When generating certificates with
`Crypto.generate_self_signed_certificate` we generate the PEM in a
buffer via `mbedtls_x509write_crt_pem`.
Since version 2.16.8, mbedtls adds spurious data at the end of the
buffer due to internal optimizations, this breaks our logic when we try
to immediately parse it and return a proper `X509Certificate` object.
This commit updates the code to find the actual PEM length to parse
using `strlen`, takes extra caution always adding the terminator to the
buffer, and slightly improve error messages.
I couldn't find a tool that enforces it, so I went the manual route:
```
find -name "thirdparty" -prune \
-o -name "*.cpp" -o -name "*.h" -o -name "*.m" -o -name "*.mm" \
-o -name "*.glsl" > files
perl -0777 -pi -e 's/\n}\n([^#])/\n}\n\n\1/g' $(cat files)
misc/scripts/fix_style.sh -c
```
This adds a newline after all `}` on the first column, unless they
are followed by `#` (typically `#endif`). This leads to having lots
of places with two lines between function/class definitions, but
clang-format then fixes it as we enforce max one line of separation.
This doesn't fix potential occurrences of function definitions which
are indented (e.g. for a helper class defined in a .cpp), but it's
better than nothing. Also can't be made to run easily on CI/hooks so
we'll have to be careful with new code.
Part of #33027.
Which means that reduz' beloved style which we all became used to
will now be changed automatically to remove the first empty line.
This makes us lean closer to 1TBS (the one true brace style) instead
of hybridating it with some Allman-inspired spacing.
There's still the case of braces around single-statement blocks that
needs to be addressed (but clang-format can't help with that, but
clang-tidy may if we agree about it).
Part of #33027.
Part of #33027, also discussed in #29848.
Enforcing the use of brackets even on single line statements would be
preferred, but `clang-format` doesn't have this functionality yet.
Configured for a max line length of 120 characters.
psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:
- Manually wrapped strings will be reflowed, so by using a line length
of 120 for the sake of preserving readability for our long command
calls, it also means that some manually wrapped strings are back on
the same line and should be manually merged again.
- Code generators using string concatenation extensively look awful,
since black puts each operand on a single line. We need to refactor
these generators to use more pythonic string formatting, for which
many options are available (`%`, `format` or f-strings).
- CI checks and a pre-commit hook will be added to ensure that future
buildsystem changes are well-formatted.
For us, it practically only changes the fact that `A<A<int>>` is now
used instead of the C++03 compatible `A<A<int> >`.
Note: clang-format 10+ changed the `Standard` arguments to fully
specified `c++11`, `c++14`, etc. versions, but we can't use `c++17`
now if we want to preserve compatibility with clang-format 8 and 9.
`Cpp11` is still supported as deprecated alias for `Latest`.
Happy new year to the wonderful Godot community!
We're starting a new decade with a well-established, non-profit, free
and open source game engine, and tons of further improvements in the
pipeline from hundreds of contributors.
Godot will keep getting better, and we're looking forward to all the
games that the community will keep developing and releasing with it.
connect_to_stream now accepts optional parameter to specify which
certificates to trust.
Implement accept_stream (SSL server) with key/cert parameters to specify
the RSA key and X509 certificate resources.
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by
separate libraries.
Since we bundle mbedtls in most cases, and we can easily only include
the needed sources if we so desire, let's use it.
To simplify library changes in the future, and better isolate header
dependencies all functions have been wrapped around inside a class in
`core/math/crypto_base.h`.
If the mbedtls module is disabled, we only bundle the needed source
files independently of the `builtin_mbedtls` option.
If the module is enabled, the `builtin_mbedtls` option works as usual.
Also remove some unused headers from StreamPeerMbedTLS which were
causing build issues.
mbedtls_ssl_read cannot be called with a NULL buffer even if len is 0,
as those are passed to memcpy and compilers doesn't like that.
Always pass a single byte (still len 0 so nothing is actually copied)
Fixes the following GCC 5 warnings and actual bugs:
```
drivers/unix/net_socket_posix.cpp:562:28: warning: comparison between 'enum IP::Type' and 'enum NetSocket::Type' [-Wenum-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: comparison of constant '17' with boolean expression is always true [-Wbool-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: comparison of constant '6' with boolean expression is always false [-Wbool-compare]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/mbedtls/stream_peer_mbed_tls.cpp:286:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
modules/mbedtls/stream_peer_mbed_tls.cpp:313:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
```
Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
This allows more consistency in the manner we include core headers,
where previously there would be a mix of absolute, relative and
include path-dependent includes.
