ;
}
2021-06-21 13:43:57 +00:00
static vfsfile_t * GNUTLS_OpenVFS ( const char * hostname , vfsfile_t * source , qboolean isserver )
2017-05-18 10:24:09 +00:00
{
gnutlsfile_t * newf ;
if ( ! source )
return NULL ;
if ( ! SSL_InitGlobal ( isserver ) )
newf = NULL ;
else
newf = Z_Malloc ( sizeof ( * newf ) ) ;
2013-06-24 09:04:00 +00:00
if ( ! newf )
{
return NULL ;
}
2019-06-05 20:48:06 +00:00
newf - > funcs . Close = SSL_CloseFile ;
2013-06-24 09:04:00 +00:00
newf - > funcs . Flush = NULL ;
newf - > funcs . GetLen = SSL_GetLen ;
newf - > funcs . ReadBytes = SSL_Read ;
newf - > funcs . WriteBytes = SSL_Write ;
newf - > funcs . Seek = SSL_Seek ;
newf - > funcs . Tell = SSL_Tell ;
2017-05-10 02:57:34 +00:00
newf - > funcs . seekstyle = SS_UNSEEKABLE ;
2013-06-24 09:04:00 +00:00
2022-01-16 18:41:34 +00:00
SSL_SetCertificateName ( newf , hostname ) ;
2013-11-21 23:02:28 +00:00
2017-05-18 10:24:09 +00:00
if ( ! SSL_InitConnection ( newf , isserver , false ) )
{
VFS_CLOSE ( & newf - > funcs ) ;
return NULL ;
}
2020-06-27 19:31:48 +00:00
newf - > stream = source ;
2016-07-12 00:40:13 +00:00
2017-05-18 10:24:09 +00:00
return & newf - > funcs ;
}
2013-06-24 09:04:00 +00:00
2021-06-21 13:43:57 +00:00
static int GNUTLS_GetChannelBinding ( vfsfile_t * vf , qbyte * binddata , size_t * bindsize )
2017-09-20 11:27:13 +00:00
{
gnutls_datum_t cb ;
gnutlsfile_t * f = ( gnutlsfile_t * ) vf ;
2019-06-05 20:48:06 +00:00
if ( vf - > Close ! = SSL_CloseFile )
2020-09-08 05:11:09 +00:00
return - 1 ; //err, not a gnutls connection.
2017-09-20 11:27:13 +00:00
if ( qgnutls_session_channel_binding ( f - > session , GNUTLS_CB_TLS_UNIQUE , & cb ) )
{ //error of some kind
//if the error is because of the other side not supporting it, then we should return 0 here.
return - 1 ;
}
else
{
if ( cb . size > * bindsize )
return 0 ; //overflow
* bindsize = cb . size ;
memcpy ( binddata , cb . data , cb . size ) ;
return 1 ;
}
}
2020-08-13 08:39:48 +00:00
//crypto: generates a signed blob
2022-01-30 05:55:01 +00:00
# ifdef HAVE_DTLS
2021-06-21 13:43:57 +00:00
static int GNUTLS_GenerateSignature ( const qbyte * hashdata , size_t hashsize , qbyte * signdata , size_t signsizemax )
2020-03-25 21:29:30 +00:00
{
2021-06-21 13:43:57 +00:00
gnutls_datum_t hash = { ( qbyte * ) hashdata , hashsize } ;
2020-03-25 21:29:30 +00:00
gnutls_datum_t sign = { NULL , 0 } ;
gnutls_certificate_credentials_t cred ;
if ( Init_GNUTLS ( ) )
{
qgnutls_certificate_allocate_credentials ( & cred ) ;
if ( SSL_LoadPrivateCert ( cred ) )
{
gnutls_x509_privkey_t xkey ;
gnutls_privkey_t privkey ;
qgnutls_privkey_init ( & privkey ) ;
qgnutls_certificate_get_x509_key ( cred , 0 , & xkey ) ;
qgnutls_privkey_import_x509 ( privkey , xkey , 0 ) ;
qgnutls_privkey_sign_hash ( privkey , GNUTLS_DIG_SHA512 , 0 , & hash , & sign ) ;
qgnutls_privkey_deinit ( privkey ) ;
}
else
sign . size = 0 ;
qgnutls_certificate_free_credentials ( cred ) ;
}
else
Con_Printf ( " Unable to init gnutls \n " ) ;
memcpy ( signdata , sign . data , sign . size ) ;
return sign . size ;
}
2022-01-30 05:55:01 +00:00
# else
# define GNUTLS_GenerateSignature NULL
# endif
2020-03-25 21:29:30 +00:00
2020-08-13 08:39:48 +00:00
//crypto: verifies a signed blob matches an authority's public cert. windows equivelent https://docs.microsoft.com/en-us/windows/win32/seccrypto/example-c-program-signing-a-hash-and-verifying-the-hash-signature
2021-06-21 13:43:57 +00:00
static enum hashvalidation_e GNUTLS_VerifyHash ( const qbyte * hashdata , size_t hashsize , const qbyte * pubkeydata , size_t pubkeysize , const qbyte * signdata , size_t signsize )
2020-03-25 21:29:30 +00:00
{
2021-06-21 13:43:57 +00:00
gnutls_datum_t hash = { ( qbyte * ) hashdata , hashsize } ;
gnutls_datum_t sign = { ( qbyte * ) signdata , signsize } ;
2020-03-25 21:29:30 +00:00
int r ;
2021-06-21 13:43:57 +00:00
gnutls_datum_t rawcert = { ( qbyte * ) pubkeydata , pubkeysize } ;
2020-03-25 21:29:30 +00:00
# if 1
gnutls_pubkey_t pubkey ;
gnutls_x509_crt_t cert ;
if ( ! rawcert . data )
return VH_AUTHORITY_UNKNOWN ;
if ( ! Init_GNUTLS ( ) )
return VH_UNSUPPORTED ;
qgnutls_pubkey_init ( & pubkey ) ;
qgnutls_x509_crt_init ( & cert ) ;
qgnutls_x509_crt_import ( cert , & rawcert , GNUTLS_X509_FMT_PEM ) ;
qgnutls_pubkey_import_x509 ( pubkey , cert , 0 ) ;
# else
qgnutls_pubkey_import ( pubkey , rawcert , GNUTLS_X509_FMT_PEM ) ;
# endif
2013-11-21 23:02:28 +00:00
2020-03-25 21:29:30 +00:00
r = qgnutls_pubkey_verify_hash2 ( pubkey , GNUTLS_SIGN_RSA_SHA512 , 0 , & hash , & sign ) ;
2022-01-30 05:55:01 +00:00
qgnutls_x509_crt_deinit ( cert ) ;
qgnutls_pubkey_deinit ( pubkey ) ;
2020-03-25 21:29:30 +00:00
if ( r < 0 )
{
if ( r = = GNUTLS_E_PK_SIG_VERIFY_FAILED )
{
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " GNUTLS_VerifyHash: GNUTLS_E_PK_SIG_VERIFY_FAILED! \n " ) ;
2020-03-25 21:29:30 +00:00
return VH_INCORRECT ;
}
else if ( r = = GNUTLS_E_INSUFFICIENT_SECURITY )
{
2021-10-22 22:27:58 +00:00
Con_Printf ( CON_ERROR " GNUTLS_VerifyHash: GNUTLS_E_INSUFFICIENT_SECURITY \n " ) ;
2020-03-25 21:29:30 +00:00
return VH_AUTHORITY_UNKNOWN ; //should probably be incorrect or something, but oh well
}
return VH_INCORRECT ;
}
else
return VH_CORRECT ;
}
2017-05-18 10:24:09 +00:00
# ifdef HAVE_DTLS
2018-10-11 10:31:23 +00:00
static void GNUDTLS_DestroyContext ( void * ctx )
2017-05-18 10:24:09 +00:00
{
SSL_Close ( ctx ) ;
2022-01-30 05:55:01 +00:00
Z_Free ( ctx ) ;
2017-05-18 10:24:09 +00:00
}
2022-01-28 10:48:01 +00:00
static void * GNUDTLS_CreateContext ( const dtlscred_t * credinfo , void * cbctx , neterr_t ( * push ) ( void * cbctx , const qbyte * data , size_t datasize ) , qboolean isserver )
2017-05-18 10:24:09 +00:00
{
gnutlsfile_t * newf ;
if ( ! SSL_InitGlobal ( isserver ) )
newf = NULL ;
else
newf = Z_Malloc ( sizeof ( * newf ) ) ;
if ( ! newf )
return NULL ;
newf - > datagram = true ;
newf - > cbctx = cbctx ;
newf - > cbpush = push ;
newf - > challenging = isserver ;
// Sys_Printf("DTLS_CreateContext: server=%i\n", isserver);
2023-02-20 08:35:56 +00:00
if ( credinfo & & ( ( credinfo - > local . cert & & credinfo - > local . key ) | | credinfo - > peer . hash ) )
2022-01-28 10:48:01 +00:00
{
qgnutls_certificate_allocate_credentials ( & newf - > certcred ) ;
2023-02-20 08:35:56 +00:00
if ( credinfo - > local . cert & & credinfo - > local . key )
{
gnutls_datum_t pub = { credinfo - > local . cert , credinfo - > local . certsize } ,
priv = { credinfo - > local . key , credinfo - > local . keysize } ;
qgnutls_certificate_set_x509_key_mem ( newf - > certcred , & pub , & priv , GNUTLS_X509_FMT_DER ) ;
}
2022-01-28 10:48:01 +00:00
2023-02-20 08:35:56 +00:00
if ( credinfo - > peer . hash )
{
newf - > peerhashfunc = credinfo - > peer . hash ;
memcpy ( newf - > peerdigest , credinfo - > peer . digest , newf - > peerhashfunc - > digestsize ) ;
qgnutls_certificate_set_verify_function ( newf - > certcred , SSL_CheckFingerprint ) ;
}
2022-01-28 10:48:01 +00:00
}
SSL_SetCertificateName ( newf , credinfo ? credinfo - > peer . name : NULL ) ;
2017-05-18 10:24:09 +00:00
if ( ! SSL_InitConnection ( newf , isserver , true ) )
2013-06-24 09:04:00 +00:00
{
2017-05-18 10:24:09 +00:00
SSL_Close ( & newf - > funcs ) ;
2022-01-30 05:55:01 +00:00
Z_Free ( newf ) ;
2017-05-18 10:24:09 +00:00
return NULL ;
2013-06-24 09:04:00 +00:00
}
2017-05-18 10:24:09 +00:00
return newf ;
}
2018-10-11 10:31:23 +00:00
static neterr_t GNUDTLS_Transmit ( void * ctx , const qbyte * data , size_t datasize )
2017-05-18 10:24:09 +00:00
{
int ret ;
gnutlsfile_t * f = ( gnutlsfile_t * ) ctx ;
if ( f - > challenging )
return NETERR_CLOGGED ;
if ( f - > handshaking )
2013-06-24 09:04:00 +00:00
{
2017-05-18 10:24:09 +00:00
ret = SSL_DoHandshake ( f ) ;
if ( ! ret )
return NETERR_CLOGGED ;
if ( ret < 0 )
return NETERR_DISCONNECTED ;
2013-06-24 09:04:00 +00:00
}
2023-02-20 08:35:56 +00:00
if ( ! datasize )
return NETERR_SENT ;
2017-05-18 10:24:09 +00:00
ret = qgnutls_record_send ( f - > session , data , datasize ) ;
if ( ret < 0 )
{
if ( ret = = GNUTLS_E_LARGE_PACKET )
return NETERR_MTU ;
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
if ( qgnutls_error_is_fatal ( ret ) )
return NETERR_DISCONNECTED ;
return NETERR_CLOGGED ;
}
return NETERR_SENT ;
}
2013-06-24 09:04:00 +00:00
2021-06-21 13:43:57 +00:00
static neterr_t GNUDTLS_Received ( void * ctx , sizebuf_t * message )
2017-05-18 10:24:09 +00:00
{
int ret ;
gnutlsfile_t * f = ( gnutlsfile_t * ) ctx ;
if ( f - > challenging )
{
2023-02-20 08:35:56 +00:00
size_t asize ;
safeswitch ( net_from . type )
{
case NA_LOOPBACK : asize = 0 ; break ;
case NA_IP : asize = sizeof ( net_from . address . ip ) ; break ;
case NA_IPV6 : asize = sizeof ( net_from . address . ip6 ) ; break ;
case NA_IPX : asize = sizeof ( net_from . address . ipx ) ; break ;
# ifdef UNIXSOCKETS
case NA_UNIX : asize = ( qbyte * ) & net_from . address . un . path [ net_from . address . un . len ] - ( qbyte * ) & net_from . address ; break ; //unlikely to be spoofed...
# endif
# ifdef IRCCONNECT
//case NA_IRC:
# endif
# ifdef HAVE_WEBSOCKCL
//case NA_WEBSOCKET: //basically web browser.
# endif
# ifdef SUPPORT_ICE
case NA_ICE : asize = strlen ( net_from . address . icename ) ; break ;
# endif
case NA_INVALID :
safedefault : return NETERR_NOROUTE ;
}
2017-05-18 10:24:09 +00:00
memset ( & f - > prestate , 0 , sizeof ( f - > prestate ) ) ;
ret = qgnutls_dtls_cookie_verify ( & cookie_key ,
2023-02-20 08:35:56 +00:00
& net_from . address , asize ,
2021-06-21 13:43:57 +00:00
message - > data , message - > cursize ,
2017-05-18 10:24:09 +00:00
& f - > prestate ) ;
2022-01-28 10:48:01 +00:00
if ( ret = = GNUTLS_E_BAD_COOKIE )
2017-05-18 10:24:09 +00:00
{
qgnutls_dtls_cookie_send ( & cookie_key ,
2023-02-20 08:35:56 +00:00
& net_from . address , asize ,
2017-05-18 10:24:09 +00:00
& f - > prestate ,
( gnutls_transport_ptr_t ) f , DTLS_Push ) ;
return NETERR_CLOGGED ;
}
2022-01-28 10:48:01 +00:00
else if ( ret < 0 )
return NETERR_NOROUTE ;
2017-05-18 10:24:09 +00:00
f - > challenging = false ;
qgnutls_dtls_prestate_set ( f - > session , & f - > prestate ) ;
qgnutls_dtls_set_mtu ( f - > session , 1440 ) ;
f - > handshaking = true ;
}
2021-06-21 13:43:57 +00:00
f - > readdata = message - > data ;
f - > readsize = message - > cursize ;
2017-05-18 10:24:09 +00:00
if ( f - > handshaking )
{
ret = SSL_DoHandshake ( f ) ;
if ( ret < = 0 )
f - > readsize = 0 ;
if ( ! ret )
return NETERR_CLOGGED ;
if ( ret < 0 )
return NETERR_DISCONNECTED ;
}
2021-06-21 13:43:57 +00:00
ret = qgnutls_record_recv ( f - > session , message - > data , message - > maxsize ) ;
2017-05-18 10:24:09 +00:00
//Sys_Printf("DTLS_Received returned %i of %i\n", ret, f->readsize);
f - > readsize = 0 ;
if ( ret < = 0 )
{
if ( ! ret )
{
// Sys_Printf("DTLS_Received peer terminated connection\n");
return NETERR_DISCONNECTED ;
}
if ( qgnutls_error_is_fatal ( ret ) )
{
2024-05-30 13:00:38 +00:00
if ( ret = = GNUTLS_E_FATAL_ALERT_RECEIVED )
Con_DPrintf ( CON_ERROR " GNUDTLS_Received: fatal alert %s \n " , qgnutls_alert_get_name ( qgnutls_alert_get ( f - > session ) ) ) ;
else
Con_DPrintf ( CON_ERROR " GNUDTLS_Received fatal error %s \n " , qgnutls_strerror ( ret ) ) ;
2017-05-18 10:24:09 +00:00
return NETERR_DISCONNECTED ;
}
2024-05-30 13:00:38 +00:00
if ( ret = = GNUTLS_E_WARNING_ALERT_RECEIVED )
Con_DPrintf ( CON_WARNING " GNUDTLS_Received: alert %s \n " , qgnutls_alert_get_name ( qgnutls_alert_get ( f - > session ) ) ) ;
2017-05-18 10:24:09 +00:00
// Sys_Printf("DTLS_Received temp error\n");
return NETERR_CLOGGED ;
}
2021-06-21 13:43:57 +00:00
message - > cursize = ret ;
message - > data [ ret ] = 0 ;
2017-05-18 10:24:09 +00:00
// Sys_Printf("DTLS_Received returned %s\n", data);
return NETERR_SENT ;
2013-06-24 09:04:00 +00:00
}
2016-11-02 08:01:21 +00:00
2022-01-08 10:01:05 +00:00
static qboolean GNUDTLS_CheckConnection ( void * cbctx , void * peeraddr , size_t peeraddrsize , void * indata , size_t insize , neterr_t ( * push ) ( void * cbctx , const qbyte * data , size_t datasize ) , void ( * EstablishTrueContext ) ( void * * cbctx , void * state ) )
{ //called when we got a possibly-dtls packet out of the blue.
gnutlsfile_t * f ;
int ret ;
gnutls_dtls_prestate_st prestate ;
memset ( & prestate , 0 , sizeof ( prestate ) ) ;
ret = qgnutls_dtls_cookie_verify ( & cookie_key ,
peeraddr , peeraddrsize ,
indata , insize ,
& prestate ) ;
if ( ret = = GNUTLS_E_BAD_COOKIE )
{ //some sort of handshake with a bad/unknown cookie. send them a real one.
gnutlsfile_t f ;
f . cbctx = cbctx ;
f . cbpush = push ;
f . session = NULL ;
qgnutls_dtls_cookie_send ( & cookie_key ,
peeraddr , peeraddrsize ,
& prestate ,
( gnutls_transport_ptr_t ) & f , DTLS_Push ) ;
return true ;
}
else if ( ret < 0 )
return false ; //dunno... might still be dtls but doesn't seem to be needed... oh well...
//allocate our context
f = GNUDTLS_CreateContext ( NULL , cbctx , push , true ) ;
if ( ! f )
{
Con_Printf ( " GNUDTLS_CreateContext: failed \n " ) ;
return false ;
}
//tell caller that this is an actual valid connection
EstablishTrueContext ( & f - > cbctx , f ) ;
if ( ! f - > cbctx )
return true ;
//we're done with the challenge stuff
f - > challenging = false ;
//and this is the result...
qgnutls_dtls_prestate_set ( f - > session , & prestate ) ;
2022-01-16 18:41:34 +00:00
qgnutls_dtls_set_mtu ( f - > session , 1400 ) ;
2022-01-08 10:01:05 +00:00
//still need to do the whole certificate thing though.
f - > handshaking = true ;
return true ;
}
2018-10-11 10:31:23 +00:00
static neterr_t GNUDTLS_Timeouts ( void * ctx )
2016-11-02 08:01:21 +00:00
{
2017-05-18 10:24:09 +00:00
gnutlsfile_t * f = ( gnutlsfile_t * ) ctx ;
int ret ;
if ( f - > challenging )
return NETERR_CLOGGED ;
if ( f - > handshaking )
{
f - > readsize = 0 ;
ret = SSL_DoHandshake ( f ) ;
f - > readsize = 0 ;
if ( ! ret )
return NETERR_CLOGGED ;
if ( ret < 0 )
return NETERR_DISCONNECTED ;
// Sys_Printf("handshaking over?\n");
}
return NETERR_SENT ;
2016-11-02 08:01:21 +00:00
}
2017-06-21 01:24:25 +00:00
2023-02-20 08:35:56 +00:00
static int GNUDTLS_GetPeerCertificate ( void * ctx , enum certprops_e prop , char * out , size_t outsize )
{
gnutlsfile_t * f = ( gnutlsfile_t * ) ctx ;
if ( f & & ( f - > challenging | | f - > handshaking ) )
return - 1 ; //no cert locked down yet...
safeswitch ( prop )
{
case QCERT_ISENCRYPTED :
return 0 ; //well, should be...
case QCERT_PEERSUBJECT :
{
unsigned int certcount ;
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( f - > session , & certcount ) ;
if ( certlist )
{
gnutls_x509_crt_t cert = NULL ;
gnutls_datum_t dn = { NULL } ;
qgnutls_x509_crt_init ( & cert ) ;
qgnutls_x509_crt_import ( cert , certlist , GNUTLS_X509_FMT_DER ) ;
qgnutls_x509_crt_get_dn3 ( cert , & dn , 0 ) ;
if ( dn . size > = outsize )
dn . size = - 1 ; //too big...
else
{
memcpy ( out , dn . data , dn . size ) ;
out [ dn . size ] = 0 ;
}
( * qgnutls_free ) ( dn . data ) ;
qgnutls_x509_crt_deinit ( cert ) ;
return ( int ) dn . size ;
}
}
return - 1 ;
case QCERT_PEERCERTIFICATE :
{
unsigned int certcount ;
const gnutls_datum_t * const certlist = qgnutls_certificate_get_peers ( f - > session , & certcount ) ;
if ( certlist & & certlist - > size < = outsize )
{
memcpy ( out , certlist - > data , certlist - > size ) ;
return certlist - > size ;
}
}
return - 1 ;
case QCERT_LOCALCERTIFICATE :
{
const gnutls_datum_t * cert ;
gnutls_datum_t d ;
if ( f )
cert = qgnutls_certificate_get_ours ( f - > session ) ;
else //no actual context? get our default dtls server cert.
{
qgnutls_certificate_get_crt_raw ( xcred [ true ] , 0 /*first chain*/ , 0 /*primary one*/ , & d ) ;
cert = & d ;
}
if ( cert - > size < = outsize )
{
memcpy ( out , cert - > data , cert - > size ) ;
return cert - > size ;
}
}
return - 1 ;
2023-09-11 09:31:09 +00:00
case QCERT_LOBBYSTATUS :
case QCERT_LOBBYSENDCHAT :
return - 1 ;
2023-02-20 08:35:56 +00:00
safedefault :
return - 1 ; //dunno what you want from me.
}
}
2022-01-28 10:48:01 +00:00
static qboolean GNUDTLS_GenTempCertificate ( const char * subject , struct dtlslocalcred_s * qcred )
{
gnutls_datum_t priv = { NULL } , pub = { NULL } ;
gnutls_x509_privkey_t key ;
gnutls_x509_crt_t cert ;
char serial [ 64 ] ;
char randomsub [ 32 + 1 ] ;
const char * errstr ;
gnutls_pk_algorithm_t privalgo = GNUTLS_PK_RSA ;
int ret ;
qgnutls_x509_privkey_init ( & key ) ;
ret = qgnutls_x509_privkey_generate ( key , privalgo , qgnutls_sec_param_to_pk_bits ( privalgo , GNUTLS_SEC_PARAM_HIGH ) , 0 ) ;
if ( ret < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_privkey_generate failed: %i \n " , ret ) ;
ret = qgnutls_x509_privkey_export2 ( key , GNUTLS_X509_FMT_DER , & priv ) ;
if ( ret < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_privkey_export2 failed: %i \n " , ret ) ;
//stoopid browsers insisting that serial numbers are different even on throw-away self-signed certs.
//we should probably just go and make our own root ca/master. post it a cert and get a signed one (with sequential serial) back or something.
//we'll probably want something like that for client certs anyway, for stat tracking.
Q_snprintfz ( serial , sizeof ( serial ) , " %u " , ( unsigned ) time ( NULL ) ) ;
qgnutls_x509_crt_init ( & cert ) ;
qgnutls_x509_crt_set_version ( cert , 1 ) ;
qgnutls_x509_crt_set_activation_time ( cert , time ( NULL ) - 1 ) ;
qgnutls_x509_crt_set_expiration_time ( cert , time ( NULL ) + ( time_t ) 10 * 365 * 24 * 60 * 60 ) ;
qgnutls_x509_crt_set_serial ( cert , serial , strlen ( serial ) ) ;
// qgnutls_x509_crt_set_key_usage(cert, GNUTLS_KEY_DIGITAL_SIGNATURE);
if ( ! subject )
{
qbyte tmp [ 16 ] ;
Sys_RandomBytes ( tmp , sizeof ( tmp ) ) ;
2022-07-28 02:18:05 +00:00
randomsub [ Base16_EncodeBlock ( tmp , sizeof ( tmp ) , randomsub , sizeof ( randomsub ) - 1 ) ] = 0 ;
2022-01-28 10:48:01 +00:00
subject = randomsub ;
}
if ( qgnutls_x509_crt_set_dn ( cert , va ( " CN=%s " , subject ) , & errstr ) < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_crt_set_dn failed: %s \n " , errstr ) ;
if ( qgnutls_x509_crt_set_issuer_dn ( cert , va ( " CN=%s " , subject ) , & errstr ) < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_crt_set_issuer_dn failed: %s \n " , errstr ) ;
// qgnutls_x509_crt_set_key_usage(cert, GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_DATA_ENCIPHERMENT|);
qgnutls_x509_crt_set_key ( cert , key ) ;
/*sign it with our private key*/
{
gnutls_privkey_t akey ;
qgnutls_privkey_init ( & akey ) ;
qgnutls_privkey_import_x509 ( akey , key , GNUTLS_PRIVKEY_IMPORT_COPY ) ;
ret = qgnutls_x509_crt_privkey_sign ( cert , cert , akey , GNUTLS_DIG_SHA256 , 0 ) ;
if ( ret < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_crt_privkey_sign failed: %i \n " , ret ) ;
qgnutls_privkey_deinit ( akey ) ;
}
ret = qgnutls_x509_crt_export2 ( cert , GNUTLS_X509_FMT_DER , & pub ) ;
qgnutls_x509_crt_deinit ( cert ) ;
qgnutls_x509_privkey_deinit ( key ) ;
if ( ret < 0 )
Con_Printf ( CON_ERROR " gnutls_x509_crt_export2 failed: %i \n " , ret ) ;
//okay, we have them in memory, make sure the rest of the engine can play with it.
qcred - > certsize = pub . size ;
memcpy ( qcred - > cert = Z_Malloc ( pub . size ) , pub . data , pub . size ) ;
qcred - > keysize = priv . size ;
memcpy ( qcred - > key = Z_Malloc ( priv . size ) , priv . data , priv . size ) ;
( * qgnutls_free ) ( priv . data ) ;
( * qgnutls_free ) ( pub . data ) ;
return true ;
}
2017-06-21 01:24:25 +00:00
static const dtlsfuncs_t dtlsfuncs_gnutls =
{
GNUDTLS_CreateContext ,
2022-01-08 10:01:05 +00:00
GNUDTLS_CheckConnection ,
2017-06-21 01:24:25 +00:00
GNUDTLS_DestroyContext ,
GNUDTLS_Transmit ,
GNUDTLS_Received ,
GNUDTLS_Timeouts ,
2023-02-20 08:35:56 +00:00
GNUDTLS_GetPeerCertificate ,
2022-01-28 10:48:01 +00:00
GNUDTLS_GenTempCertificate
2017-06-21 01:24:25 +00:00
} ;
2021-06-21 13:43:57 +00:00
static const dtlsfuncs_t * GNUDTLS_InitServer ( void )
2017-06-21 01:24:25 +00:00
{
if ( ! SSL_InitGlobal ( true ) )
return NULL ; //unable to init a server certificate. don't allow dtls to init.
2022-07-28 02:18:05 +00:00
if ( servercertfail & & ! * dtls_psk_user . string ) //FIXME: with ICE connections we'll be using temporary certs anyway.
2022-01-16 18:41:34 +00:00
return NULL ;
2017-06-21 01:24:25 +00:00
return & dtlsfuncs_gnutls ;
}
2021-06-21 13:43:57 +00:00
static const dtlsfuncs_t * GNUDTLS_InitClient ( void )
2017-06-21 01:24:25 +00:00
{
2022-01-28 10:48:01 +00:00
if ( ! SSL_InitGlobal ( false ) )
return NULL ;
2017-06-21 01:24:25 +00:00
return & dtlsfuncs_gnutls ;
}
2021-06-21 13:43:57 +00:00
# else
# define GNUDTLS_InitServer NULL
# define GNUDTLS_InitClient NULL
2017-05-18 10:24:09 +00:00
# endif
2021-06-21 13:43:57 +00:00
ftecrypto_t crypto_gnutls =
{
" GNUTLS " ,
GNUTLS_OpenVFS ,
GNUTLS_GetChannelBinding ,
GNUDTLS_InitClient ,
GNUDTLS_InitServer ,
GNUTLS_VerifyHash ,
GNUTLS_GenerateSignature ,
} ;
2018-08-24 00:35:16 +00:00
# else
# warning "GNUTLS version is too old (3.0+ required). Please clean and then recompile with CFLAGS=-DNO_GNUTLS"
2021-06-21 13:43:57 +00:00
ftecrypto_t crypto_gnutls ;
2018-08-24 00:35:16 +00:00
qboolean SSL_InitGlobal ( qboolean isserver ) { return false ; }
# endif
2013-06-24 09:04:00 +00:00
# endif