mirror of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git
synced 2024-11-26 13:31:00 +00:00
webrtc: add support for insecure tls connections
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1553>
This commit is contained in:
Robert Ayrapetyan
parent
c282bc1bca
commit
bac5845be1
1 changed files with 42 additions and 9 deletions
|
|
@ -24,6 +24,8 @@ use url::Url;
|
||||||
|
|
||||||
use super::CAT;
|
use super::CAT;
|
||||||
|
|
||||||
|
const DEFAULT_INSECURE_TLS: bool = false;
|
||||||
|
|
||||||
#[derive(Debug, Eq, PartialEq, Clone, Copy, glib::Enum, Default)]
|
#[derive(Debug, Eq, PartialEq, Clone, Copy, glib::Enum, Default)]
|
||||||
#[repr(u32)]
|
#[repr(u32)]
|
||||||
#[enum_type(name = "GstRSWebRTCSignallerRole")]
|
#[enum_type(name = "GstRSWebRTCSignallerRole")]
|
||||||
|
|
@ -40,6 +42,7 @@ pub struct Settings {
|
||||||
cafile: Option<String>,
|
cafile: Option<String>,
|
||||||
role: WebRTCSignallerRole,
|
role: WebRTCSignallerRole,
|
||||||
headers: Option<gst::Structure>,
|
headers: Option<gst::Structure>,
|
||||||
|
insecure_tls: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for Settings {
|
impl Default for Settings {
|
||||||
|
|
@ -50,6 +53,7 @@ impl Default for Settings {
|
||||||
cafile: Default::default(),
|
cafile: Default::default(),
|
||||||
role: Default::default(),
|
role: Default::default(),
|
||||||
headers: None,
|
headers: None,
|
||||||
|
insecure_tls: DEFAULT_INSECURE_TLS,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -107,23 +111,36 @@ impl Signaller {
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn connect(&self) -> Result<(), Error> {
|
async fn connect(&self) -> Result<(), Error> {
|
||||||
let obj = self.obj();
|
let (cafile, insecure_tls, role) = {
|
||||||
|
let settings = self.settings.lock().unwrap();
|
||||||
|
(
|
||||||
|
settings.cafile.clone(),
|
||||||
|
settings.insecure_tls,
|
||||||
|
settings.role,
|
||||||
|
)
|
||||||
|
};
|
||||||
|
|
||||||
let role = self.settings.lock().unwrap().role;
|
|
||||||
if let super::WebRTCSignallerRole::Consumer = role {
|
if let super::WebRTCSignallerRole::Consumer = role {
|
||||||
self.producer_peer_id()
|
self.producer_peer_id()
|
||||||
.ok_or_else(|| anyhow!("No target producer peer id set"))?;
|
.ok_or_else(|| anyhow!("No target producer peer id set"))?;
|
||||||
}
|
}
|
||||||
|
|
||||||
let connector = if let Some(path) = obj.property::<Option<String>>("cafile") {
|
let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
|
||||||
|
|
||||||
|
if let Some(path) = cafile {
|
||||||
let cert = tokio::fs::read_to_string(&path).await?;
|
let cert = tokio::fs::read_to_string(&path).await?;
|
||||||
let cert = tokio_native_tls::native_tls::Certificate::from_pem(cert.as_bytes())?;
|
let cert = tokio_native_tls::native_tls::Certificate::from_pem(cert.as_bytes())?;
|
||||||
let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
|
connector_builder.add_root_certificate(cert);
|
||||||
let connector = connector_builder.add_root_certificate(cert).build()?;
|
}
|
||||||
Some(tokio_native_tls::TlsConnector::from(connector))
|
|
||||||
} else {
|
if insecure_tls {
|
||||||
None
|
connector_builder.danger_accept_invalid_certs(true);
|
||||||
};
|
gst::warning!(CAT, imp: self, "insecure tls connections are allowed");
|
||||||
|
}
|
||||||
|
|
||||||
|
let connector = Some(tokio_native_tls::TlsConnector::from(
|
||||||
|
connector_builder.build()?,
|
||||||
|
));
|
||||||
|
|
||||||
let mut uri = self.uri();
|
let mut uri = self.uri();
|
||||||
uri.set_query(None);
|
uri.set_query(None);
|
||||||
|
|
@ -522,6 +539,17 @@ impl ObjectImpl for Signaller {
|
||||||
.blurb("HTTP headers sent during the connection handshake")
|
.blurb("HTTP headers sent during the connection handshake")
|
||||||
.flags(glib::ParamFlags::READWRITE)
|
.flags(glib::ParamFlags::READWRITE)
|
||||||
.build(),
|
.build(),
|
||||||
|
/**
|
||||||
|
* GstWebRTCSignaller::insecure-tls:
|
||||||
|
*
|
||||||
|
* Enables insecure TLS connections. Disabled by default.
|
||||||
|
*/
|
||||||
|
glib::ParamSpecBoolean::builder("insecure-tls")
|
||||||
|
.nick("Insecure TLS")
|
||||||
|
.blurb("Whether insecure TLS connections are allowed")
|
||||||
|
.default_value(DEFAULT_INSECURE_TLS)
|
||||||
|
.flags(glib::ParamFlags::READWRITE)
|
||||||
|
.build(),
|
||||||
]
|
]
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -565,6 +593,10 @@ impl ObjectImpl for Signaller {
|
||||||
.get::<Option<gst::Structure>>()
|
.get::<Option<gst::Structure>>()
|
||||||
.expect("type checked upstream")
|
.expect("type checked upstream")
|
||||||
}
|
}
|
||||||
|
"insecure-tls" => {
|
||||||
|
self.settings.lock().unwrap().insecure_tls =
|
||||||
|
value.get::<bool>().expect("type checked upstream")
|
||||||
|
}
|
||||||
_ => unimplemented!(),
|
_ => unimplemented!(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -588,6 +620,7 @@ impl ObjectImpl for Signaller {
|
||||||
"role" => settings.role.to_value(),
|
"role" => settings.role.to_value(),
|
||||||
"client-id" => self.state.lock().unwrap().client_id.to_value(),
|
"client-id" => self.state.lock().unwrap().client_id.to_value(),
|
||||||
"headers" => settings.headers.to_value(),
|
"headers" => settings.headers.to_value(),
|
||||||
|
"insecure-tls" => settings.insecure_tls.to_value(),
|
||||||
_ => unimplemented!(),
|
_ => unimplemented!(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue