Add --disable-ssl option to simple-server.py

2024-11-11 20:01:35 +00:00 · 2018-06-06 12:42:07 -04:00 · 2018-06-06 12:42:07 -04:00 · 83b9c4efd7
commit 83b9c4efd7
parent bb56d6eab7
2 changed files with 22 additions and 24 deletions
--- a/webrtc/signalling/Dockerfile
+++ b/webrtc/signalling/Dockerfile
@ -5,9 +5,4 @@ RUN pip3 install --user websockets
 WORKDIR /opt/
 COPY . /opt/

-RUN sed -i 's/sslctx.load_cert_chain(chain_pem, keyfile=key_pem)/pass/g' \
-    ./simple-server.py
-RUN sed -i 's/ssl=sslctx,//g' \
-    ./simple-server.py
-
-CMD python -u ./simple-server.py
+CMD python -u ./simple-server.py --disable-ssl
--- a/webrtc/signalling/simple-server.py
+++ b/webrtc/signalling/simple-server.py
@ -22,6 +22,7 @@ parser.add_argument('--addr', default='0.0.0.0', help='Address to listen on')
 parser.add_argument('--port', default=8443, type=int, help='Port to listen on')
 parser.add_argument('--keepalive-timeout', dest='keepalive_timeout', default=30, type=int, help='Timeout for keepalive (in seconds)')
 parser.add_argument('--cert-path', default=os.path.dirname(__file__))
+parser.add_argument('--disable-ssl', default=False, help='Disable ssl', action='store_true')

 options = parser.parse_args(sys.argv[1:])

@ -239,25 +240,27 @@ async def handler(ws, path):
    finally:
        await remove_peer(peer_id)

-# Create an SSL context to be used by the websocket server
-certpath = options.cert_path
-print('Using TLS with keys in {!r}'.format(certpath))
-if 'letsencrypt' in certpath:
+sslctx = None
+if not options.disable_ssl:
+    # Create an SSL context to be used by the websocket server
+    certpath = options.cert_path
+    print('Using TLS with keys in {!r}'.format(certpath))
+    if 'letsencrypt' in certpath:
        chain_pem = os.path.join(certpath, 'fullchain.pem')
        key_pem = os.path.join(certpath, 'privkey.pem')
-else:
+    else:
        chain_pem = os.path.join(certpath, 'cert.pem')
        key_pem = os.path.join(certpath, 'key.pem')

-sslctx = ssl.create_default_context()
-try:
+    sslctx = ssl.create_default_context()
+    try:
        sslctx.load_cert_chain(chain_pem, keyfile=key_pem)
-except FileNotFoundError:
+    except FileNotFoundError:
        print("Certificates not found, did you run generate_cert.sh?")
        sys.exit(1)
-# FIXME
-sslctx.check_hostname = False
-sslctx.verify_mode = ssl.CERT_NONE
+    # FIXME
+    sslctx.check_hostname = False
+    sslctx.verify_mode = ssl.CERT_NONE

 print("Listening on https://{}:{}".format(*ADDR_PORT))
 # Websocket server