mirrors/gst-plugins-rs
mirrors/gst-plugins-rs
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git synced 2024-11-26 05:21:00 +00:00
Code Issues Projects Releases Wiki Activity

webrtc: add support for insecure tls connections

Browse source 
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1553>
This commit is contained in:
Robert Ayrapetyan 2024-04-24 19:52:26 +00:00
parent c282bc1bca
commit bac5845be1
1 changed files with 42 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
net/webrtc/src/signaller/imp.rs
View file

@ -24,6 +24,8 @@ use url::Url;
use super::CAT;
const DEFAULT_INSECURE_TLS: bool = false;
#[derive(Debug, Eq, PartialEq, Clone, Copy, glib::Enum, Default)]
#[repr(u32)]
#[enum_type(name = "GstRSWebRTCSignallerRole")]
@ -40,6 +42,7 @@ pub struct Settings {
cafile: Option<String>,
role: WebRTCSignallerRole,
headers: Option<gst::Structure>,
insecure_tls: bool,
}
impl Default for Settings {
@ -50,6 +53,7 @@ impl Default for Settings {
cafile: Default::default(),
role: Default::default(),
headers: None,
insecure_tls: DEFAULT_INSECURE_TLS,
}
}
}
@ -107,23 +111,36 @@ impl Signaller {
}
async fn connect(&self) -> Result<(), Error> {
let obj = self.obj();
let (cafile, insecure_tls, role) = {
let settings = self.settings.lock().unwrap();
(
settings.cafile.clone(),
settings.insecure_tls,
settings.role,
)
};
let role = self.settings.lock().unwrap().role;
if let super::WebRTCSignallerRole::Consumer = role {
self.producer_peer_id()
.ok_or_else(|| anyhow!("No target producer peer id set"))?;
}
let connector = if let Some(path) = obj.property::<Option<String>>("cafile") {
let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
if let Some(path) = cafile {
let cert = tokio::fs::read_to_string(&path).await?;
let cert = tokio_native_tls::native_tls::Certificate::from_pem(cert.as_bytes())?;
let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
let connector = connector_builder.add_root_certificate(cert).build()?;
Some(tokio_native_tls::TlsConnector::from(connector))
} else {
None
};
connector_builder.add_root_certificate(cert);
}
if insecure_tls {
connector_builder.danger_accept_invalid_certs(true);
gst::warning!(CAT, imp: self, "insecure tls connections are allowed");
}
let connector = Some(tokio_native_tls::TlsConnector::from(
connector_builder.build()?,
));
let mut uri = self.uri();
uri.set_query(None);
@ -522,6 +539,17 @@ impl ObjectImpl for Signaller {
.blurb("HTTP headers sent during the connection handshake")
.flags(glib::ParamFlags::READWRITE)
.build(),
/**
* GstWebRTCSignaller::insecure-tls:
*
* Enables insecure TLS connections. Disabled by default.
*/
glib::ParamSpecBoolean::builder("insecure-tls")
.nick("Insecure TLS")
.blurb("Whether insecure TLS connections are allowed")
.default_value(DEFAULT_INSECURE_TLS)
.flags(glib::ParamFlags::READWRITE)
.build(),
]
});
@ -565,6 +593,10 @@ impl ObjectImpl for Signaller {
.get::<Option<gst::Structure>>()
.expect("type checked upstream")
}
"insecure-tls" => {
self.settings.lock().unwrap().insecure_tls =
value.get::<bool>().expect("type checked upstream")
}
_ => unimplemented!(),
}
}
@ -588,6 +620,7 @@ impl ObjectImpl for Signaller {
"role" => settings.role.to_value(),
"client-id" => self.state.lock().unwrap().client_id.to_value(),
"headers" => settings.headers.to_value(),
"insecure-tls" => settings.insecure_tls.to_value(),
_ => unimplemented!(),
}
}