From 97c49c6f294a0b7e931be2692c124bd78fc79946 Mon Sep 17 00:00:00 2001 From: Mattes D Date: Tue, 9 May 2023 19:59:15 +0200 Subject: cTCPLink and cUrlClient accept list of trusted root CAs for TLS. --- Server/Plugins/APIDump/Classes/Network.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'Server') diff --git a/Server/Plugins/APIDump/Classes/Network.lua b/Server/Plugins/APIDump/Classes/Network.lua index 574a6a351..47c9f57ae 100644 --- a/Server/Plugins/APIDump/Classes/Network.lua +++ b/Server/Plugins/APIDump/Classes/Network.lua @@ -528,6 +528,10 @@ g_Server = nil Name = "OwnPrivateKeyPassword", Type = "string", }, + { + Name = "TrustedRootCAs", + Type = "string", + }, }, Returns = { @@ -541,7 +545,7 @@ g_Server = nil IsOptional = true, }, }, - Notes = "Starts a TLS handshake on the link, as a client side of the TLS. The Own___ parameters specify the client certificate and its corresponding private key and password; all three parameters are optional and no client certificate is presented to the remote peer if they are not used or all empty. Once the TLS handshake is started by this call, all incoming data is first decrypted before being sent to the OnReceivedData callback, and all outgoing data is queued until the TLS handshake completes, and then sent encrypted over the link. Returns true on success, nil and optional error message on immediate failure.
NOTE: The TLS support in the API is currently experimental and shouldn't be considered safe - there's no peer certificate verification and the error reporting is only basic.", + Notes = "Starts a TLS handshake on the link, as a client side of the TLS. The Own___ parameters specify the client certificate and its corresponding private key and password; all three parameters are optional and no client certificate is presented to the remote peer if they are not used or all empty. Once the TLS handshake is started by this call, all incoming data is first decrypted before being sent to the OnReceivedData callback, and all outgoing data is queued until the TLS handshake completes, and then sent encrypted over the link. Returns true on success, nil and optional error message on immediate failure.
The TrustedRootCAs is a string containing all certificates that should be trusted, in PEM format, concatenated and separated by a newline.NOTE: If TrustedRootCAs is empty or nil, the server's certificate will NOT be verified, which is UNSAFE!", }, StartTLSServer = { @@ -1123,6 +1127,7 @@ end OwnCertThe client certificate to use, if requested by the server. A string containing a PEM- or DER-encoded cert is expected. OwnPrivKeyThe private key appropriate for OwnCert. A string containing a PEM- or DER-encoded private key is expected. OwnPrivKeyPasswordThe password for OwnPrivKey. If not present or empty, no password is assumed. + TrustedRootCAsThe certificates of the Root CAs that are to be trusted, encoded in PEM format. Multiple certificates can be used by concatenating the certificates, separating them by newlines. If this option is not present or empty, the request will NOT check the server's certificate, which is UNSAFE!

Redirection: -- cgit v1.2.3