disable TLS cert validation for stun/turn server

turns out libwebrtc doesn’t use the system root CA store but comes with only a few default CAs. in anyway we will probably only use tcp/443 to bypass firewalls and not to actually secure anything.
2020-05-01 20:17:20 +02:00 · 2020-05-01 20:17:20 +02:00 · f7a0d2031a
parent 58429c42ee
commit f7a0d2031a
1 changed files with 3 additions and 1 deletions
--- a/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java
@ -1091,7 +1091,9 @@ public class JingleRtpConnection extends AbstractJingleConnection implements Web
                                    continue;
                                }
                                //TODO wrap ipv6 addresses
-                                PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer.builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport));
+                                final PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer
+                                        .builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport));
+                                iceServerBuilder.setTlsCertPolicy(PeerConnection.TlsCertPolicy.TLS_CERT_POLICY_INSECURE_NO_CHECK);
                                if (username != null && password != null) {
                                    iceServerBuilder.setUsername(username);
                                    iceServerBuilder.setPassword(password);