disable TLS cert validation for stun/turn server

turns out libwebrtc doesn’t use the system root CA store but comes with only a few default CAs.

in anyway we will probably only use tcp/443 to bypass firewalls and not to actually secure anything.
This commit is contained in:
Daniel Gultsch 2020-05-01 20:17:20 +02:00
parent 58429c42ee
commit f7a0d2031a
1 changed files with 3 additions and 1 deletions

View File

@ -1091,7 +1091,9 @@ public class JingleRtpConnection extends AbstractJingleConnection implements Web
continue; continue;
} }
//TODO wrap ipv6 addresses //TODO wrap ipv6 addresses
PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer.builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport)); final PeerConnection.IceServer.Builder iceServerBuilder = PeerConnection.IceServer
.builder(String.format("%s:%s:%s?transport=%s", type, host, port, transport));
iceServerBuilder.setTlsCertPolicy(PeerConnection.TlsCertPolicy.TLS_CERT_POLICY_INSECURE_NO_CHECK);
if (username != null && password != null) { if (username != null && password != null) {
iceServerBuilder.setUsername(username); iceServerBuilder.setUsername(username);
iceServerBuilder.setPassword(password); iceServerBuilder.setPassword(password);