From f7a0d2031a815a3a3478bc87aa15eee4a60b6971 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 1 May 2020 20:17:20 +0200 Subject: [PATCH] disable TLS cert validation for stun/turn server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit turns out libwebrtc doesn’t use the system root CA store but comes with only a few default CAs. in anyway we will probably only use tcp/443 to bypass firewalls and not to actually secure anything. --- .../siacs/conversations/xmpp/jingle/JingleRtpConnection.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java b/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java index 7633ad330..98b5c9aa6 100644 --- a/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java +++ b/src/main/java/eu/siacs/conversations/xmpp/jingle/JingleRtpConnection.java @@ -1091,7 +1091,9 @@ public class JingleRtpConnection extends AbstractJingleConnection implements Web continue; } //TODO wrap ipv6 addresses - PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer.builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport)); + final PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer + .builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport)); + iceServerBuilder.setTlsCertPolicy(PeerConnection.TlsCertPolicy.TLS_CERT_POLICY_INSECURE_NO_CHECK); if (username != null && password != null) { iceServerBuilder.setUsername(username); iceServerBuilder.setPassword(password);