Don't use strict ssl certificate checking for localhost

When using localhost signalling servers, we don't want to use
strict ssl because it's probably using a self-signed certificate
and there's no need to do certificate checking over localhost anyway.

diff --git a/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c b/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c
index b0ab698..413c832 100644 (file)
--- a/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c
+++ b/webrtc/multiparty-sendrecv/gst/mp-webrtc-sendrecv.c
@@ -49,6 +49,7 @@ static const gchar *default_server_url = "wss://webrtc.nirbheek.in:8443";
 static gchar *server_url = NULL;
 static gchar *local_id = NULL;
 static gchar *room_id = NULL;
+static gboolean strict_ssl = TRUE;
 
 static GOptionEntry entries[] =
 {
@@ -871,7 +872,7 @@ connect_to_websocket_server_async (void)
   SoupSession *session;
   const char *https_aliases[] = {"wss", NULL};
 
-  session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE,
+  session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl,
       SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
       //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt",
       SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL);
@@ -947,6 +948,16 @@ main (int argc, char *argv[])
   if (!server_url)
     server_url = g_strdup (default_server_url);
 
+  /* Don't use strict ssl when running a localhost server, because
+   * it's probably a test server with a self-signed certificate */
+  {
+    GstUri *uri = gst_uri_from_string (server_url);
+    if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 ||
+        g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0)
+      strict_ssl = FALSE;
+    gst_uri_unref (uri);
+  }
+
   loop = g_main_loop_new (NULL, FALSE);
 
   connect_to_websocket_server_async ();

diff --git a/webrtc/sendrecv/gst/webrtc-sendrecv.c b/webrtc/sendrecv/gst/webrtc-sendrecv.c
index f48e27a..607732e 100644 (file)
--- a/webrtc/sendrecv/gst/webrtc-sendrecv.c
+++ b/webrtc/sendrecv/gst/webrtc-sendrecv.c
@@ -45,6 +45,7 @@ static SoupWebsocketConnection *ws_conn = NULL;
 static enum AppState app_state = 0;
 static const gchar *peer_id = NULL;
 static const gchar *server_url = "wss://webrtc.nirbheek.in:8443";
+static gboolean strict_ssl = TRUE;
 
 static GOptionEntry entries[] =
 {
@@ -566,7 +567,7 @@ connect_to_websocket_server_async (void)
   SoupSession *session;
   const char *https_aliases[] = {"wss", NULL};
 
-  session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, TRUE,
+  session = soup_session_new_with_options (SOUP_SESSION_SSL_STRICT, strict_ssl,
       SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
       //SOUP_SESSION_SSL_CA_FILE, "/etc/ssl/certs/ca-bundle.crt",
       SOUP_SESSION_HTTPS_ALIASES, https_aliases, NULL);
@@ -631,6 +632,16 @@ main (int argc, char *argv[])
     return -1;
   }
 
+  /* Don't use strict ssl when running a localhost server, because
+   * it's probably a test server with a self-signed certificate */
+  {
+    GstUri *uri = gst_uri_from_string (server_url);
+    if (g_strcmp0 ("localhost", gst_uri_get_host (uri)) == 0 ||
+        g_strcmp0 ("127.0.0.1", gst_uri_get_host (uri)) == 0)
+      strict_ssl = FALSE;
+    gst_uri_unref (uri);
+  }
+
   loop = g_main_loop_new (NULL, FALSE);
 
   connect_to_websocket_server_async ();