From 82314cabbb10fc338adf860e0276d067a76f2d92 Mon Sep 17 00:00:00 2001 From: Nirbheek Chauhan Date: Sat, 31 Mar 2018 10:27:05 +0530 Subject: [PATCH] Don't use strict ssl certificate checking for localhost When using localhost signalling servers, we don't want to use strict ssl because it's probably using a self-signed certificate and there's no need to do certificate checking over localhost anyway. --- webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c | 13 ++++++++++++- webrtc/sendrecv/gst/webrtc-sendrecv.c | 13 ++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c b/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c index b0ab698bc2..413c83298d 100644 --- a/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c +++ b/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c @@ -49,6 +49,7 @@ static const gchar *default_server_url = "wss://webrtc.nirbheek.in:8443"; static gchar *server_url = NULL; static gchar *local_id = NULL; static gchar *room_id = NULL; +static gboolean strict_ssl = TRUE; static GOptionEntry entries[] = { @@ -871,7 +872,7 @@ connect_to_websocket_server_async (void) SoupSession *session; const char *https_aliases[] = {"wss", NULL}; - session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE, + session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt", SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL); @@ -947,6 +948,16 @@ main (int argc, char *argv[]) if (!server_url) server_url = g_strdup (default_server_url); + /* Don't use strict ssl when running a localhost server, because + * it's probably a test server with a self-signed certificate */ + { + GstUri *uri = gst_uri_from_string (server_url); + if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 || + g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0) + strict_ssl = FALSE; + gst_uri_unref (uri); + } + loop = g_main_loop_new (NULL, FALSE); connect_to_websocket_server_async (); diff --git a/webrtc/sendrecv/gst/webrtc-sendrecv.c b/webrtc/sendrecv/gst/webrtc-sendrecv.c index f48e27a2d1..607732e9d9 100644 --- a/webrtc/sendrecv/gst/webrtc-sendrecv.c +++ b/webrtc/sendrecv/gst/webrtc-sendrecv.c @@ -45,6 +45,7 @@ static SoupWebsocketConnection *ws_conn = NULL; static enum AppState app_state = 0; static const gchar *peer_id = NULL; static const gchar *server_url = "wss://webrtc.nirbheek.in:8443"; +static gboolean strict_ssl = TRUE; static GOptionEntry entries[] = { @@ -566,7 +567,7 @@ connect_to_websocket_server_async (void) SoupSession *session; const char *https_aliases[] = {"wss", NULL}; - session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE, + session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt", SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL); @@ -631,6 +632,16 @@ main (int argc, char *argv[]) return -1; } + /* Don't use strict ssl when running a localhost server, because + * it's probably a test server with a self-signed certificate */ + { + GstUri *uri = gst_uri_from_string (server_url); + if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 || + g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0) + strict_ssl = FALSE; + gst_uri_unref (uri); + } + loop = g_main_loop_new (NULL, FALSE); connect_to_websocket_server_async ();