mirror of
https://git.eden-emu.dev/eden-emu/eden
synced 2026-07-01 17:55:23 +02:00
[bsd, ssl] force ssl verify option to be 0 and other fixes (#3386)
JackBox games broke again, this makes it work again. Forces Verify Option to be 0 Reviewed-on: https://git.eden-emu.dev/eden-emu/eden/pulls/3386 Reviewed-by: crueter <crueter@eden-emu.dev> Reviewed-by: MaranBr <maranbr@eden-emu.dev> Co-authored-by: Maufeat <sahyno1996@gmail.com> Co-committed-by: Maufeat <sahyno1996@gmail.com>
This commit is contained in:
parent
eb7f74ce97
commit
7396149ab1
10 changed files with 110 additions and 26 deletions
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-FileCopyrightText: Copyright 2025 Eden Emulator Project
|
||||
// SPDX-FileCopyrightText: Copyright 2026 Eden Emulator Project
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
// SPDX-FileCopyrightText: Copyright 2018 yuzu Emulator Project
|
||||
|
|
@ -116,6 +116,8 @@ public:
|
|||
|
||||
RegisterHandlers(functions);
|
||||
|
||||
backend->SetVerifyOption(verify_option);
|
||||
|
||||
shared_data->connection_count++;
|
||||
}
|
||||
|
||||
|
|
@ -150,6 +152,7 @@ private:
|
|||
std::shared_ptr<Network::SocketBase> socket;
|
||||
std::vector<u8> next_alpn_proto;
|
||||
bool did_handshake = false;
|
||||
u32 verify_option = 0;
|
||||
|
||||
Result SetSocketDescriptorImpl(s32* out_fd, s32 fd) {
|
||||
LOG_DEBUG(Service_SSL, "called, fd={}", fd);
|
||||
|
|
@ -190,7 +193,9 @@ private:
|
|||
|
||||
Result SetVerifyOptionImpl(u32 option) {
|
||||
ASSERT(!did_handshake);
|
||||
LOG_WARNING(Service_SSL, "(STUBBED) called. option={}", option);
|
||||
LOG_DEBUG(Service_SSL, "called. option={} (forcing 0)", option);
|
||||
verify_option = 0;
|
||||
backend->SetVerifyOption(0);
|
||||
return ResultSuccess;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
// SPDX-FileCopyrightText: Copyright 2026 Eden Emulator Project
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
// SPDX-FileCopyrightText: Copyright 2023 yuzu Emulator Project
|
||||
// SPDX-License-Identifier: GPL-2.0-or-later
|
||||
|
||||
|
|
@ -34,6 +37,7 @@ public:
|
|||
virtual ~SSLConnectionBackend() {}
|
||||
virtual void SetSocket(std::shared_ptr<Network::SocketBase> socket) = 0;
|
||||
virtual Result SetHostName(const std::string& hostname) = 0;
|
||||
virtual void SetVerifyOption(u32 option) = 0;
|
||||
virtual Result DoHandshake() = 0;
|
||||
virtual Result Read(size_t* out_size, std::span<u8> data) = 0;
|
||||
virtual Result Write(size_t* out_size, std::span<const u8> data) = 0;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-FileCopyrightText: Copyright 2025 Eden Emulator Project
|
||||
// SPDX-FileCopyrightText: Copyright 2026 Eden Emulator Project
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
// SPDX-FileCopyrightText: Copyright 2023 yuzu Emulator Project
|
||||
|
|
@ -158,9 +158,11 @@ public:
|
|||
}
|
||||
|
||||
Result SetHostName(const std::string& hostname) override {
|
||||
if (!SSL_set1_host(ssl, hostname.c_str())) { // hostname for verification
|
||||
LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname);
|
||||
return CheckOpenSSLErrors();
|
||||
if (!skip_cert_verification) {
|
||||
if (!SSL_set1_host(ssl, hostname.c_str())) {
|
||||
LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname);
|
||||
return CheckOpenSSLErrors();
|
||||
}
|
||||
}
|
||||
if (!SSL_set_tlsext_host_name(ssl, hostname.c_str())) { // hostname for SNI
|
||||
LOG_ERROR(Service_SSL, "SSL_set_tlsext_host_name({}) failed", hostname);
|
||||
|
|
@ -169,15 +171,32 @@ public:
|
|||
return ResultSuccess;
|
||||
}
|
||||
|
||||
void SetVerifyOption(u32 option) override {
|
||||
skip_cert_verification = (option == 0);
|
||||
LOG_WARNING(Service_SSL, "option={} skip_verification={}", option,
|
||||
skip_cert_verification);
|
||||
if (skip_cert_verification) {
|
||||
SSL_set_verify(ssl, SSL_VERIFY_NONE, nullptr);
|
||||
SSL_set1_host(ssl, nullptr);
|
||||
SSL_set_hostflags(ssl, 0);
|
||||
} else {
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, nullptr);
|
||||
}
|
||||
}
|
||||
|
||||
Result DoHandshake() override {
|
||||
SSL_set_verify_result(ssl, X509_V_OK);
|
||||
const int ret = SSL_do_handshake(ssl);
|
||||
const long verify_result = SSL_get_verify_result(ssl);
|
||||
if (verify_result != X509_V_OK) {
|
||||
LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}",
|
||||
X509_verify_cert_error_string(verify_result));
|
||||
return CheckOpenSSLErrors();
|
||||
|
||||
if (!skip_cert_verification) {
|
||||
const long verify_result = SSL_get_verify_result(ssl);
|
||||
if (verify_result != X509_V_OK) {
|
||||
LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}",
|
||||
X509_verify_cert_error_string(verify_result));
|
||||
return CheckOpenSSLErrors();
|
||||
}
|
||||
}
|
||||
|
||||
if (ret <= 0) {
|
||||
const int ssl_err = SSL_get_error(ssl, ret);
|
||||
if (ssl_err == SSL_ERROR_ZERO_RETURN ||
|
||||
|
|
@ -328,6 +347,7 @@ public:
|
|||
SSL* ssl = nullptr;
|
||||
BIO* bio = nullptr;
|
||||
bool got_read_eof = false;
|
||||
bool skip_cert_verification = false;
|
||||
|
||||
std::shared_ptr<Network::SocketBase> socket;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-FileCopyrightText: Copyright 2025 Eden Emulator Project
|
||||
// SPDX-FileCopyrightText: Copyright 2026 Eden Emulator Project
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
// SPDX-FileCopyrightText: Copyright 2023 yuzu Emulator Project
|
||||
|
|
@ -89,6 +89,12 @@ public:
|
|||
return ResultSuccess;
|
||||
}
|
||||
|
||||
void SetVerifyOption(u32 option) override {
|
||||
skip_cert_verification = (option == 0);
|
||||
LOG_WARNING(Service_SSL, "option={} skip_verification={}", option,
|
||||
skip_cert_verification);
|
||||
}
|
||||
|
||||
Result DoHandshake() override {
|
||||
while (1) {
|
||||
Result r;
|
||||
|
|
@ -175,10 +181,15 @@ public:
|
|||
}
|
||||
|
||||
Result CallInitializeSecurityContext() {
|
||||
const unsigned long req = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY |
|
||||
ISC_REQ_INTEGRITY | ISC_REQ_REPLAY_DETECT |
|
||||
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_STREAM |
|
||||
ISC_REQ_USE_SUPPLIED_CREDS;
|
||||
unsigned long req = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY |
|
||||
ISC_REQ_INTEGRITY | ISC_REQ_REPLAY_DETECT |
|
||||
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_STREAM |
|
||||
ISC_REQ_USE_SUPPLIED_CREDS;
|
||||
|
||||
if (skip_cert_verification) {
|
||||
req |= ISC_REQ_MANUAL_CRED_VALIDATION;
|
||||
}
|
||||
|
||||
unsigned long attr;
|
||||
// https://learn.microsoft.com/en-us/windows/win32/secauthn/initializesecuritycontext--schannel
|
||||
std::array<SecBuffer, 2> input_buffers{{
|
||||
|
|
@ -536,6 +547,7 @@ public:
|
|||
std::vector<u8> cleartext_write_buf;
|
||||
|
||||
bool got_read_eof = false;
|
||||
bool skip_cert_verification = false;
|
||||
size_t read_buf_fill_size = 0;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
// SPDX-FileCopyrightText: Copyright 2026 Eden Emulator Project
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
// SPDX-FileCopyrightText: Copyright 2023 yuzu Emulator Project
|
||||
// SPDX-License-Identifier: GPL-2.0-or-later
|
||||
|
||||
|
|
@ -98,8 +101,23 @@ public:
|
|||
return ResultSuccess;
|
||||
}
|
||||
|
||||
void SetVerifyOption(u32 option) override {
|
||||
skip_cert_verification = (option == 0);
|
||||
LOG_WARNING(Service_SSL, "option={} skip_verification={}", option,
|
||||
skip_cert_verification);
|
||||
if (skip_cert_verification) {
|
||||
SSLSetSessionOption(context, kSSLSessionOptionBreakOnServerAuth, true);
|
||||
}
|
||||
}
|
||||
|
||||
Result DoHandshake() override {
|
||||
OSStatus status = SSLHandshake(context);
|
||||
|
||||
if (skip_cert_verification && status == errSSLServerAuthCompleted) {
|
||||
LOG_DEBUG(Service_SSL, "Skipping certificate verification as requested");
|
||||
status = SSLHandshake(context);
|
||||
}
|
||||
|
||||
return HandleReturn("SSLHandshake", 0, status);
|
||||
}
|
||||
|
||||
|
|
@ -201,6 +219,7 @@ public:
|
|||
private:
|
||||
CFReleaser<SSLContextRef> context = nullptr;
|
||||
bool got_read_eof = false;
|
||||
bool skip_cert_verification = false;
|
||||
|
||||
std::shared_ptr<Network::SocketBase> socket;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue