mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2025-02-08 23:42:28 +00:00
Code Issues 1 Projects Releases Wiki Activity

Don't use strict ssl certificate checking for localhost

Browse source 
When using localhost signalling servers, we don't want to use
strict ssl because it's probably using a self-signed certificate
and there's no need to do certificate checking over localhost anyway.
This commit is contained in:
Nirbheek Chauhan 2018-03-31 10:27:05 +05:30
parent 0e1be2a63f
commit 82314cabbb
2 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c
View file

@ -49,6 +49,7 @@ static const gchar *default_server_url = "wss://webrtc.nirbheek.in:8443";
static gchar *server_url = NULL; static gchar *server_url = NULL;
static gchar *local_id = NULL; static gchar *local_id = NULL;
static gchar *room_id = NULL; static gchar *room_id = NULL;
static gboolean strict_ssl = TRUE;
static GOptionEntry entries[] = static GOptionEntry entries[] =
{ {
@ -871,7 +872,7 @@ connect_to_websocket_server_async (void)
SoupSession *session; SoupSession *session;
const char *https_aliases[] = {"wss", NULL}; const char *https_aliases[] = {"wss", NULL};
session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE, session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl,
SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
//SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt", //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt",
SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL); SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL);
@ -947,6 +948,16 @@ main (int argc, char *argv[])
if (!server_url) if (!server_url)
server_url = g_strdup (default_server_url); server_url = g_strdup (default_server_url);
/* Don't use strict ssl when running a localhost server, because
* it's probably a test server with a self-signed certificate */
{
GstUri *uri = gst_uri_from_string (server_url);
if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 ||
g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0)
strict_ssl = FALSE;
gst_uri_unref (uri);
}
loop = g_main_loop_new (NULL, FALSE); loop = g_main_loop_new (NULL, FALSE);
connect_to_websocket_server_async (); connect_to_websocket_server_async ();

13
webrtc/sendrecv/gst/webrtc-sendrecv.c
View file

@ -45,6 +45,7 @@ static SoupWebsocketConnection *ws_conn = NULL;
static enum AppState app_state = 0; static enum AppState app_state = 0;
static const gchar *peer_id = NULL; static const gchar *peer_id = NULL;
static const gchar *server_url = "wss://webrtc.nirbheek.in:8443"; static const gchar *server_url = "wss://webrtc.nirbheek.in:8443";
static gboolean strict_ssl = TRUE;
static GOptionEntry entries[] = static GOptionEntry entries[] =
{ {
@ -566,7 +567,7 @@ connect_to_websocket_server_async (void)
SoupSession *session; SoupSession *session;
const char *https_aliases[] = {"wss", NULL}; const char *https_aliases[] = {"wss", NULL};
session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE, session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl,
SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
//SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt", //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt",
SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL); SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL);
@ -631,6 +632,16 @@ main (int argc, char *argv[])
return -1; return -1;
} }
/* Don't use strict ssl when running a localhost server, because
* it's probably a test server with a self-signed certificate */
{
GstUri *uri = gst_uri_from_string (server_url);
if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 ||
g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0)
strict_ssl = FALSE;
gst_uri_unref (uri);
}
loop = g_main_loop_new (NULL, FALSE); loop = g_main_loop_new (NULL, FALSE);
connect_to_websocket_server_async (); connect_to_websocket_server_async ();