Godot Version
<> godot --version
4.4.1.stable.arch_linux
Question
I am following godot documentation https://docs.godotengine.org/en/stable/tutorials/networking/http_request_class.html this code:
extends Control
@onready var req :HTTPRequest = %HTTPRequest
func _ready():
req.request("https://api.github.com/repos/godotengine/godot/releases/latest")
func _on_request_completed(result, response_code, header, body):
print("result: {0}\n\nresponse code: {1}\n\nheader: {2}\n\nbody: {3}".format([result, response_code, header, body]))
is basically the same as in documentation except some minor changes. This is what is being printed:
Godot Engine v4.4.1.stable.arch_linux - https://godotengine.org
OpenGL API 4.6 (Core Profile) Mesa 25.2.0-arch1.1 - Compatibility - Using Device: Intel - Mesa Intel(R) HD Graphics 530 (SKL GT2)
result: 5
response code: 0
header: []
body: []
and also this debug error:
E 0:00:02:960 _do_handshake: TLS handshake error: -27648
<C++ Source> modules/mbedtls/stream_peer_mbedtls.cpp:88 @ _do_handshake()
apparently godot is not using my system default TLS certificates. I also tried req.request("https://api.github.com/repos/godotengine/godot/releases/latest", PackedStringArray(), HTTPClient.METHOD_GET), same result.
I tried yanking
/etc/ca-certificates/extracted/cadir/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
/etc/ca-certificates/extracted/cadir/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
/etc/ca-certificates/extracted/cadir/DigiCert_TLS_ECC_P384_Root_G5.pem
/etc/ca-certificates/extracted/cadir/DigiCert_TLS_RSA4096_Root_G5.pem
/etc/ca-certificates/extracted/cadir/HARICA_TLS_ECC_Root_CA_2021.pem
/etc/ca-certificates/extracted/cadir/HARICA_TLS_RSA_Root_CA_2021.pem
/etc/ca-certificates/extracted/cadir/SSL.com_TLS_ECC_Root_CA_2022.pem
/etc/ca-certificates/extracted/cadir/SSL.com_TLS_RSA_Root_CA_2022.pem
/etc/ca-certificates/extracted/cadir/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem
/etc/ca-certificates/extracted/cadir/Telekom_Security_TLS_ECC_Root_2020.pem
/etc/ca-certificates/extracted/cadir/Telekom_Security_TLS_RSA_Root_2023.pem
/etc/ca-certificates/extracted/cadir/tls-ca-bundle.pem
/etc/ca-certificates/extracted/cadir/TrustAsia_TLS_ECC_Root_CA.pem
/etc/ca-certificates/extracted/cadir/TrustAsia_TLS_RSA_Root_CA.pem
to my project directory and then
renamed 'Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem' -> 'Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt'
renamed 'Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem' -> 'Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt'
renamed 'DigiCert_TLS_ECC_P384_Root_G5.pem' -> 'DigiCert_TLS_ECC_P384_Root_G5.crt'
renamed 'DigiCert_TLS_RSA4096_Root_G5.pem' -> 'DigiCert_TLS_RSA4096_Root_G5.crt'
renamed 'HARICA_TLS_ECC_Root_CA_2021.pem' -> 'HARICA_TLS_ECC_Root_CA_2021.crt'
renamed 'HARICA_TLS_RSA_Root_CA_2021.pem' -> 'HARICA_TLS_RSA_Root_CA_2021.crt'
renamed 'SSL.com_TLS_ECC_Root_CA_2022.pem' -> 'SSL.com_TLS_ECC_Root_CA_2022.crt'
renamed 'SSL.com_TLS_RSA_Root_CA_2022.pem' -> 'SSL.com_TLS_RSA_Root_CA_2022.crt'
renamed 'SwissSign_RSA_TLS_Root_CA_2022_-_1.pem' -> 'SwissSign_RSA_TLS_Root_CA_2022_-_1.crt'
renamed 'Telekom_Security_TLS_ECC_Root_2020.pem' -> 'Telekom_Security_TLS_ECC_Root_2020.crt'
renamed 'Telekom_Security_TLS_RSA_Root_2023.pem' -> 'Telekom_Security_TLS_RSA_Root_2023.crt'
renamed 'tls-ca-bundle.pem' -> 'tls-ca-bundle.crt'
renamed 'TrustAsia_TLS_ECC_Root_CA.pem' -> 'TrustAsia_TLS_ECC_Root_CA.crt'
renamed 'TrustAsia_TLS_RSA_Root_CA.pem' -> 'TrustAsia_TLS_RSA_Root_CA.crt'
and changed _ready() like so:
func _ready():
var crt :X509Certificate
crt = load("res://I tried each *.crt which I previously yanked")
var tls :TLSOptions
tls = TLSOptions.client(crt)
req.set_tls_options(tls)
req.request("https://api.github.com/repos/godotengine/godot/releases/latest")
the debug error is different if i use req.set_tls_options but it’s the same for every *.crt:
E 0:00:02:698 _do_handshake: TLS handshake error: -9984
<C++ Source> modules/mbedtls/stream_peer_mbedtls.cpp:88 @ _do_handshake()
but the output is the same as not using req.set_tls_options.