Attention: Here be dragons
This is the latest
(unstable) version of this documentation, which may document features
not available in or compatible with released stable versions of Godot.
Checking the stable version of the documentation...
SSL/TLS certificates¶
前言¶
It is often desired to use SSL connections (also known as TLS connections) for communications to avoid "man in the middle" attacks. Godot has a connection wrapper, StreamPeerTLS, which can take a regular connection and add security around it. The HTTPClient and HTTPRequest classes also support HTTPS using this same wrapper.
Godot includes the SSL certificate bundle from Mozilla, but you can provide your own with a CRT file in the Project Settings:
Setting the TLS certificate bundle override project setting¶
When set, this file overrides the Mozilla certificate bundle Godot uses by default. This file should contain any number of public certificates in PEM format.
请记得在导出预设中将 *.crt 添加为非资源导出过滤器,这样导出器就会在导出项目时进行识别:
Adding *.crt to non-resource export filter in the export preset¶
获取证书有两种方法:
Generate a self-signed certificate¶
For most use cases, it's recommended to go through certificate authority as the process is free with certificate authorities such as Let's Encrypt. However, if using a certificate authority is not an option, then you can generate a self-signed certificate and tell the client to consider your self-signed certificate as trusted.
To create a self-signed certificate, generate a private and public key pair and add the public key (in PEM format) to the CRT file specified in the Project Settings.
警告
The private key should only go to your server. The client must not have access to it: otherwise, the security of the certificate will be compromised.
OpenSSL has some documentation about this. For local development purposes only, mkcert can be used as an alternative.