If no StreamPeerTLS implementation is available, HTTPClient and
WebSocketPeer will now correctly refuse to connect using TLS returning
ERR_UNAVAILABLE.
Similarly, ENetConnection will refuse to setup DTLS when PacketPeerDTLS
is not available.
> The 4.4.0 release is a minor release with image quality improvements,
> a small performance boost, a few new quality-of-life features, and a
> few minor fixes for uncommon build configurations.
https://github.com/ARM-software/astc-encoder/releases/tag/4.4.0
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).
Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
Use a TLSOptions configuration object which is created via static
functions.
- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)
This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
For some reason it doesn't use the POSIX `poll.h`, instead resorting to
`sys/poll.h`. Musl doesn't really like this at all, throwing a warning
and, thus, halting compilation.
Security update, fixes CVE-2022-37434 in zlib.
Only applications exposing/using `inflateGetHeader()` seem to be affected,
which is not our case, so this is not critical for Godot.
Remove duplicated copy of zlib in freetype sources to force using the updated
version in `thirdparty/zlib/`.
Co-authored-by: Rémi Verschelde <rverschelde@gmail.com>
As many open source projects have started doing it, we're removing the
current year from the copyright notice, so that we don't need to bump
it every year.
It seems like only the first year of publication is technically
relevant for copyright notices, and even that seems to be something
that many companies stopped listing altogether (in a version controlled
codebase, the commits are a much better source of date of publication
than a hardcoded copyright statement).
We also now list Godot Engine contributors first as we're collectively
the current maintainers of the project, and we clarify that the
"exclusive" copyright of the co-founders covers the timespan before
opensourcing (their further contributions are included as part of Godot
Engine contributors).
Also fixed "cf." Frenchism - it's meant as "refer to / see".
