webrtc: add support for insecure tls connections

2024-05-12 13:22:46 +00:00 · 2024-04-24 19:52:26 +00:00 · 2024-04-24 19:52:26 +00:00 · b5014a01ac
parent 927c3fcdb6
commit b5014a01ac
1 changed files with 22 additions and 1 deletions
--- a/net/webrtc/src/signaller/imp.rs
+++ b/net/webrtc/src/signaller/imp.rs
@ -24,6 +24,8 @@ use url::Url;

 use super::CAT;

+const DEFAULT_INSECURE_TLS: bool = false;
+
 #[derive(Debug, Eq, PartialEq, Clone, Copy, glib::Enum, Default)]
 #[repr(u32)]
 #[enum_type(name = "GstRSWebRTCSignallerRole")]
@ -40,6 +42,7 @@ pub struct Settings {
    cafile: Option<String>,
    role: WebRTCSignallerRole,
    headers: Option<gst::Structure>,
+    insecure_tls: bool,
 }

 impl Default for Settings {
@ -50,6 +53,7 @@ impl Default for Settings {
            cafile: Default::default(),
            role: Default::default(),
            headers: None,
+            insecure_tls: DEFAULT_INSECURE_TLS,
        }
    }
 }
@ -115,12 +119,18 @@ impl Signaller {
                .ok_or_else(|| anyhow!("No target producer peer id set"))?;
        }

+        let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
        let connector = if let Some(path) = obj.property::<Option<String>>("cafile") {
            let cert = tokio::fs::read_to_string(&path).await?;
            let cert = tokio_native_tls::native_tls::Certificate::from_pem(cert.as_bytes())?;
-            let mut connector_builder = tokio_native_tls::native_tls::TlsConnector::builder();
            let connector = connector_builder.add_root_certificate(cert).build()?;
            Some(tokio_native_tls::TlsConnector::from(connector))
+        } else if obj.property::<bool>("insecure-tls") {
+            let connector = connector_builder
+                .danger_accept_invalid_certs(true)
+                .build()?;
+            gst::warning!(CAT, imp: self, "insecure tls connections are allowed");
+            Some(tokio_native_tls::TlsConnector::from(connector))
        } else {
            None
        };
@ -522,6 +532,12 @@ impl ObjectImpl for Signaller {
                    .blurb("HTTP headers sent during the connection handshake")
                    .flags(glib::ParamFlags::READWRITE)
                    .build(),
+                glib::ParamSpecBoolean::builder("insecure-tls")
+                    .nick("Insecure TLS")
+                    .blurb("Whether insecure TLS connections are allowed")
+                    .default_value(DEFAULT_INSECURE_TLS)
+                    .flags(glib::ParamFlags::READWRITE)
+                    .build(),
            ]
        });

@ -565,6 +581,10 @@ impl ObjectImpl for Signaller {
                    .get::<Option<gst::Structure>>()
                    .expect("type checked upstream")
            }
+            "insecure-tls" => {
+                self.settings.lock().unwrap().insecure_tls =
+                    value.get::<bool>().expect("type checked upstream")
+            }
            _ => unimplemented!(),
        }
    }
@ -588,6 +608,7 @@ impl ObjectImpl for Signaller {
            "role" => settings.role.to_value(),
            "client-id" => self.state.lock().unwrap().client_id.to_value(),
            "headers" => settings.headers.to_value(),
+            "insecure-tls" => settings.insecure_tls.to_value(),
            _ => unimplemented!(),
        }
    }