summaryrefslogtreecommitdiffstats
path: root/src/Protocol
diff options
context:
space:
mode:
Diffstat (limited to 'src/Protocol')
-rw-r--r--src/Protocol/Authenticator.cpp2
-rw-r--r--src/Protocol/MojangAPI.cpp44
-rw-r--r--src/Protocol/Protocol_1_8.cpp2
-rw-r--r--src/Protocol/Protocol_1_8.h4
-rw-r--r--src/Protocol/Protocol_1_9.cpp2
-rw-r--r--src/Protocol/Protocol_1_9.h4
6 files changed, 42 insertions, 16 deletions
diff --git a/src/Protocol/Authenticator.cpp b/src/Protocol/Authenticator.cpp
index d46127d34..445a3dff5 100644
--- a/src/Protocol/Authenticator.cpp
+++ b/src/Protocol/Authenticator.cpp
@@ -11,7 +11,7 @@
#include "../IniFile.h"
#include "json/json.h"
-#include "PolarSSL++/BlockingSslClientSocket.h"
+#include "mbedTLS++/BlockingSslClientSocket.h"
diff --git a/src/Protocol/MojangAPI.cpp b/src/Protocol/MojangAPI.cpp
index 5a11356c1..0b14d1cac 100644
--- a/src/Protocol/MojangAPI.cpp
+++ b/src/Protocol/MojangAPI.cpp
@@ -1,4 +1,4 @@
-
+
// MojangAPI.cpp
// Implements the cMojangAPI class representing the various API points provided by Mojang's webservices, and a cache for their results
@@ -9,7 +9,8 @@
#include "SQLiteCpp/Statement.h"
#include "../IniFile.h"
#include "json/json.h"
-#include "PolarSSL++/BlockingSslClientSocket.h"
+#include "mbedTLS++/BlockingSslClientSocket.h"
+#include "mbedTLS++/SslConfig.h"
#include "../RankManager.h"
#include "../OSSupport/IsThread.h"
#include "../Root.h"
@@ -39,9 +40,9 @@ const int MAX_PER_QUERY = 100;
/** Returns the CA certificates that should be trusted for Mojang-related connections. */
-static const AString & GetCACerts(void)
+static cX509CertPtr GetCACerts(void)
{
- static const AString Cert(
+ static const char CertString[] =
// GeoTrust root CA cert
// Currently used for signing *.mojang.com's cert
// Exported from Mozilla Firefox's built-in CA repository
@@ -140,9 +141,33 @@ static const AString & GetCACerts(void)
"VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY\n"
"WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=\n"
"-----END CERTIFICATE-----\n"
- );
+ ;
+
+ static auto X509Cert = [&]()
+ {
+ auto Cert = std::make_shared<cX509Cert>();
+ VERIFY(0 == Cert->Parse(CertString, sizeof(CertString)));
+ return Cert;
+ }();
+
+ return X509Cert;
+}
- return Cert;
+
+
+
+
+/** Returns the config to be used for secure requests. */
+static std::shared_ptr<const cSslConfig> GetSslConfig()
+{
+ static const std::shared_ptr<const cSslConfig> Config = []()
+ {
+ auto Conf = cSslConfig::MakeDefaultConfig(true);
+ Conf->SetCACerts(GetCACerts());
+ Conf->SetAuthMode(eSslAuthMode::Required);
+ return Conf;
+ }();
+ return Config;
}
@@ -432,7 +457,8 @@ bool cMojangAPI::SecureRequest(const AString & a_ServerName, const AString & a_R
{
// Connect the socket:
cBlockingSslClientSocket Socket;
- Socket.SetTrustedRootCertsFromString(GetCACerts(), a_ServerName);
+ Socket.SetSslConfig(GetSslConfig());
+ Socket.SetExpectedPeerName(a_ServerName);
if (!Socket.Connect(a_ServerName, 443))
{
LOGWARNING("%s: Can't connect to %s: %s", __FUNCTION__, a_ServerName.c_str(), Socket.GetLastErrorText().c_str());
@@ -452,13 +478,13 @@ bool cMojangAPI::SecureRequest(const AString & a_ServerName, const AString & a_R
{
int ret = Socket.Receive(buf, sizeof(buf));
- if ((ret == POLARSSL_ERR_NET_WANT_READ) || (ret == POLARSSL_ERR_NET_WANT_WRITE))
+ if ((ret == MBEDTLS_ERR_SSL_WANT_READ) || (ret == MBEDTLS_ERR_SSL_WANT_WRITE))
{
// This value should never be returned, it is handled internally by cBlockingSslClientSocket
LOGWARNING("%s: SSL reading failed internally", __FUNCTION__);
return false;
}
- if (ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
{
break;
}
diff --git a/src/Protocol/Protocol_1_8.cpp b/src/Protocol/Protocol_1_8.cpp
index c77af1029..7f4b074ce 100644
--- a/src/Protocol/Protocol_1_8.cpp
+++ b/src/Protocol/Protocol_1_8.cpp
@@ -11,7 +11,7 @@ Implements the 1.8 protocol classes:
#include "json/json.h"
#include "Protocol_1_8.h"
#include "ChunkDataSerializer.h"
-#include "PolarSSL++/Sha1Checksum.h"
+#include "mbedTLS++/Sha1Checksum.h"
#include "Packetizer.h"
#include "../ClientHandle.h"
diff --git a/src/Protocol/Protocol_1_8.h b/src/Protocol/Protocol_1_8.h
index b04e5c5f0..d3d0daf0a 100644
--- a/src/Protocol/Protocol_1_8.h
+++ b/src/Protocol/Protocol_1_8.h
@@ -29,8 +29,8 @@ Declares the 1.8 protocol classes:
#pragma warning(pop)
#endif
-#include "PolarSSL++/AesCfb128Decryptor.h"
-#include "PolarSSL++/AesCfb128Encryptor.h"
+#include "mbedTLS++/AesCfb128Decryptor.h"
+#include "mbedTLS++/AesCfb128Encryptor.h"
diff --git a/src/Protocol/Protocol_1_9.cpp b/src/Protocol/Protocol_1_9.cpp
index c6e007984..c440a94ca 100644
--- a/src/Protocol/Protocol_1_9.cpp
+++ b/src/Protocol/Protocol_1_9.cpp
@@ -17,7 +17,7 @@ Implements the 1.9 protocol classes:
#include "json/json.h"
#include "Protocol_1_9.h"
#include "ChunkDataSerializer.h"
-#include "PolarSSL++/Sha1Checksum.h"
+#include "mbedTLS++/Sha1Checksum.h"
#include "Packetizer.h"
#include "../ClientHandle.h"
diff --git a/src/Protocol/Protocol_1_9.h b/src/Protocol/Protocol_1_9.h
index b4fdc7f67..3fbbe86da 100644
--- a/src/Protocol/Protocol_1_9.h
+++ b/src/Protocol/Protocol_1_9.h
@@ -35,8 +35,8 @@ Declares the 1.9 protocol classes:
#pragma warning(pop)
#endif
-#include "PolarSSL++/AesCfb128Decryptor.h"
-#include "PolarSSL++/AesCfb128Encryptor.h"
+#include "mbedTLS++/AesCfb128Decryptor.h"
+#include "mbedTLS++/AesCfb128Encryptor.h"