2013-06-24 09:04:00 +00:00
# include "quakedef.h"
# if defined(HAVE_WINSSPI)
2017-05-18 10:24:09 +00:00
/*regarding HAVE_DTLS
DTLS1 .0 is supported from win8 onwards
Its also meant to be supported from some RDP server patch on win7 , but I can ' t get it to work .
I ' ve given up for now .
*/
2013-06-24 09:04:00 +00:00
cvar_t * tls_ignorecertificateerrors ;
2014-03-30 08:55:06 +00:00
# include "winquake.h"
2013-06-24 09:04:00 +00:00
# define SECURITY_WIN32
# include <security.h>
# include <sspi.h>
# include <schannel.h>
2013-03-31 04:21:08 +00:00
2015-07-03 22:00:45 +00:00
# define SP_PROT_TLS1_1_SERVER 0x00000100
# define SP_PROT_TLS1_1_CLIENT 0x00000200
# define SP_PROT_TLS1_2_SERVER 0x00000400
# define SP_PROT_TLS1_2_CLIENT 0x00000800
# define SP_PROT_DTLS_SERVER 0x00010000
# define SP_PROT_DTLS_CLIENT 0x00020000
//avoid the use of outdated/insecure protocols
//so no ssl2/ssl3
# define USE_PROT_SERVER (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
# define USE_PROT_CLIENT (SP_PROT_TLS1_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
2016-07-12 00:40:13 +00:00
# define USE_PROT_DGRAM_SERVER (SP_PROT_DTLS_SERVER)
# define USE_PROT_DGRAM_CLIENT (SP_PROT_DTLS_CLIENT)
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
# ifndef szOID_RSA_SHA512RSA
# define szOID_RSA_SHA512RSA "1.2.840.113549.1.1.13"
# endif
# ifndef SCH_CRED_SNI_CREDENTIAL
# define SCH_CRED_SNI_CREDENTIAL 0x00080000
# endif
2017-05-18 10:24:09 +00:00
# define SEC_I_MESSAGE_FRAGMENT 0x00090364L
# define SEC_E_INVALID_PARAMETER 0x8009035DL
2013-03-31 04:21:08 +00:00
//hungarian ensures we hit no macros.
static struct
{
2015-01-07 13:34:05 +00:00
dllhandle_t * lib ;
2013-03-31 04:21:08 +00:00
SECURITY_STATUS ( WINAPI * pDecryptMessage ) ( PCtxtHandle , PSecBufferDesc , ULONG , PULONG ) ;
SECURITY_STATUS ( WINAPI * pEncryptMessage ) ( PCtxtHandle , ULONG , PSecBufferDesc , ULONG ) ;
SECURITY_STATUS ( WINAPI * pAcquireCredentialsHandleA ) ( SEC_CHAR * , SEC_CHAR * , ULONG , PLUID , PVOID , SEC_GET_KEY_FN , PVOID , PCredHandle , PTimeStamp ) ;
2017-05-18 10:24:09 +00:00
// SECURITY_STATUS (WINAPI *pInitializeSecurityContextA) (PCredHandle,PCtxtHandle,SEC_CHAR*,ULONG,ULONG,ULONG,PSecBufferDesc,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
2016-07-12 00:40:13 +00:00
SECURITY_STATUS ( WINAPI * pInitializeSecurityContextW ) ( PCredHandle , PCtxtHandle , SEC_WCHAR * , ULONG , ULONG , ULONG , PSecBufferDesc , ULONG , PCtxtHandle , PSecBufferDesc , PULONG , PTimeStamp ) ;
2014-03-30 08:55:06 +00:00
SECURITY_STATUS ( WINAPI * pAcceptSecurityContext ) ( PCredHandle , PCtxtHandle , PSecBufferDesc , unsigned long , unsigned long , PCtxtHandle , PSecBufferDesc , unsigned long SEC_FAR * , PTimeStamp ) ;
2013-03-31 04:21:08 +00:00
SECURITY_STATUS ( WINAPI * pCompleteAuthToken ) ( PCtxtHandle , PSecBufferDesc ) ;
SECURITY_STATUS ( WINAPI * pQueryContextAttributesA ) ( PCtxtHandle , ULONG , PVOID ) ;
2013-06-24 09:04:00 +00:00
SECURITY_STATUS ( WINAPI * pFreeCredentialsHandle ) ( PCredHandle ) ;
2013-03-31 04:21:08 +00:00
SECURITY_STATUS ( WINAPI * pDeleteSecurityContext ) ( PCtxtHandle ) ;
} secur ;
static struct
{
2015-01-07 13:34:05 +00:00
dllhandle_t * lib ;
2013-06-24 09:04:00 +00:00
BOOL ( WINAPI * pCertGetCertificateChain ) ( HCERTCHAINENGINE , PCCERT_CONTEXT , LPFILETIME , HCERTSTORE , PCERT_CHAIN_PARA , DWORD , LPVOID , PCCERT_CHAIN_CONTEXT * ) ;
BOOL ( WINAPI * pCertVerifyCertificateChainPolicy ) ( LPCSTR , PCCERT_CHAIN_CONTEXT , PCERT_CHAIN_POLICY_PARA , PCERT_CHAIN_POLICY_STATUS ) ;
2013-03-31 04:21:08 +00:00
void ( WINAPI * pCertFreeCertificateChain ) ( PCCERT_CHAIN_CONTEXT ) ;
2015-05-14 03:06:58 +00:00
DWORD ( WINAPI * pCertNameToStrA ) ( DWORD dwCertEncodingType , PCERT_NAME_BLOB pName , DWORD dwStrType , LPCSTR psz , DWORD csz ) ;
2014-03-30 08:55:06 +00:00
PCCERT_CONTEXT ( WINAPI * pCertCreateSelfSignCertificate ) ( HCRYPTPROV , PCERT_NAME_BLOB , DWORD , PCRYPT_KEY_PROV_INFO , PCRYPT_ALGORITHM_IDENTIFIER , PSYSTEMTIME , PSYSTEMTIME , PCERT_EXTENSIONS ) ;
BOOL ( WINAPI * pCertStrToNameA ) ( DWORD , LPCSTR , DWORD , void * , BYTE * , DWORD * , LPCSTR * ) ;
2013-03-31 04:21:08 +00:00
} crypt ;
2014-12-25 20:10:05 +00:00
void SSL_Init ( void )
2013-03-31 04:21:08 +00:00
{
dllfunction_t secur_functable [ ] =
{
{ ( void * * ) & secur . pDecryptMessage , " DecryptMessage " } ,
{ ( void * * ) & secur . pEncryptMessage , " EncryptMessage " } ,
{ ( void * * ) & secur . pAcquireCredentialsHandleA , " AcquireCredentialsHandleA " } ,
2017-05-18 10:24:09 +00:00
// {(void**)&secur.pInitializeSecurityContextA, "InitializeSecurityContextA"},
2016-07-12 00:40:13 +00:00
{ ( void * * ) & secur . pInitializeSecurityContextW , " InitializeSecurityContextW " } ,
2014-03-30 08:55:06 +00:00
{ ( void * * ) & secur . pAcceptSecurityContext , " AcceptSecurityContext " } ,
2013-03-31 04:21:08 +00:00
{ ( void * * ) & secur . pCompleteAuthToken , " CompleteAuthToken " } ,
{ ( void * * ) & secur . pQueryContextAttributesA , " QueryContextAttributesA " } ,
{ ( void * * ) & secur . pFreeCredentialsHandle , " FreeCredentialsHandle " } ,
{ ( void * * ) & secur . pDeleteSecurityContext , " DeleteSecurityContext " } ,
{ NULL , NULL }
} ;
dllfunction_t crypt_functable [ ] =
{
{ ( void * * ) & crypt . pCertGetCertificateChain , " CertGetCertificateChain " } ,
{ ( void * * ) & crypt . pCertVerifyCertificateChainPolicy , " CertVerifyCertificateChainPolicy " } ,
{ ( void * * ) & crypt . pCertFreeCertificateChain , " CertFreeCertificateChain " } ,
2013-07-13 12:14:32 +00:00
{ ( void * * ) & crypt . pCertNameToStrA , " CertNameToStrA " } ,
2014-03-30 08:55:06 +00:00
{ ( void * * ) & crypt . pCertCreateSelfSignCertificate , " CertCreateSelfSignCertificate " } ,
{ ( void * * ) & crypt . pCertStrToNameA , " CertStrToNameA " } ,
2013-03-31 04:21:08 +00:00
{ NULL , NULL }
} ;
2013-06-23 02:17:02 +00:00
tls_ignorecertificateerrors = Cvar_Get ( " tls_ignorecertificateerrors " , " 0 " , CVAR_NOTFROMSERVER , " TLS " ) ;
2015-07-03 22:00:45 +00:00
2013-03-31 04:21:08 +00:00
if ( ! secur . lib )
secur . lib = Sys_LoadLibrary ( " secur32.dll " , secur_functable ) ;
if ( ! crypt . lib )
crypt . lib = Sys_LoadLibrary ( " crypt32.dll " , crypt_functable ) ;
2014-12-25 20:10:05 +00:00
}
qboolean SSL_Inited ( void )
{
2013-03-31 04:21:08 +00:00
return ! ! secur . lib & & ! ! crypt . lib ;
2013-06-24 09:04:00 +00:00
}
2017-05-18 10:24:09 +00:00
# define MessageAttribute (ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_MANUAL_CRED_VALIDATION)
2013-06-24 09:04:00 +00:00
struct sslbuf
{
2015-04-14 23:12:17 +00:00
size_t datasize ;
char * data ;
size_t avail ;
2013-06-24 09:04:00 +00:00
} ;
2013-03-31 04:21:08 +00:00
typedef struct {
vfsfile_t funcs ;
vfsfile_t * stream ;
wchar_t wpeername [ 256 ] ;
2016-07-12 00:40:13 +00:00
qboolean datagram ;
2013-03-31 04:21:08 +00:00
enum
{
HS_ESTABLISHED ,
2013-06-26 03:41:29 +00:00
HS_ERROR ,
2013-03-31 04:21:08 +00:00
HS_STARTCLIENT ,
HS_CLIENT ,
HS_STARTSERVER ,
HS_SERVER
} handshaking ;
struct sslbuf outraw ;
struct sslbuf outcrypt ;
struct sslbuf inraw ;
struct sslbuf incrypt ;
CredHandle cred ;
SecHandle sechnd ;
int headersize , footersize ;
char headerdata [ 1024 ] , footerdata [ 1024 ] ;
2017-05-18 10:24:09 +00:00
# ifdef HAVE_DTLS
void * cbctx ;
void ( * transmit ) ( void * cbctx , qbyte * data , size_t datasize ) ;
# endif
2013-03-31 04:21:08 +00:00
} sslfile_t ;
2015-04-14 23:12:17 +00:00
static int SSPI_ExpandBuffer ( struct sslbuf * buf , size_t bytes )
{
if ( bytes < buf - > datasize )
return buf - > datasize ;
2016-07-12 00:40:13 +00:00
Z_ReallocElements ( ( void * * ) & buf - > data , & buf - > datasize , bytes , 1 ) ;
2015-04-14 23:12:17 +00:00
return bytes ;
}
2013-03-31 04:21:08 +00:00
2015-05-14 03:06:58 +00:00
static int SSPI_CopyIntoBuffer ( struct sslbuf * buf , const void * data , unsigned int bytes , qboolean expand )
{
if ( bytes > buf - > datasize - buf - > avail )
{
if ( ! expand | | SSPI_ExpandBuffer ( buf , buf - > avail + bytes + 1024 ) < buf - > avail + bytes )
bytes = buf - > datasize - buf - > avail ;
}
memcpy ( buf - > data + buf - > avail , data , bytes ) ;
buf - > avail + = bytes ;
return bytes ;
}
2016-07-12 00:40:13 +00:00
static void SSPI_Error ( sslfile_t * f , char * error , . . . )
2013-03-31 04:21:08 +00:00
{
2017-05-18 10:24:09 +00:00
va_list argptr ;
char string [ 1024 ] ;
va_start ( argptr , error ) ;
vsnprintf ( string , sizeof ( string ) - 1 , error , argptr ) ;
va_end ( argptr ) ;
2014-03-30 08:55:06 +00:00
f - > handshaking = HS_ERROR ;
2017-05-18 10:24:09 +00:00
if ( * string )
Sys_Printf ( " %s " , string ) ;
2013-03-31 04:21:08 +00:00
if ( f - > stream )
VFS_CLOSE ( f - > stream ) ;
secur . pDeleteSecurityContext ( & f - > sechnd ) ;
secur . pFreeCredentialsHandle ( & f - > cred ) ;
f - > stream = NULL ;
}
static void SSPI_TryFlushCryptOut ( sslfile_t * f )
{
int sent ;
if ( f - > outcrypt . avail )
2017-05-18 10:24:09 +00:00
{
# ifdef HAVE_DTLS
if ( f - > transmit )
{
f - > transmit ( f - > cbctx , f - > outcrypt . data , f - > outcrypt . avail ) ;
f - > outcrypt . avail = 0 ;
return ;
}
# endif
2013-03-31 04:21:08 +00:00
sent = VFS_WRITE ( f - > stream , f - > outcrypt . data , f - > outcrypt . avail ) ;
2017-05-18 10:24:09 +00:00
}
2013-03-31 04:21:08 +00:00
else
return ;
if ( sent > 0 )
{
memmove ( f - > outcrypt . data , f - > outcrypt . data + sent , f - > outcrypt . avail - sent ) ;
f - > outcrypt . avail - = sent ;
}
}
static int SSPI_CheckNewInCrypt ( sslfile_t * f )
{
int newd ;
if ( ! f - > stream )
return - 1 ;
2015-04-14 23:12:17 +00:00
newd = VFS_READ ( f - > stream , f - > incrypt . data + f - > incrypt . avail , f - > incrypt . datasize - f - > incrypt . avail ) ;
2013-03-31 04:21:08 +00:00
if ( newd < 0 )
return newd ;
else
f - > incrypt . avail + = newd ;
return 0 ;
}
//convert inbound crypt->data
static void SSPI_Decode ( sslfile_t * f )
{
2013-06-24 09:04:00 +00:00
SECURITY_STATUS ss ;
SecBufferDesc BuffDesc ;
SecBuffer SecBuff [ 4 ] ;
ULONG ulQop = 0 ;
SecBuffer * extra = NULL ;
int i ;
if ( ! f - > incrypt . avail )
return ;
BuffDesc . ulVersion = SECBUFFER_VERSION ;
2017-05-18 10:24:09 +00:00
BuffDesc . cBuffers = countof ( SecBuff ) ;
2013-06-24 09:04:00 +00:00
BuffDesc . pBuffers = SecBuff ;
SecBuff [ 0 ] . BufferType = SECBUFFER_DATA ;
SecBuff [ 0 ] . cbBuffer = f - > incrypt . avail ;
SecBuff [ 0 ] . pvBuffer = f - > incrypt . data ;
SecBuff [ 1 ] . BufferType = SECBUFFER_EMPTY ; //space for header
SecBuff [ 2 ] . BufferType = SECBUFFER_EMPTY ; //space for footer
SecBuff [ 3 ] . BufferType = SECBUFFER_EMPTY ; //space for extra marker
ss = secur . pDecryptMessage ( & f - > sechnd , & BuffDesc , 0 , & ulQop ) ;
if ( ss < 0 )
{
if ( ss = = SEC_E_INCOMPLETE_MESSAGE )
2015-04-14 23:12:17 +00:00
{
if ( f - > incrypt . avail = = f - > incrypt . datasize )
SSPI_ExpandBuffer ( & f - > incrypt , f - > incrypt . datasize + 1024 ) ;
2013-06-24 09:04:00 +00:00
return ; //no error if its incomplete, we can just get more data later on.
2015-04-14 23:12:17 +00:00
}
2014-03-30 08:55:06 +00:00
switch ( ss )
{
2017-05-18 10:24:09 +00:00
case SEC_E_DECRYPT_FAILURE : SSPI_Error ( f , " DecryptMessage failed: SEC_E_DECRYPT_FAILURE \n " , ss ) ; break ;
2014-03-30 08:55:06 +00:00
case SEC_E_INVALID_HANDLE : SSPI_Error ( f , " DecryptMessage failed: SEC_E_INVALID_HANDLE \n " ) ; break ;
2016-07-12 00:40:13 +00:00
default : SSPI_Error ( f , " DecryptMessage failed: %0#lx \n " , ss ) ; break ;
2014-03-30 08:55:06 +00:00
}
2013-06-24 09:04:00 +00:00
return ;
}
2013-03-31 04:21:08 +00:00
for ( i = 0 ; i < BuffDesc . cBuffers ; i + + )
{
2015-05-14 03:06:58 +00:00
switch ( SecBuff [ i ] . BufferType )
{
case SECBUFFER_DATA :
if ( SSPI_CopyIntoBuffer ( & f - > inraw , SecBuff [ i ] . pvBuffer , SecBuff [ i ] . cbBuffer , true ) ! = SecBuff [ i ] . cbBuffer )
SSPI_Error ( f , " outraw buffer overflowed \n " ) ;
break ;
case SECBUFFER_EXTRA :
if ( extra )
SSPI_Error ( f , " multiple extra buffers \n " ) ;
2013-03-31 04:21:08 +00:00
extra = & SecBuff [ i ] ;
2015-05-14 03:06:58 +00:00
break ;
case SECBUFFER_EMPTY :
case SECBUFFER_MISSING :
case SECBUFFER_STREAM_TRAILER :
case SECBUFFER_STREAM_HEADER :
break ;
default :
SSPI_Error ( f , " got unexpected buffer type \n " ) ;
break ;
}
2013-03-31 04:21:08 +00:00
}
//retain the extra. if there's no extra then mark it so.
2013-06-24 09:04:00 +00:00
if ( extra )
{
memmove ( f - > incrypt . data , f - > incrypt . data + ( f - > incrypt . avail - extra - > cbBuffer ) , extra - > cbBuffer ) ;
f - > incrypt . avail = extra - > cbBuffer ;
}
2013-03-31 04:21:08 +00:00
else
f - > incrypt . avail = 0 ;
}
//convert outgoing data->crypt
static void SSPI_Encode ( sslfile_t * f )
{
2013-06-24 09:04:00 +00:00
SECURITY_STATUS ss ;
SecBufferDesc BuffDesc ;
SecBuffer SecBuff [ 4 ] ;
ULONG ulQop = 0 ;
if ( f - > outcrypt . avail )
{
SSPI_TryFlushCryptOut ( f ) ;
if ( f - > outcrypt . avail )
return ; //don't flood too much
}
//don't corrupt the handshake data.
if ( f - > handshaking )
return ;
if ( ! f - > outraw . avail )
return ;
BuffDesc . ulVersion = SECBUFFER_VERSION ;
BuffDesc . cBuffers = 4 ;
BuffDesc . pBuffers = SecBuff ;
SecBuff [ 0 ] . BufferType = SECBUFFER_STREAM_HEADER ;
SecBuff [ 0 ] . cbBuffer = f - > headersize ;
SecBuff [ 0 ] . pvBuffer = f - > headerdata ;
SecBuff [ 1 ] . BufferType = SECBUFFER_DATA ;
SecBuff [ 1 ] . cbBuffer = f - > outraw . avail ;
SecBuff [ 1 ] . pvBuffer = f - > outraw . data ;
SecBuff [ 2 ] . BufferType = SECBUFFER_STREAM_TRAILER ;
SecBuff [ 2 ] . cbBuffer = f - > footersize ;
SecBuff [ 2 ] . pvBuffer = f - > footerdata ;
SecBuff [ 3 ] . BufferType = SECBUFFER_EMPTY ;
2017-05-18 10:24:09 +00:00
SecBuff [ 3 ] . cbBuffer = 0 ;
SecBuff [ 3 ] . pvBuffer = NULL ;
2013-06-24 09:04:00 +00:00
ss = secur . pEncryptMessage ( & f - > sechnd , ulQop , & BuffDesc , 0 ) ;
if ( ss < 0 )
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( f , " EncryptMessage failed \n " ) ;
2013-06-24 09:04:00 +00:00
return ;
2013-03-31 04:21:08 +00:00
}
f - > outraw . avail = 0 ;
//fixme: these should be made non-fatal.
2015-05-14 03:06:58 +00:00
if ( SSPI_CopyIntoBuffer ( & f - > outcrypt , SecBuff [ 0 ] . pvBuffer , SecBuff [ 0 ] . cbBuffer , true ) < SecBuff [ 0 ] . cbBuffer )
2013-06-24 09:04:00 +00:00
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( f , " crypt buffer overflowed \n " ) ;
2013-06-24 09:04:00 +00:00
return ;
2013-03-31 04:21:08 +00:00
}
2015-05-14 03:06:58 +00:00
if ( SSPI_CopyIntoBuffer ( & f - > outcrypt , SecBuff [ 1 ] . pvBuffer , SecBuff [ 1 ] . cbBuffer , true ) < SecBuff [ 1 ] . cbBuffer )
2013-06-24 09:04:00 +00:00
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( f , " crypt buffer overflowed \n " ) ;
2013-06-24 09:04:00 +00:00
return ;
2013-03-31 04:21:08 +00:00
}
2015-05-14 03:06:58 +00:00
if ( SSPI_CopyIntoBuffer ( & f - > outcrypt , SecBuff [ 2 ] . pvBuffer , SecBuff [ 2 ] . cbBuffer , true ) < SecBuff [ 2 ] . cbBuffer )
2013-06-24 09:04:00 +00:00
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( f , " crypt buffer overflowed \n " ) ;
2013-06-24 09:04:00 +00:00
return ;
2013-03-31 04:21:08 +00:00
}
SSPI_TryFlushCryptOut ( f ) ;
}
2014-12-25 20:10:05 +00:00
//these are known sites that use self-signed certificates, or are special enough that we don't trust corporate networks to hack in their own certificate authority for a proxy/mitm
2015-09-06 05:50:16 +00:00
//old static const qbyte triptohell_certdata[933] = "\x30\x82\x03\xa1\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x09\x00\x8b\xd0\x05\x63\x62\xd1\x6a\xe3\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x44\x31\x0c\x30\x0a\x06\x03\x55\x04\x08\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x07\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x03\x0c\x03\x42\x61\x64\x31\x12\x30\x10\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x03\x42\x61\x64\x30\x1e\x17\x0d\x31\x34\x31\x32\x32\x34\x32\x32\x34\x32\x34\x37\x5a\x17\x0d\x32\x34\x31\x32\x32\x31\x32\x32\x34\x32\x34\x37\x5a\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x44\x31\x0c\x30\x0a\x06\x03\x55\x04\x08\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x07\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x42\x61\x64\x31\x0c\x30\x0a\x06\x03\x55\x04\x03\x0c\x03\x42\x61\x64\x31\x12\x30\x10\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x03\x42\x61\x64\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x10\x33\xfa\x39\xf5\xae\x2c\x91\x0e\x20\xe6\x3c\x5c\x7c\x1e\xeb\x16\x50\x2f\x05\x30\xfe\x67\xee\xa9\x00\x54\xd9\x4a\x86\xe6\xba\x80\xfb\x1a\x80\x08\x7e\x7b\x13\xe5\x1a\x18\xc9\xd4\x70\xbd\x5d\xc4\x38\xef\x64\xf1\x90\x2c\x53\x49\x93\x24\x36\x3e\x11\x59\x69\xa6\xdf\x37\xb2\x54\x82\x28\x3e\xdd\x30\x75\xa0\x18\xd8\xe1\xf5\x52\x73\x12\x5b\x37\x68\x1c\x59\xbd\x8c\x73\x66\x47\xbc\xcb\x9c\xfe\x38\x92\x8f\x74\xe9\xd1\x2f\x96\xd2\x5d\x6d\x11\x59\xb2\xdc\xbd\x8c\x37\x5b\x22\x76\x98\xe7\xbe\x08\xef\x1e\x99\xc4\xa9\x77\x2c\x9c\x0e\x08\x3c\x8e\xab\x97\x0c\x6a\xd7\x03\xab\xfd\x4a\x1e\x95\xb2\xc2\x9c\x3a\x16\x65\xd7\xaf\x45\x5f\x6e\xe7\xce\x51\xba\xa0\x60\x43\x0e\x07\xc5\x0b\x0a\x82\x05\x26\xc4\x92\x0a\x27\x5b\xfc\x57\x6c\xdf\xe2\x54\x8a\xef\x38\xf1\xf8\xc4\xf8\x51\x16\x27\x1f\x78\x89\x7c\x5b\xd7\x53\xcd\x9b\x54\x2a\xe6\x71\xee\xe4\x56\x2e\xa4\x09\x1a\x61\xf7\x0f\x97\x22\x94\xd7\xef\x21\x6c\xe6\x81\xfb\x54\x5f\x09\x92\xac\xd2\x7c\xab\xd5\xa9\x81\xf4\xc9\xb7\xd6\xbf\x68\xf8\x4f\xdc\xf3\x60\xa3\x3b\x29\x92\x9e\xdd\xa2\xa3\x02\x03\x01\x00\x01\xa3\x50\x30\x4e\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x19\xed\xd0\x7b\x16\xaf\xb5\x0c\x9a\xe8\xd3\x46\x2e\x3c\x64\x29\xb6\xc1\x73\x5a\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x19\xed\xd0\x7b\x16\xaf\xb5\x0c\x9a\xe8\xd3\x46\x2e\x3c\x64\x29\xb6\xc1\x73\x5a\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x62\xa7\x26\xeb\xd4\x03\x29\x9c\x09\x33\x69\x7a\x9c\x65\x68\xec\x4c\xb9\x06\xeb\x1e\x51\x6f\x78\x20\xdc\xf6\x44\x5e\x06\x6e\x53\x87\x73\xe6\x14\x15\xb9\x17\x74\x67\xe0\x4e\x48\x38\xbc\x1c\xbd\xd0\xad\xd6\xbd\x8c\xf0\x3a\xe0\x13\x73\x19\xad\x8b\x79\x68\x67\x65\x9b\x7a\x4c\x81\xfb\xd9\x92\x77\x89\xb5\xb0\x53\xb0\xa5\xf7\x2d\x8e\x29\x60\x31\xd1\x9b\x2f\x63\x8a\x5f\x64\xc1\x61\xd5\xb7\xdf\x70\x3b\x2b\xf6\x1a\x96\xb9\xa7\x08\xca\x87\xa6\x8c\x60\xca\x6e\xd7\xee\xba\xef\x89\x0b\x93\xd5\xfd\xfc\x14\xba\xef\x27\xba\x90\x11\x90\xf7\x25\x70\xe7\x4e\xf4\x9c\x13\x27\xc1\xa7\x8e\xd9\x66\x43\x72\x20\x5b\xe1\x5c\x73\x74\xf5\x33\xf2\xa5\xf6\xe1\xd5\xac\xf3\x67\x5c\xe7\xd4\x0a\x8d\x91\x73\x03\x3e\x9d\xbc\x96\xc3\x0c\xdb\xd5\x77\x6e\x76\x44\x69\xaf\x24\x0f\x4f\x8b\x47\x36\x8b\xc3\xd6\x36\xdd\x26\x5a\x9c\xdd\x9c\x43\xee\x29\x43\xdd\x75\x2f\x19\x52\xfc\x1d\x24\x9c\x13\x29\x99\xa0\x6d\x7a\x95\xcc\xa0\x58\x86\xd8\xc5\xb9\xa3\xc2\x3d\x64\x1d\x85\x8a\xca\x53\x55\x8e\x9a\x6d\xc9\x91\x73\xf4\xe1\xe1\xa4\x9b\x76\xfc\x7f\x63\xc2\xb9\x23";
2016-07-17 18:41:01 +00:00
static const qbyte fte_triptohell_certdata [ 917 ] = " \x30 \x82 \x03 \x91 \x30 \x82 \x02 \x79 \xa0 \x03 \x02 \x01 \x02 \x02 \x09 \x00 \xb5 \x71 \x47 \x8d \x5e \x66 \xf1 \xd9 \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x0b \x05 \x00 \x30 \x5f \x31 \x0b \x30 \x09 \x06 \x03 \x55 \x04 \x06 \x13 \x02 \x55 \x53 \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x08 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x07 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x0c \x30 \x0a \x06 \x03 \x55 \x04 \x0a \x0c \x03 \x46 \x54 \x45 \x31 \x1c \x30 \x1a \x06 \x03 \x55 \x04 \x03 \x0c \x13 \x66 \x74 \x65 \x2e \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x30 \x1e \x17 \x0d \x31 \x34 \x31 \x32 \x32 \x35 \x30 \x30 \x35 \x38 \x31 \x34 \x5a \x17 \x0d \x31 \x37 \x30 \x33 \x30 \x34 \x30 \x30 \x35 \x38 \x31 \x34 \x5a \x30 \x5f \x31 \x0b \x30 \x09 \x06 \x03 \x55 \x04 \x06 \x13 \x02 \x55 \x53 \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x08 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x07 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x0c \x30 \x0a \x06 \x03 \x55 \x04 \x0a \x0c \x03 \x46 \x54 \x45 \x31 \x1c \x30 \x1a \x06 \x03 \x55 \x04 \x03 \x0c \x13 \x66 \x74 \x65 \x2e \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x30 \x82 \x01 \x22 \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x01 \x05 \x00 \x03 \x82 \x01 \x0f \x00 \x30 \x82 \x01 \x0a \x02 \x82 \x01 \x01 \x00 \xdd \xb8 \x7c \x69 \x3d \x63 \x95 \xe3 \x88 \x15 \xfd \xad \x93 \x5e \x6b \x97 \xfb \x74 \xba \x1f \x83 \x33 \xe5 \x8a \x8d \x8f \xb0 \xbf \xf9 \xd3 \xa1 \x2c \x65 \x53 \xa7 \xef \xd3 \x0f \xdc \x03 \x60 \x0a \x40 \xef \xa8 \xef \x3f \xb3 \xd9 \x8d \x31 \x39 \x12 \x8a \xd8 \x0e \x24 \x8f \xe5 \x58 \x26 \x86 \x4c \x76 \x6c \x59 \x9a \xab \xea \x1c \x3d \xfb \x62 \x62 \xad \xaf \xd6 \x00 \x33 \x76 \x2d \xbb \xeb \xe8 \xec \xb4 \x76 \x4f \xb0 \xbe \xcf \xf0 \x46 \x94 \x40 \x02 \x99 \xd4 \xb2 \x71 \x71 \xd6 \xf5 \x1f \xc3 \x4f \x1e \x1e \xb4 \x0d \x82 \x49 \xc4 \xa2 \xdc \xae \x6f \x4e \x3a \xf9 \x0e \xdd \xf4 \xd2 \x53 \xe3 \xe7 \x7d \x58 \x79 \xf4 \xce \x1f \x6c \xac \x81 \x8c \x8c \xe1 \x03 \x5b \x22 \x56 \x92 \x19 \x4f \x74 \xc0 \x36 \x41 \xac \x1b \xfa \x9e \xf7 \x2a \x0f \xd6 \x4b \xcc \x9a \xca \x67 \x87 \xb7 \x95 \xdf \xb7 \xd4 \x7d \x8c \xcc \xa9 \x25 \xde \xdd \x8c \x1b \xd7 \x32 \xf2 \x84 \x25 \x46 \x7b \x10 \x55 \xf9 \x80 \xfd \x5d \xad \xab \xf9 \x4c \x1f \xc0 \xa5 \xd1 \x3f \x01 \x86 \x4d \xfa \x57 \xab \x7a \x6d \xec \xf1 \xdb \xf4 \xad \xf2 \x33 \xcd \xa0 \xed \xfe \x1b \x27 \x55 \x56 \xba \x8c \x47 \x70 \x16 \xd5 \x75 \x17 \x8e \x80 \xaa \x49 \x5e \x93 \x83 \x1d \x6f \x1f \x2c \xf7 \xa7 \x64 \xe6 \x2e \x88 \x8e \xff \x70 \x5a \x41 \x52 \xae \x93 \x02 \x03 \x01 \x00 \x01 \xa3 \x50 \x30 \x4e \x30 \x1d \x06 \x03 \x55 \x1d \x0e \x04 \x16 \x04 \x14 \x4e \x76 \x4a \xce \x7b \x45 \x14 \x39 \xeb \x9c \x28 \x56 \xb5 \x7b \x8a \x18 \x6f \x22 \x17 \x82 \x30 \x1f \x06 \x03 \x55 \x1d \x23 \x04 \x18 \x30 \x16 \x80 \x14 \x4e \x76 \x4a \xce \x7b \x45 \x14 \x39 \xeb \x9c \x28 \x56 \xb5 \x7b \x8a \x18 \x6f \x22 \x17 \x82 \x30 \x0c \x06 \x03 \x55 \x1d \x13 \x04 \x05 \x30 \x03 \x01 \x01 \xff \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x0b \x05 \x00 \x03 \x82 \x01 \x01 \x00 \x48 \x22 \x65 \xed \x2e \xc5 \xed \xbb \xe9 \x40 \x6c \x80 \xc4 \x63 \x19 \xd1 \x00 \xb4 \x30 \x34 \x17 \x7c \x7c \xbd \x1b \xc5 \xa9 \x43 \x0c \x92 \x6e \xd6 \x2d \x11 \x6c \x0d \xa6 \xda \x30 \xe9 \xf7 \x46 \x7b \x01 \xe4 \x53 \x23 \xae \x88 \xd1 \xf2 \xed \xca \x84 \x06 \x19 \x97 \xb9 \x06 \xfb \xda \xec \x72 \x2d \x15 \x20 \xd2 \x8f \x66 \xad \xb5 \xdd \x4b \x4f \xdf \x7e \xaf \xa3 \x6c \x7f \x53 \x32 \x8f \xe2 \x19 \x5c \x44 \x98 \x86 \x31 \xee \xb4 \x03 \xe7 \x27 \xa1 \x83 \xab \xc3 \xce \xb4 \x9a \x01 \xbe \x8c \x64 \x2e \x2b \xe3 \x4e \x55 \xdf \x95 \xeb \x16 \x87 \xbd \xfa \x11 \xa2 \x3e \x38 \x92 \x97 \x36 \xe9 \x65 \x60 \xf3 \xac \x68 \x44 \xb3 \x51 \x54 \x3a \x42 \xa8 \x98 \x9b \xee \x1b \x9e \x79 \x6a \xaf \xc0 \xbe \x41 \xc4 \xb1 \x96 \x42 \xd9 \x94 \xef \x49 \x5b \xbe \x2d \x04 \xb9 \xfb \x92 \xbb \xdc \x0e \x29 \xfd \xee \xa9 \x68 \x09 \xf9 \x9f \x69 \x8b \x3d \xe1 \x4b \xee \x24 \xf9 \xfe \x02 \x3a \x0a \xb8 \xcd \x6c \x07 \x43 \xa9 \x4a \xe7 \x03 \x34 \x2e \x72 \xa7 \x81 \xaa \x40 \xa9 \x98 \x5d \x97 \xee \x2a \x99 \xc6 \x8f \xe8 \x6f \x98 \xa2 \x85 \xc9 \x0d \x04 \x19 \x43 \x6a \xd3 \xc7 \x15 \x4c \x4b \xbc \xa5 \xb8 \x9f \x38 \xf3 \x43 \x83 \x0c \xef \x97 \x6e \xa6 \x20 \xde \xc5 \xd3 \x1e \x3e \x5d \xcd \x58 \x3d \x5c \x55 \x7a \x90 \x94 " ;
static const qbyte triptohell_certdata [ 933 ] = " \x30 \x82 \x03 \xa1 \x30 \x82 \x02 \x89 \xa0 \x03 \x02 \x01 \x02 \x02 \x09 \x00 \xea \xb7 \x13 \xcf \x55 \xe5 \xe8 \x8c \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x0b \x05 \x00 \x30 \x67 \x31 \x0b \x30 \x09 \x06 \x03 \x55 \x04 \x06 \x13 \x02 \x55 \x53 \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x08 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x07 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x18 \x30 \x16 \x06 \x03 \x55 \x04 \x0a \x0c \x0f \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x31 \x18 \x30 \x16 \x06 \x03 \x55 \x04 \x03 \x0c \x0f \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x30 \x1e \x17 \x0d \x31 \x34 \x31 \x32 \x32 \x35 \x30 \x30 \x35 \x38 \x33 \x37 \x5a \x17 \x0d \x31 \x37 \x30 \x33 \x30 \x34 \x30 \x30 \x35 \x38 \x33 \x37 \x5a \x30 \x67 \x31 \x0b \x30 \x09 \x06 \x03 \x55 \x04 \x06 \x13 \x02 \x55 \x53 \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x08 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x11 \x30 \x0f \x06 \x03 \x55 \x04 \x07 \x0c \x08 \x4e \x65 \x77 \x20 \x59 \x6f \x72 \x6b \x31 \x18 \x30 \x16 \x06 \x03 \x55 \x04 \x0a \x0c \x0f \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x31 \x18 \x30 \x16 \x06 \x03 \x55 \x04 \x03 \x0c \x0f \x74 \x72 \x69 \x70 \x74 \x6f \x68 \x65 \x6c \x6c \x2e \x69 \x6e \x66 \x6f \x30 \x82 \x01 \x22 \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x01 \x05 \x00 \x03 \x82 \x01 \x0f \x00 \x30 \x82 \x01 \x0a \x02 \x82 \x01 \x01 \x00 \xd8 \x77 \x62 \xf6 \x74 \xa7 \x75 \xde \xda \x09 \xae \x9e \x76 \x7a \xc6 \x2a \xcf \x9a \xbe \xc6 \xb9 \x6d \xe2 \xca \x0f \x2d \x95 \xb8 \x89 \x93 \xf7 \x50 \x64 \x92 \x7d \x95 \x34 \xe4 \x6e \xef \x52 \x56 \xef \x13 \x9a \x3a \xae \x84 \x5b \x57 \x82 \x04 \x86 \x74 \xbd \x4e \x38 \x32 \x56 \x00 \xd6 \x34 \x9c \x23 \xd6 \x81 \x8e \x29 \x77 \x45 \x61 \x20 \xdf \x28 \xf8 \xe5 \x61 \x83 \xec \xe6 \xa0 \x1a \x75 \xa8 \x3b \x53 \x6f \xc4 \x09 \x61 \x66 \x3a \xf0 \x81 \xbf \x2c \xf5 \x8e \xf1 \xe2 \x35 \xe4 \x24 \x7f \x16 \xcc \xce \x60 \xa2 \x42 \x6e \xc2 \x3a \x29 \x75 \x6c \x79 \xb0 \x99 \x9c \xe2 \xfe \x27 \x32 \xb6 \xf7 \x0d \x71 \xfd \x62 \x9d \x54 \x7c \x40 \xb2 \xf5 \xa0 \xa4 \x25 \x31 \x8d \x65 \xfd \x3f \x3b \x9b \x7e \x84 \x74 \x17 \x3c \x1f \xec \x50 \xcf \x75 \xb8 \x5c \xca \xfc \x0f \xe8 \x47 \xd8 \x64 \xec \x5f \x6c \x45 \x9a \x55 \x49 \x97 \x3f \xcb \x49 \x34 \x71 \x0a \x12 \x13 \xbc \x3d \x53 \x81 \x17 \x9a \x92 \x44 \x91 \x07 \xc2 \xef \x6d \x64 \x86 \x5d \xfd \x67 \xd5 \x99 \x38 \x95 \x46 \x74 \x6d \xb6 \xbf \x29 \xc9 \x5b \xac \xb1 \x46 \xd6 \x9e \x57 \x5c \x7b \x24 \x91 \xf4 \x7c \xe4 \x01 \x31 \x8c \xec \x79 \x94 \xb7 \x3f \xd2 \x93 \x6d \xe2 \x69 \xbe \x61 \x44 \x2e \x8f \x1a \xdc \xa8 \x97 \xf5 \x81 \x8e \x0c \xe1 \x00 \xf2 \x71 \x51 \xf3 \x02 \x03 \x01 \x00 \x01 \xa3 \x50 \x30 \x4e \x30 \x1d \x06 \x03 \x55 \x1d \x0e \x04 \x16 \x04 \x14 \x18 \xb2 \x6b \x63 \xcc \x17 \x54 \xf6 \xf0 \xb6 \x9e \x62 \xa4 \x35 \xcf \x47 \x74 \x13 \x29 \xbf \x30 \x1f \x06 \x03 \x55 \x1d \x23 \x04 \x18 \x30 \x16 \x80 \x14 \x18 \xb2 \x6b \x63 \xcc \x17 \x54 \xf6 \xf0 \xb6 \x9e \x62 \xa4 \x35 \xcf \x47 \x74 \x13 \x29 \xbf \x30 \x0c \x06 \x03 \x55 \x1d \x13 \x04 \x05 \x30 \x03 \x01 \x01 \xff \x30 \x0d \x06 \x09 \x2a \x86 \x48 \x86 \xf7 \x0d \x01 \x01 \x0b \x05 \x00 \x03 \x82 \x01 \x01 \x00 \x7f \x24 \x18 \x8a \x79 \xee \xf9 \xeb \xed \x29 \x1e \x21 \x15 \x8a \x53 \xc9 \xb7 \xec \x30 \xc4 \x85 \x9f \x45 \x85 \x26 \x36 \xb7 \x07 \xf3 \xf1 \xff \x3b \x89 \x05 \x0a \xd4 \x30 \x68 \x31 \x68 \x33 \xdd \xf6 \x58 \xa3 \x85 \x9f \x49 \x50 \x76 \x9a \xc5 \x79 \x13 \xe1 \x4d \x67 \x0c \xf3 \x92 \xf0 \x1d \x02 \x1f \xc4 \x5c \xd4 \xa1 \x0c \x57 \xdf \x46 \x84 \x43 \x9f \xb0 \xe2 \x91 \x62 \xa8 \xe0 \x86 \x0d \x47 \xe1 \xd9 \x60 \x01 \xc4 \xe0 \xda \x6f \x06 \x0a \xad \x38 \xf3 \x66 \x68 \xc5 \xe2 \x66 \x3e \x47 \x83 \x65 \x64 \xcd \xff \xf3 \xbb \xa7 \xfa \x23 \xf1 \x82 \x5e \x06 \x6a \x91 \x37 \x51 \xcd \xb9 \x95 \x20 \x89 \xff \xa1 \x54 \xb2 \x76 \xcf \x8e \xe1 \xcd \x13 \x93 \x13 \xd1 \xda \x0d \x0d \xbc \x0f \xd5 \x11 \x26 \xd6 \xaf \x60 \x0f \x4d \x8a \x4f \x28 \xee \x6c \xf1 \x99 \xdc \xed \x16 \xdc \x87 \x26 \xfd \x23 \x8a \xb8 \xb0 \x20 \x0e \xe2 \x32 \xf5 \x8e \xb0 \x65 \x98 \x13 \xb8 \x4b \x39 \x7c \x8c \x98 \xa2 \x29 \x75 \x48 \x3a \x89 \xf9 \x61 \x77 \x6c \x2d \x84 \x41 \x40 \x17 \xa6 \x50 \xc5 \x09 \x63 \x10 \xe7 \x09 \xd4 \x5c \xdd \x0e \x71 \x16 \xaf \xb1 \x32 \xe4 \xc0 \xe6 \xea \xfd \x26 \x55 \x07 \x40 \x95 \x84 \x48 \x62 \x04 \x10 \x92 \xb2 \xd9 \x27 \xfb \x8a \xf3 \x7c \xe6 \xfe \xd4 \xfc \xa6 \x33 \x79 \x01 \x5c \xc3 \x1f \x80 \xa8 \xf3 " ;
2014-12-25 20:10:05 +00:00
static struct
{
wchar_t * hostname ;
unsigned int datasize ;
2015-04-14 23:12:17 +00:00
const qbyte * data ;
2014-12-25 20:10:05 +00:00
//FIXME: include expiry information
//FIXME: add alternative when one is about to expire
} knowncerts [ ] = {
2015-09-06 05:50:16 +00:00
{ L " triptohell.info " , sizeof ( triptohell_certdata ) , triptohell_certdata } ,
2016-07-17 18:41:01 +00:00
{ L " fte.triptohell.info " , sizeof ( fte_triptohell_certdata ) , fte_triptohell_certdata } ,
2014-12-25 20:10:05 +00:00
{ NULL }
} ;
char * narrowen ( char * out , size_t outlen , wchar_t * wide ) ;
2017-05-18 10:24:09 +00:00
static DWORD VerifyKnownCertificates ( DWORD status , wchar_t * domain , qbyte * data , size_t datasize , qboolean datagram )
2014-12-25 20:10:05 +00:00
{
int i ;
2017-05-18 10:24:09 +00:00
if ( datagram )
{
Con_Printf ( " FIXME: Ring of trust not yet implemented \n " ) ;
if ( status = = CERT_E_UNTRUSTEDROOT )
{
Con_Printf ( " Allowing (probably) self-signed cert. \n " ) ;
status = SEC_E_OK ;
}
return status ;
}
2014-12-25 20:10:05 +00:00
for ( i = 0 ; knowncerts [ i ] . hostname ; i + + )
{
if ( ! wcscmp ( domain , knowncerts [ i ] . hostname ) )
{
# ifdef _DEBUG
if ( ! knowncerts [ i ] . data )
{
int j ;
Con_Printf ( " %ls cert %i bytes \n " , domain , datasize ) ;
Con_Printf ( " \" " , datasize ) ;
for ( j = 0 ; j < datasize ; j + + )
Con_Printf ( " \\ x%02x " , data [ j ] ) ;
Con_Printf ( " \" \n " , datasize ) ;
2016-07-17 18:41:01 +00:00
Con_Printf ( " \n " , datasize ) ;
for ( j = 0 ; j < datasize ; j + + )
Con_Printf ( " %c " , data [ j ] ) ;
2014-12-25 20:10:05 +00:00
continue ;
}
# endif
2015-09-06 05:50:16 +00:00
if ( knowncerts [ i ] . datasize = = datasize & & ! memcmp ( data , knowncerts [ i ] . data , datasize ) )
{ //what we know about matched
if ( status = = CERT_E_UNTRUSTEDROOT )
status = SEC_E_OK ;
break ;
}
else
2014-12-25 20:10:05 +00:00
{
if ( status ! = CERT_E_EXPIRED )
Con_Printf ( " %ls has an unexpected certificate \n " , domain ) ;
2015-09-06 05:50:16 +00:00
if ( status = = SEC_E_OK ) //we (think) we know better.
2014-12-25 20:10:05 +00:00
status = TRUST_E_FAIL ;
}
}
}
return status ;
}
2017-05-18 10:24:09 +00:00
static DWORD VerifyServerCertificate ( PCCERT_CONTEXT pServerCert , PWSTR pwszServerName , DWORD dwCertFlags , qboolean datagram )
2013-06-24 09:04:00 +00:00
{
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
HTTPSPolicyCallbackData polHttps ;
CERT_CHAIN_POLICY_PARA PolicyPara ;
CERT_CHAIN_POLICY_STATUS PolicyStatus ;
CERT_CHAIN_PARA ChainPara ;
PCCERT_CHAIN_CONTEXT pChainContext ;
DWORD Status ;
LPSTR rgszUsages [ ] =
2013-06-24 09:04:00 +00:00
{
szOID_PKIX_KP_SERVER_AUTH ,
szOID_SERVER_GATED_CRYPTO ,
szOID_SGC_NETSCAPE
} ;
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
DWORD cUsages = sizeof ( rgszUsages ) / sizeof ( LPSTR ) ;
2013-06-24 09:04:00 +00:00
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
if ( pServerCert = = NULL )
2013-06-24 09:04:00 +00:00
return SEC_E_WRONG_PRINCIPAL ;
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
if ( ! * pwszServerName )
2013-06-24 09:04:00 +00:00
return SEC_E_WRONG_PRINCIPAL ;
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
// Build certificate chain.
memset ( & ChainPara , 0 , sizeof ( ChainPara ) ) ;
ChainPara . cbSize = sizeof ( ChainPara ) ;
ChainPara . RequestedUsage . dwType = USAGE_MATCH_TYPE_OR ;
ChainPara . RequestedUsage . Usage . cUsageIdentifier = cUsages ;
ChainPara . RequestedUsage . Usage . rgpszUsageIdentifier = rgszUsages ;
if ( ! crypt . pCertGetCertificateChain ( NULL , pServerCert , NULL , pServerCert - > hCertStore , & ChainPara , 0 , NULL , & pChainContext ) )
{
Status = GetLastError ( ) ;
Sys_Printf ( " Error %#lx returned by CertGetCertificateChain! \n " , Status ) ;
}
2013-06-24 09:04:00 +00:00
else
{
// Validate certificate chain.
memset ( & polHttps , 0 , sizeof ( HTTPSPolicyCallbackData ) ) ;
polHttps . cbStruct = sizeof ( HTTPSPolicyCallbackData ) ;
polHttps . dwAuthType = AUTHTYPE_SERVER ;
polHttps . fdwChecks = dwCertFlags ;
polHttps . pwszServerName = pwszServerName ;
memset ( & PolicyPara , 0 , sizeof ( PolicyPara ) ) ;
PolicyPara . cbSize = sizeof ( PolicyPara ) ;
PolicyPara . pvExtraPolicyPara = & polHttps ;
memset ( & PolicyStatus , 0 , sizeof ( PolicyStatus ) ) ;
PolicyStatus . cbSize = sizeof ( PolicyStatus ) ;
if ( ! crypt . pCertVerifyCertificateChainPolicy ( CERT_CHAIN_POLICY_SSL , pChainContext , & PolicyPara , & PolicyStatus ) )
{
Status = GetLastError ( ) ;
Reworked client support for DPP5+. less code now, its much more graceful.
added waterfog command. waterfog overrides regular fog only when the view is in water.
fixed 64bit printf format specifiers. should work better on winxp64.
fixed some spec angle weirdness.
fixed viewsize 99.99 weirdness with ezhud.
fixed extra offset on the console (exhibited in 64bit builds, but not limited to).
fixed .avi playback, can now actually display frames again.
reimplemented line sparks.
fixed r_editlights_save flipping the light's pitch.
fixed issue with oggs failing to load.
fixed condump to cope with unicode properly.
made sv_bigcoords default except in quake. hexen2 kinda needs it for bsp angle precision.
fixed nq server to not stall weirdly on map changes.
fixed qwprogs svc_cdtrack not bugging out with nq clients on the server.
fixed restart command to load the last map run by the server, instead of start.bsp (when idle)
optimised d3d9 renderer a little. now uses less draw calls, especially with complex scenes. seems to get higher framerates than opengl now.
fixed d3d9 renderer to not bug out quite so much when run fullscreen (shader subsystem is now correctly initialised).
fixed a couple of bugs from font change. also now supports utf-8 in a few more places.
r_editlights_reload no longer generates rtlights inside the void. this resolves a few glitches (but should also help framerates a little).
fixed so corona-only lights won't generate shadowmaps and waste lots of time.
removed lots of #defines from qclib. I should never have made them in the first place, but I was lazy. obviously there's more left that I cba to remove yet.
fixed nested calls with variant-vectors. this fixes csaddon's light editor.
fixed qcc hc calling conventions using redundant stores.
disabled keywords can still be used by using __keyword instead.
fixed ftegccgui grep feature.
fixed motionless-dog qcc bug.
tweaked qcc warnings a little. -Wall is now a viable setting. you should be able to fix all those warnings.
fixed qw svc_intermission + dpp5+ clients bug.
fixed annoying spam about disconnecting in hexen2.
rewrote status command a little to cope with ipv6 addresses more gracefully
fixed significant stall when hibernating/debugging a server with a player sitting on it.
fixed truelightning.
fixed rocketlight overriding pflags.
fixed torches vanishing on vid_restart.
fixed issue with decal scaling.
fixed findentityfield builtin.
fixed fteqcc issue with ptr+1
fixed use of arrays inside class functions.
fixed/implemented fteqcc emulation of pointer opcodes.
added __inout keyword to fteqcc, so that it doesn't feel so horrendous.
fixed sizeof(*foo)
fixed *struct = struct;
fixed recursive structs.
fixed fteqcc warning report.
fixed sdl2 controller support, hopefully.
attempted to implement xinput, including per-player audio playback.
slightly fixed relaxed attitude to mouse focus when running fullscreen.
fixed weird warnings/errors with 'ent.arrayhead' terms. now generates sane errors.
implemented bindmaps (for csqc).
fixed crashing bug with eprint builtin.
implemented subset of music_playlist_* functionality. significant changes to music playback.
fixed some more dpcsqc compat.
fixed binds menu. now displays and accepts modifiers.
fixed issues with huge lightmaps.
fixed protocol determinism with dp clients connecting to fte servers. the initial getchallenge request now inhibits vanilla nq connection requests.
implemented support for 'dupe' userinfo key, allowing clients to request client->server packet duplication. should probably queue them tbh.
implemented sv_saveentfile command.
fixed resume after breaking inside a stepped-over function.
fixed erroneous footer after debugging.
(I wonder just how many things I broke with these fixes)
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4946 fc73d0e0-1445-4013-8a0c-d673dee63da5
2015-07-26 10:56:18 +00:00
Sys_Printf ( " Error %#lx returned by CertVerifyCertificateChainPolicy! \n " , Status ) ;
2013-06-24 09:04:00 +00:00
}
else
{
2017-05-18 10:24:09 +00:00
Status = VerifyKnownCertificates ( PolicyStatus . dwError , pwszServerName , pServerCert - > pbCertEncoded , pServerCert - > cbCertEncoded , datagram ) ;
2014-12-25 20:10:05 +00:00
if ( Status )
2013-06-24 09:04:00 +00:00
{
2013-07-13 12:14:32 +00:00
char fmsg [ 512 ] ;
2013-06-24 09:04:00 +00:00
char * err ;
switch ( Status )
{
case CERT_E_EXPIRED : err = " CERT_E_EXPIRED " ; break ;
case CERT_E_VALIDITYPERIODNESTING : err = " CERT_E_VALIDITYPERIODNESTING " ; break ;
case CERT_E_ROLE : err = " CERT_E_ROLE " ; break ;
case CERT_E_PATHLENCONST : err = " CERT_E_PATHLENCONST " ; break ;
case CERT_E_CRITICAL : err = " CERT_E_CRITICAL " ; break ;
case CERT_E_PURPOSE : err = " CERT_E_PURPOSE " ; break ;
case CERT_E_ISSUERCHAINING : err = " CERT_E_ISSUERCHAINING " ; break ;
case CERT_E_MALFORMED : err = " CERT_E_MALFORMED " ; break ;
case CERT_E_UNTRUSTEDROOT : err = " CERT_E_UNTRUSTEDROOT " ; break ;
case CERT_E_CHAINING : err = " CERT_E_CHAINING " ; break ;
case TRUST_E_FAIL : err = " TRUST_E_FAIL " ; break ;
case CERT_E_REVOKED : err = " CERT_E_REVOKED " ; break ;
case CERT_E_UNTRUSTEDTESTROOT : err = " CERT_E_UNTRUSTEDTESTROOT " ; break ;
case CERT_E_REVOCATION_FAILURE : err = " CERT_E_REVOCATION_FAILURE " ; break ;
2013-07-13 12:14:32 +00:00
case CERT_E_CN_NO_MATCH :
err = fmsg ;
Q_strncpyz ( fmsg , " Certificate is for " , sizeof ( fmsg ) ) ;
crypt . pCertNameToStrA ( X509_ASN_ENCODING , & pServerCert - > pCertInfo - > Subject , 0 , fmsg + strlen ( fmsg ) , sizeof ( fmsg ) - strlen ( fmsg ) ) ;
break ;
2013-06-24 09:04:00 +00:00
case CERT_E_WRONG_USAGE : err = " CERT_E_WRONG_USAGE " ; break ;
default : err = " (unknown) " ; break ;
}
2014-12-25 20:10:05 +00:00
Con_Printf ( " Error verifying certificate for '%ls': %s \n " , pwszServerName , err ) ;
2013-06-24 09:04:00 +00:00
if ( tls_ignorecertificateerrors - > ival )
{
Con_Printf ( " pretending it didn't happen... (tls_ignorecertificateerrors is set) \n " ) ;
Status = SEC_E_OK ;
}
}
else
Status = SEC_E_OK ;
}
crypt . pCertFreeCertificateChain ( pChainContext ) ;
}
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
return Status ;
2013-03-31 04:21:08 +00:00
}
2014-03-30 08:55:06 +00:00
static PCCERT_CONTEXT SSPI_GetServerCertificate ( void )
{
static PCCERT_CONTEXT ret ;
char * issuertext = " CN=127.0.0.1, O= \" FTE QuakeWorld \" , OU=Testing, C=TR " ;
CERT_NAME_BLOB issuerblob ;
CRYPT_ALGORITHM_IDENTIFIER sigalg ;
SYSTEMTIME expiredate ;
if ( ret )
return ret ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
memset ( & sigalg , 0 , sizeof ( sigalg ) ) ;
sigalg . pszObjId = szOID_RSA_SHA512RSA ;
2014-03-30 08:55:06 +00:00
GetSystemTime ( & expiredate ) ;
expiredate . wYear + = 2 ; //2 years hence. woo
memset ( & issuerblob , 0 , sizeof ( issuerblob ) ) ;
crypt . pCertStrToNameA ( X509_ASN_ENCODING , issuertext , CERT_X500_NAME_STR , NULL , issuerblob . pbData , & issuerblob . cbData , NULL ) ;
issuerblob . pbData = Z_Malloc ( issuerblob . cbData ) ;
crypt . pCertStrToNameA ( X509_ASN_ENCODING , issuertext , CERT_X500_NAME_STR , NULL , issuerblob . pbData , & issuerblob . cbData , NULL ) ;
ret = crypt . pCertCreateSelfSignCertificate (
0 ,
& issuerblob ,
0 ,
NULL ,
& sigalg ,
NULL ,
& expiredate ,
NULL
) ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
if ( ! ret )
{ //try and downgrade the signature algo if it failed.
sigalg . pszObjId = szOID_RSA_SHA1RSA ;
ret = crypt . pCertCreateSelfSignCertificate (
0 ,
& issuerblob ,
0 ,
NULL ,
& sigalg ,
NULL ,
& expiredate ,
NULL
) ;
}
2014-03-30 08:55:06 +00:00
Z_Free ( issuerblob . pbData ) ;
return ret ;
}
static void SSPI_GenServerCredentials ( sslfile_t * f )
2013-06-24 09:04:00 +00:00
{
SECURITY_STATUS ss ;
TimeStamp Lifetime ;
2014-03-30 08:55:06 +00:00
SCHANNEL_CRED SchannelCred ;
PCCERT_CONTEXT cred ;
memset ( & SchannelCred , 0 , sizeof ( SchannelCred ) ) ;
SchannelCred . dwVersion = SCHANNEL_CRED_VERSION ;
2016-07-12 00:40:13 +00:00
SchannelCred . grbitEnabledProtocols = f - > datagram ? USE_PROT_DGRAM_SERVER : USE_PROT_SERVER ;
2014-03-30 08:55:06 +00:00
SchannelCred . dwFlags | = SCH_CRED_NO_SYSTEM_MAPPER | SCH_CRED_DISABLE_RECONNECTS ; /*don't use windows login info or anything*/
cred = SSPI_GetServerCertificate ( ) ;
SchannelCred . cCreds = 1 ;
SchannelCred . paCred = & cred ;
if ( ! cred )
{
SSPI_Error ( f , " Unable to load/generate certificate \n " ) ;
return ;
}
ss = secur . pAcquireCredentialsHandleA ( NULL , UNISP_NAME_A , SECPKG_CRED_INBOUND , NULL , & SchannelCred , NULL , NULL , & f - > cred , & Lifetime ) ;
if ( ss < 0 )
{
SSPI_Error ( f , " AcquireCredentialsHandle failed \n " ) ;
return ;
}
}
static void SSPI_Handshake ( sslfile_t * f )
{
SECURITY_STATUS ss ;
TimeStamp Lifetime ;
SecBufferDesc OutBuffDesc ;
2017-05-18 10:24:09 +00:00
SecBuffer OutSecBuff [ 8 ] ;
2014-03-30 08:55:06 +00:00
SecBufferDesc InBuffDesc ;
2017-05-18 10:24:09 +00:00
SecBuffer InSecBuff [ 8 ] ;
2014-03-30 08:55:06 +00:00
ULONG ContextAttributes ;
2013-06-24 09:04:00 +00:00
SCHANNEL_CRED SchannelCred ;
2017-05-18 10:24:09 +00:00
int i ;
qboolean retries = 5 ;
// char buf1[128];
// char buf2[128];
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
retry :
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
2013-06-24 09:04:00 +00:00
if ( f - > outcrypt . avail )
{
//don't let things build up too much
SSPI_TryFlushCryptOut ( f ) ;
if ( f - > outcrypt . avail )
return ;
}
2014-03-30 08:55:06 +00:00
//FIXME: skip this if we've had no new data since last time
2013-06-24 09:04:00 +00:00
OutBuffDesc . ulVersion = SECBUFFER_VERSION ;
2017-05-18 10:24:09 +00:00
OutBuffDesc . cBuffers = countof ( OutSecBuff ) ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
OutBuffDesc . pBuffers = OutSecBuff ;
OutSecBuff [ 0 ] . BufferType = SECBUFFER_TOKEN ;
2017-05-18 10:24:09 +00:00
OutSecBuff [ 0 ] . cbBuffer = f - > outcrypt . datasize - f - > outcrypt . avail ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
OutSecBuff [ 0 ] . pvBuffer = f - > outcrypt . data + f - > outcrypt . avail ;
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
for ( i = 0 ; i < OutBuffDesc . cBuffers ; i + + )
{
OutSecBuff [ i ] . BufferType = SECBUFFER_EMPTY ;
OutSecBuff [ i ] . pvBuffer = NULL ;
OutSecBuff [ i ] . cbBuffer = 0 ;
}
2013-06-24 09:04:00 +00:00
2014-03-30 08:55:06 +00:00
if ( f - > handshaking = = HS_ERROR )
return ; //gave up.
else if ( f - > handshaking = = HS_STARTCLIENT )
2013-06-24 09:04:00 +00:00
{
//no input data yet.
f - > handshaking = HS_CLIENT ;
memset ( & SchannelCred , 0 , sizeof ( SchannelCred ) ) ;
SchannelCred . dwVersion = SCHANNEL_CRED_VERSION ;
2016-07-12 00:40:13 +00:00
SchannelCred . grbitEnabledProtocols = f - > datagram ? USE_PROT_DGRAM_CLIENT : USE_PROT_CLIENT ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
SchannelCred . dwFlags | = SCH_CRED_SNI_CREDENTIAL | SCH_CRED_NO_DEFAULT_CREDS ; /*don't use windows login info or anything*/
2013-06-24 09:04:00 +00:00
ss = secur . pAcquireCredentialsHandleA ( NULL , UNISP_NAME_A , SECPKG_CRED_OUTBOUND , NULL , & SchannelCred , NULL , NULL , & f - > cred , & Lifetime ) ;
if ( ss < 0 )
{
SSPI_Error ( f , " AcquireCredentialsHandle failed \n " ) ;
return ;
}
2016-07-12 00:40:13 +00:00
ss = secur . pInitializeSecurityContextW ( & f - > cred , NULL , f - > wpeername , MessageAttribute | ( f - > datagram ? ISC_REQ_DATAGRAM : ISC_REQ_STREAM ) , 0 , SECURITY_NATIVE_DREP , NULL , 0 , & f - > sechnd , & OutBuffDesc , & ContextAttributes , & Lifetime ) ;
2013-06-24 09:04:00 +00:00
}
2014-03-30 08:55:06 +00:00
else if ( f - > handshaking = = HS_CLIENT )
2013-06-24 09:04:00 +00:00
{
//only if we actually have data.
2017-05-18 10:24:09 +00:00
if ( ! f - > incrypt . avail & & ! f - > datagram )
2013-06-24 09:04:00 +00:00
return ;
InBuffDesc . ulVersion = SECBUFFER_VERSION ;
2017-05-18 10:24:09 +00:00
InBuffDesc . cBuffers = 4 ;
2013-06-24 09:04:00 +00:00
InBuffDesc . pBuffers = InSecBuff ;
2017-05-18 10:24:09 +00:00
i = 0 ;
if ( f - > incrypt . avail )
{
InSecBuff [ i ] . BufferType = SECBUFFER_TOKEN ;
InSecBuff [ i ] . cbBuffer = f - > incrypt . avail ;
InSecBuff [ i ] . pvBuffer = f - > incrypt . data ;
i + + ;
}
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
for ( ; i < InBuffDesc . cBuffers ; i + + )
{
InSecBuff [ i ] . BufferType = SECBUFFER_EMPTY ;
InSecBuff [ i ] . pvBuffer = NULL ;
InSecBuff [ i ] . cbBuffer = 0 ;
}
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
ss = secur . pInitializeSecurityContextW ( & f - > cred , & f - > sechnd , NULL , MessageAttribute | ( f - > datagram ? ISC_REQ_DATAGRAM : ISC_REQ_STREAM ) , 0 , SECURITY_NETWORK_DREP , & InBuffDesc , 0 , & f - > sechnd , & OutBuffDesc , & ContextAttributes , & Lifetime ) ;
2013-06-24 09:04:00 +00:00
if ( ss = = SEC_E_INCOMPLETE_MESSAGE )
2015-04-14 23:12:17 +00:00
{
2017-05-18 10:24:09 +00:00
// Con_Printf("SEC_E_INCOMPLETE_MESSAGE\n");
if ( ! f - > datagram & & f - > incrypt . avail = = f - > incrypt . datasize )
2015-04-14 23:12:17 +00:00
SSPI_ExpandBuffer ( & f - > incrypt , f - > incrypt . datasize + 1024 ) ;
2013-06-24 09:04:00 +00:00
return ;
2015-04-14 23:12:17 +00:00
}
2017-05-18 10:24:09 +00:00
else if ( ss = = SEC_E_INVALID_TOKEN )
{
// Con_Printf("SEC_E_INVALID_TOKEN\n");
if ( f - > datagram )
return ; //our udp protocol may have non-dtls packets mixed in. besides, we don't want to die from spoofed packets.
}
// else if (ss == SEC_I_MESSAGE_FRAGMENT)
// Con_Printf("SEC_I_MESSAGE_FRAGMENT\n");
// else if (ss == SEC_I_CONTINUE_NEEDED)
// Con_Printf("SEC_I_CONTINUE_NEEDED\n");
// else
// Con_Printf("InitializeSecurityContextA %x\n", ss);
2013-06-24 09:04:00 +00:00
//any extra data should still remain for the next time around. this might be more handshake data or payload data.
if ( InSecBuff [ 1 ] . BufferType = = SECBUFFER_EXTRA )
{
memmove ( f - > incrypt . data , f - > incrypt . data + ( f - > incrypt . avail - InSecBuff [ 1 ] . cbBuffer ) , InSecBuff [ 1 ] . cbBuffer ) ;
f - > incrypt . avail = InSecBuff [ 1 ] . cbBuffer ;
}
else f - > incrypt . avail = 0 ;
}
2014-03-30 08:55:06 +00:00
else if ( f - > handshaking = = HS_STARTSERVER | | f - > handshaking = = HS_SERVER )
{
//only if we actually have data.
if ( ! f - > incrypt . avail )
return ;
InBuffDesc . ulVersion = SECBUFFER_VERSION ;
2017-05-18 10:24:09 +00:00
InBuffDesc . cBuffers = countof ( InSecBuff ) ;
2014-03-30 08:55:06 +00:00
InBuffDesc . pBuffers = InSecBuff ;
2017-05-18 10:24:09 +00:00
i = 0 ;
2014-03-30 08:55:06 +00:00
2017-05-18 10:24:09 +00:00
if ( f - > incrypt . avail )
{
InSecBuff [ i ] . BufferType = SECBUFFER_TOKEN ;
InSecBuff [ i ] . cbBuffer = f - > incrypt . avail ;
InSecBuff [ i ] . pvBuffer = f - > incrypt . data ;
i + + ;
}
2014-03-30 08:55:06 +00:00
2017-05-18 10:24:09 +00:00
for ( ; i < InBuffDesc . cBuffers ; i + + )
{
InSecBuff [ i ] . BufferType = SECBUFFER_EMPTY ;
InSecBuff [ i ] . pvBuffer = NULL ;
InSecBuff [ i ] . cbBuffer = 0 ;
}
2014-03-30 08:55:06 +00:00
2017-05-18 10:24:09 +00:00
i = 1 ;
OutSecBuff [ i + + ] . BufferType = SECBUFFER_EXTRA ;
OutSecBuff [ i + + ] . BufferType = 17 /*SECBUFFER_ALERT*/ ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
2017-05-18 10:24:09 +00:00
# define ServerMessageAttribute (ASC_REQ_SEQUENCE_DETECT | ASC_REQ_REPLAY_DETECT | ASC_REQ_CONFIDENTIALITY /*| ASC_REQ_EXTENDED_ERROR*/ | ASC_REQ_ALLOCATE_MEMORY)
2014-03-30 08:55:06 +00:00
2017-05-18 10:24:09 +00:00
ss = secur . pAcceptSecurityContext ( & f - > cred , ( f - > handshaking = = HS_SERVER ) ? & f - > sechnd : NULL , & InBuffDesc ,
ServerMessageAttribute | ( f - > datagram ? ASC_REQ_DATAGRAM : ASC_REQ_STREAM ) , SECURITY_NETWORK_DREP , & f - > sechnd ,
& OutBuffDesc , & ContextAttributes , NULL ) ;
if ( ss = = SEC_E_INVALID_TOKEN )
2015-04-14 23:12:17 +00:00
{
2017-05-18 10:24:09 +00:00
// Con_Printf("SEC_E_INVALID_TOKEN\n");
if ( f - > datagram )
return ;
}
else if ( ss = = SEC_E_INCOMPLETE_MESSAGE )
{
// Con_Printf("SEC_E_INCOMPLETE_MESSAGE\n");
if ( ! f - > datagram & & f - > incrypt . avail = = f - > incrypt . datasize )
2015-04-14 23:12:17 +00:00
SSPI_ExpandBuffer ( & f - > incrypt , f - > incrypt . datasize + 1024 ) ;
2014-03-30 08:55:06 +00:00
return ;
2015-04-14 23:12:17 +00:00
}
2017-05-18 10:24:09 +00:00
// else
// Con_Printf("InitializeSecurityContextA %x\n", ss);
2014-03-30 08:55:06 +00:00
f - > handshaking = HS_SERVER ;
//any extra data should still remain for the next time around. this might be more handshake data or payload data.
if ( InSecBuff [ 1 ] . BufferType = = SECBUFFER_EXTRA )
{
memmove ( f - > incrypt . data , f - > incrypt . data + ( f - > incrypt . avail - InSecBuff [ 1 ] . cbBuffer ) , InSecBuff [ 1 ] . cbBuffer ) ;
f - > incrypt . avail = InSecBuff [ 1 ] . cbBuffer ;
}
else f - > incrypt . avail = 0 ;
}
else
return ;
2013-06-24 09:04:00 +00:00
if ( ss = = SEC_I_INCOMPLETE_CREDENTIALS )
{
SSPI_Error ( f , " server requires credentials \n " ) ;
return ;
}
if ( ss < 0 )
{
2014-03-30 08:55:06 +00:00
switch ( ss )
{
case SEC_E_ALGORITHM_MISMATCH : SSPI_Error ( f , " InitializeSecurityContext failed: SEC_E_ALGORITHM_MISMATCH \n " ) ; break ;
case SEC_E_INVALID_HANDLE : SSPI_Error ( f , " InitializeSecurityContext failed: SEC_E_INVALID_HANDLE \n " ) ; break ;
case SEC_E_ILLEGAL_MESSAGE : SSPI_Error ( f , " InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE \n " ) ; break ;
case SEC_E_INVALID_TOKEN : SSPI_Error ( f , " InitializeSecurityContext failed: SEC_E_INVALID_TOKEN \n " ) ; break ;
2017-05-18 10:24:09 +00:00
case SEC_E_INVALID_PARAMETER : SSPI_Error ( f , " InitializeSecurityContext failed: SEC_E_INVALID_PARAMETER \n " ) ; break ;
default : SSPI_Error ( f , " InitializeSecurityContext failed: %lx \n " , ( long ) ss ) ; break ;
2014-03-30 08:55:06 +00:00
}
2013-06-24 09:04:00 +00:00
return ;
}
if ( ( SEC_I_COMPLETE_NEEDED = = ss ) | | ( SEC_I_COMPLETE_AND_CONTINUE = = ss ) )
{
ss = secur . pCompleteAuthToken ( & f - > sechnd , & OutBuffDesc ) ;
if ( ss < 0 )
{
SSPI_Error ( f , " CompleteAuthToken failed \n " ) ;
return ;
}
}
//its all okay and established if we get this far.
if ( ss = = SEC_E_OK )
{
SecPkgContext_StreamSizes strsizes ;
CERT_CONTEXT * remotecert ;
secur . pQueryContextAttributesA ( & f - > sechnd , SECPKG_ATTR_STREAM_SIZES , & strsizes ) ;
f - > headersize = strsizes . cbHeader ;
f - > footersize = strsizes . cbTrailer ;
2014-03-30 08:55:06 +00:00
if ( f - > handshaking ! = HS_SERVER )
{ //server takes an annonymous client. client expects a proper certificate.
if ( * f - > wpeername )
2013-06-26 03:41:29 +00:00
{
2014-03-30 08:55:06 +00:00
ss = secur . pQueryContextAttributesA ( & f - > sechnd , SECPKG_ATTR_REMOTE_CERT_CONTEXT , & remotecert ) ;
if ( ss ! = SEC_E_OK )
{
f - > handshaking = HS_ERROR ;
SSPI_Error ( f , " unable to read server's certificate \n " ) ;
return ;
}
2017-05-18 10:24:09 +00:00
if ( VerifyServerCertificate ( remotecert , f - > wpeername , 0 , f - > datagram ) )
2014-03-30 08:55:06 +00:00
{
f - > handshaking = HS_ERROR ;
SSPI_Error ( f , " Error validating certificante \n " ) ;
return ;
}
2013-06-26 03:41:29 +00:00
}
2014-03-30 08:55:06 +00:00
else
Sys_Printf ( " SSL/TLS Server name not specified, skipping verification \n " ) ;
2013-06-24 09:04:00 +00:00
}
2014-03-30 08:55:06 +00:00
f - > handshaking = HS_ESTABLISHED ;
2017-05-18 10:24:09 +00:00
}
2013-06-24 09:04:00 +00:00
2017-05-18 10:24:09 +00:00
//send early, send often.
# ifdef HAVE_DTLS
if ( f - > transmit )
{
for ( i = 0 ; i < OutBuffDesc . cBuffers ; i + + )
if ( OutSecBuff [ i ] . BufferType = = SECBUFFER_TOKEN & & OutSecBuff [ i ] . cbBuffer )
f - > transmit ( f - > cbctx , OutSecBuff [ i ] . pvBuffer , OutSecBuff [ i ] . cbBuffer ) ;
2013-06-24 09:04:00 +00:00
}
2017-05-18 10:24:09 +00:00
else
# endif
{
i = 0 ;
if ( SSPI_CopyIntoBuffer ( & f - > outcrypt , OutSecBuff [ i ] . pvBuffer , OutSecBuff [ i ] . cbBuffer , true ) < OutSecBuff [ i ] . cbBuffer )
{
SSPI_Error ( f , " crypt overflow \n " ) ;
return ;
}
SSPI_TryFlushCryptOut ( f ) ;
}
if ( f - > handshaking = = HS_ESTABLISHED )
SSPI_Encode ( f ) ;
else if ( ss = = SEC_I_MESSAGE_FRAGMENT ) //looks like we can connect faster if we loop when we get this result.
if ( retries - - > 0 )
goto retry ;
2013-03-31 04:21:08 +00:00
}
2013-05-03 04:28:08 +00:00
static int QDECL SSPI_ReadBytes ( struct vfsfile_s * file , void * buffer , int bytestoread )
2013-03-31 04:21:08 +00:00
{
sslfile_t * f = ( sslfile_t * ) file ;
2013-06-24 09:04:00 +00:00
int err = SSPI_CheckNewInCrypt ( f ) ;
2013-03-31 04:21:08 +00:00
if ( f - > handshaking )
{
SSPI_Handshake ( f ) ;
return err ;
}
SSPI_Encode ( f ) ;
SSPI_Decode ( f ) ;
bytestoread = min ( bytestoread , f - > inraw . avail ) ;
if ( bytestoread )
{
memcpy ( buffer , f - > inraw . data , bytestoread ) ;
f - > inraw . avail - = bytestoread ;
memmove ( f - > inraw . data , f - > inraw . data + bytestoread , f - > inraw . avail ) ;
}
else
{
2013-06-24 09:04:00 +00:00
if ( err )
2013-03-31 04:21:08 +00:00
return err ;
}
return bytestoread ;
}
2013-05-03 04:28:08 +00:00
static int QDECL SSPI_WriteBytes ( struct vfsfile_s * file , const void * buffer , int bytestowrite )
2013-03-31 04:21:08 +00:00
{
sslfile_t * f = ( sslfile_t * ) file ;
2015-05-14 03:06:58 +00:00
//don't endlessly accept data faster than we can push it out.
//we'll buffer a little, but don't go overboard
if ( f - > outcrypt . avail > 8192 )
return false ;
bytestowrite = SSPI_CopyIntoBuffer ( & f - > outraw , buffer , bytestowrite , false ) ;
2013-03-31 04:21:08 +00:00
if ( f - > handshaking )
{
SSPI_CheckNewInCrypt ( f ) ; //make sure its ticking over
SSPI_Handshake ( f ) ;
}
else
{
SSPI_Encode ( f ) ;
}
return bytestowrite ;
}
2014-02-07 08:38:40 +00:00
static qboolean QDECL SSPI_Seek ( struct vfsfile_s * file , qofs_t pos )
2013-03-31 04:21:08 +00:00
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( ( sslfile_t * ) file , " unable to seek on streams \n " ) ;
2013-03-31 04:21:08 +00:00
return false ;
}
2014-02-07 08:38:40 +00:00
static qofs_t QDECL SSPI_Tell ( struct vfsfile_s * file )
2013-03-31 04:21:08 +00:00
{
2013-06-26 03:41:29 +00:00
SSPI_Error ( ( sslfile_t * ) file , " unable to seek on streams \n " ) ;
2013-03-31 04:21:08 +00:00
return 0 ;
}
2014-02-07 08:38:40 +00:00
static qofs_t QDECL SSPI_GetLen ( struct vfsfile_s * file )
2013-03-31 04:21:08 +00:00
{
return 0 ;
}
2014-03-30 08:55:06 +00:00
static qboolean QDECL SSPI_Close ( struct vfsfile_s * file )
2013-03-31 04:21:08 +00:00
{
2014-03-30 08:55:06 +00:00
sslfile_t * f = ( sslfile_t * ) file ;
qboolean success = f - > stream ! = NULL ;
SSPI_Error ( f , " " ) ;
2015-04-14 23:12:17 +00:00
Z_Free ( f - > outraw . data ) ;
Z_Free ( f - > outcrypt . data ) ;
Z_Free ( f - > inraw . data ) ;
Z_Free ( f - > incrypt . data ) ;
2014-03-30 08:55:06 +00:00
Z_Free ( f ) ;
return success ;
2013-03-31 04:21:08 +00:00
}
# include <wchar.h>
2017-05-18 10:24:09 +00:00
vfsfile_t * FS_OpenSSL ( const char * servername , vfsfile_t * source , qboolean server )
2013-03-31 04:21:08 +00:00
{
sslfile_t * newf ;
int i = 0 ;
int err ;
unsigned int c ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
const char * localname , * peername ;
2013-03-31 04:21:08 +00:00
2014-12-25 20:10:05 +00:00
if ( ! source | | ! SSL_Inited ( ) )
2013-03-31 04:21:08 +00:00
{
2015-01-02 05:57:14 +00:00
if ( source )
VFS_CLOSE ( source ) ;
2013-03-31 04:21:08 +00:00
return NULL ;
}
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
if ( server )
{
localname = servername ;
peername = " " ;
}
else
{
localname = " " ;
peername = servername ;
}
2013-03-31 04:21:08 +00:00
2014-03-30 08:55:06 +00:00
/*
2013-03-31 04:21:08 +00:00
if ( server ) //unsupported
{
VFS_CLOSE ( source ) ;
return NULL ;
}
2014-03-30 08:55:06 +00:00
*/
2013-03-31 04:21:08 +00:00
newf = Z_Malloc ( sizeof ( * newf ) ) ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
while ( * peername )
2013-03-31 04:21:08 +00:00
{
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
c = utf8_decode ( & err , peername , ( void * ) & peername ) ;
2013-03-31 04:21:08 +00:00
if ( c > WCHAR_MAX )
err = true ; //no 16bit surrogates. they're evil.
else if ( i = = sizeof ( newf - > wpeername ) / sizeof ( newf - > wpeername [ 0 ] ) - 1 )
err = true ; //no space to store it
else
newf - > wpeername [ i + + ] = c ;
if ( err )
{
Z_Free ( newf ) ;
VFS_CLOSE ( source ) ;
return NULL ;
}
}
newf - > wpeername [ i ] = 0 ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
2013-03-31 04:21:08 +00:00
newf - > handshaking = server ? HS_STARTSERVER : HS_STARTCLIENT ;
newf - > stream = source ;
newf - > funcs . Close = SSPI_Close ;
newf - > funcs . Flush = NULL ;
newf - > funcs . GetLen = SSPI_GetLen ;
newf - > funcs . ReadBytes = SSPI_ReadBytes ;
newf - > funcs . Seek = SSPI_Seek ;
newf - > funcs . Tell = SSPI_Tell ;
newf - > funcs . WriteBytes = SSPI_WriteBytes ;
playdemo accepts https urls now. will start playing before the file has finished downloading, to avoid unnecessary delays.
reworked network addresses to separate address family and connection type. this should make banning people more reliable, as well as simplifying a whole load of logic (no need to check for ipv4 AND ipv6).
tcpconnect will keep trying to connect even if the connection wasn't instant, instead of giving up instantly.
rewrote tcp connections quite a bit. sv_port_tcp now handles qtv+qizmo+http+ws+rtcbroker+tls equivalents.
qtv_streamport is now a legacy cvar and now acts equivalently to sv_port_tcp (but still separate).
rewrote screenshot and video capture code to use strides. this solves image-is-upside down issues with vulkan.
ignore alt key in browser port. oh no! no more red text! oh no! no more alt-being-wrongly-down-and-being-unable-to-type-anything-without-forcing-alt-released!
reworked audio decoder interface. now has clearly defined success/unavailable/end-of-file results. this should solve a whole load of issues with audio streaming.
fixed various openal audio streaming issues too. openal also got some workarounds for emscripten's poor emulation.
fixed ogg decoder to retain sync properly if seeked.
updated menu_media a bit. now reads vorbis comments/id3v1 tags to get proper track names. also saves the playlist so you don't have to manually repopulate the list so it might actually be usable now (after how many years?)
r_stains now defaults to 0, and is no longer enabled by presets. use decals if you want that sort of thing.
added fs_noreexec cvar, so configs will not be reexeced on gamedir change. this also means defaults won't be reapplied, etc.
added 'nvvk' renderer on windows, using nvidia's vulkan-inside-opengl gl extension. mostly just to see how much slower it is.
fixed up the ftp server quite a lot. more complete, more compliant, and should do ipv6 properly to-boot. file transfers also threaded.
fixed potential crash inside runclientphys.
experimental sv_antilag=3 setting. totally untested. the aim is to avoid missing due to lagged knockbacks. may be expensive for the server.
browser port's websockets support fixed. experimental support for webrtc ('works for me', requires a broker server).
updated avplug(renamed to ffmpeg so people know what it is) to use ffmpeg 3.2.4 properly, with its new encoder api. should be much more robust... also added experimental audio decoder for game music etc (currently doesn't resample, so playback rates are screwed, disabled by cvar).
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5097 fc73d0e0-1445-4013-8a0c-d673dee63da5
2017-05-10 02:08:58 +00:00
newf - > funcs . seekstyle = SS_UNSEEKABLE ;
2013-03-31 04:21:08 +00:00
2015-04-14 23:12:17 +00:00
SSPI_ExpandBuffer ( & newf - > outraw , 8192 ) ;
SSPI_ExpandBuffer ( & newf - > outcrypt , 8192 ) ;
SSPI_ExpandBuffer ( & newf - > inraw , 8192 ) ;
SSPI_ExpandBuffer ( & newf - > incrypt , 8192 ) ;
2014-03-30 08:55:06 +00:00
if ( server )
SSPI_GenServerCredentials ( newf ) ;
2013-03-31 04:21:08 +00:00
return & newf - > funcs ;
}
2017-05-18 10:24:09 +00:00
#if 0
struct nulldtls_s
{
void * cbctx ;
neterr_t ( * push ) ( void * cbctx , const qbyte * data , size_t datasize ) ;
} ;
void * DTLS_CreateContext ( void * cbctx , neterr_t ( * push ) ( void * cbctx , const qbyte * data , size_t datasize ) , qboolean isserver )
{
struct nulldtls_s * ctx = Z_Malloc ( sizeof ( * ctx ) ) ;
ctx - > cbctx = cbctx ;
ctx - > push = push ;
return ctx ;
}
qboolean DTLS_HasServerCertificate ( void )
{
//FIXME: at this point, schannel is still returning errors when I try acting as a server.
//so just block any attempt to use this as a server.
//clients don't need certs!
return false ;
}
neterr_t DTLS_Transmit ( void * vctx , const qbyte * data , size_t datasize )
{
struct nulldtls_s * ctx = vctx ;
neterr_t r ;
* ( int * ) data ^ = 0xdeadbeef ;
r = ctx - > push ( ctx - > cbctx , data , datasize ) ;
* ( int * ) data ^ = 0xdeadbeef ;
return r ;
}
neterr_t DTLS_Received ( void * ctx , qbyte * data , size_t datasize )
{
* ( int * ) data ^ = 0xdeadbeef ;
return NETERR_SENT ;
}
# elif defined(HAVE_DTLS)
void * DTLS_CreateContext ( char * remotehost , void * cbctx , neterr_t ( * push ) ( void * cbctx , const qbyte * data , size_t datasize ) , qboolean isserver )
{
int i = 0 ;
sslfile_t * ctx ;
if ( ! SSL_Inited ( ) )
return NULL ;
ctx = Z_Malloc ( sizeof ( * ctx ) ) ;
ctx - > datagram = true ;
ctx - > handshaking = isserver ? HS_STARTSERVER : HS_STARTCLIENT ;
ctx - > cbctx = cbctx ;
ctx - > transmit = push ;
while ( * remotehost )
{
int err ;
int c = utf8_decode ( & err , remotehost , ( void * ) & remotehost ) ;
if ( c > WCHAR_MAX )
err = true ; //no 16bit surrogates. they're evil.
else if ( i = = sizeof ( ctx - > wpeername ) / sizeof ( ctx - > wpeername [ 0 ] ) - 1 )
err = true ; //no space to store it
else
ctx - > wpeername [ i + + ] = c ;
if ( err )
{
Z_Free ( ctx ) ;
return NULL ;
}
}
ctx - > wpeername [ i ] = 0 ;
SSPI_ExpandBuffer ( & ctx - > outraw , 8192 ) ;
SSPI_ExpandBuffer ( & ctx - > outcrypt , 65536 ) ;
SSPI_ExpandBuffer ( & ctx - > inraw , 8192 ) ;
SSPI_ExpandBuffer ( & ctx - > incrypt , 65536 ) ;
if ( isserver )
SSPI_GenServerCredentials ( ctx ) ;
else
SSPI_Handshake ( ctx ) ; //begin the initial handshake now
return ctx ;
}
void DTLS_DestroyContext ( void * vctx )
{
SSPI_Close ( vctx ) ;
}
neterr_t DTLS_Transmit ( void * ctx , const qbyte * data , size_t datasize )
{
int ret ;
sslfile_t * f = ( sslfile_t * ) ctx ;
//Con_Printf("DTLS_Transmit: %i\n", datasize);
//sspi likes writing over the source data. make sure nothing is hurt by copying it out first.
f - > outraw . avail = 0 ;
SSPI_CopyIntoBuffer ( & f - > outraw , data , datasize , true ) ;
if ( f - > handshaking )
{
SSPI_Handshake ( f ) ;
if ( f - > handshaking = = HS_ERROR )
ret = NETERR_DISCONNECTED ;
ret = NETERR_CLOGGED ; //not ready yet
}
else
{
SSPI_Encode ( f ) ;
ret = NETERR_SENT ;
}
return ret ;
}
neterr_t DTLS_Received ( void * ctx , qbyte * data , size_t datasize )
{
int ret ;
sslfile_t * f = ( sslfile_t * ) ctx ;
//Con_Printf("DTLS_Received: %i\n", datasize);
f - > incrypt . data = data ;
f - > incrypt . avail = f - > incrypt . datasize = datasize ;
if ( f - > handshaking )
{
SSPI_Handshake ( f ) ;
ret = NETERR_CLOGGED ; //not ready yet
if ( f - > handshaking = = HS_ERROR )
ret = NETERR_DISCONNECTED ;
}
else
{
SSPI_Decode ( f ) ;
ret = NETERR_SENT ;
memcpy ( net_message_buffer , f - > inraw . data , f - > inraw . avail ) ;
net_message . cursize = f - > inraw . avail ;
f - > inraw . avail = 0 ;
net_message_buffer [ net_message . cursize ] = 0 ;
// Con_Printf("returning %i bytes: %s\n", net_message.cursize, net_message_buffer);
}
f - > incrypt . data = NULL ;
return ret ;
}
neterr_t DTLS_Timeouts ( void * ctx )
{
sslfile_t * f = ( sslfile_t * ) ctx ;
if ( f - > handshaking )
{
// SSPI_Handshake(f);
return NETERR_CLOGGED ;
}
return NETERR_SENT ;
}
# endif
2013-03-31 04:21:08 +00:00
# endif