mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-05 15:23:10 +02:00
Optionally disable certificate validation for proxy connections.
This commit is contained in:
parent
4427953a69
commit
559f1e28ae
|
@ -127,6 +127,11 @@ connectionsperhost = 8
|
||||||
# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
|
# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
|
||||||
#urltype = static
|
#urltype = static
|
||||||
|
|
||||||
|
# If set to "true", certificate validation of proxy servers will be skipped.
|
||||||
|
# This should only be enabled during development, e.g. to work with self-signed
|
||||||
|
# certificates.
|
||||||
|
#skipverify = false
|
||||||
|
|
||||||
# For type "proxy": the id of the token to use when connecting to proxy servers.
|
# For type "proxy": the id of the token to use when connecting to proxy servers.
|
||||||
#token_id = server1
|
#token_id = server1
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ package signaling
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
@ -68,13 +69,6 @@ const (
|
||||||
defaultProxyTimeoutSeconds = 2
|
defaultProxyTimeoutSeconds = 2
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
websocketDialer = &websocket.Dialer{
|
|
||||||
Proxy: http.ProxyFromEnvironment,
|
|
||||||
HandshakeTimeout: 45 * time.Second,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
type mcuProxyPubSubCommon struct {
|
type mcuProxyPubSubCommon struct {
|
||||||
streamType string
|
streamType string
|
||||||
proxyId string
|
proxyId string
|
||||||
|
@ -568,7 +562,7 @@ func (c *mcuProxyConnection) reconnect() {
|
||||||
u.Scheme = "wss"
|
u.Scheme = "wss"
|
||||||
}
|
}
|
||||||
|
|
||||||
conn, _, err := websocketDialer.Dial(u.String(), nil)
|
conn, _, err := c.proxy.dialer.Dial(u.String(), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Could not connect to %s: %s", u, err)
|
log.Printf("Could not connect to %s: %s", u, err)
|
||||||
c.scheduleReconnect()
|
c.scheduleReconnect()
|
||||||
|
@ -974,6 +968,7 @@ type mcuProxy struct {
|
||||||
keyInfos map[string]*ProxyInformationEtcd
|
keyInfos map[string]*ProxyInformationEtcd
|
||||||
urlToKey map[string]string
|
urlToKey map[string]string
|
||||||
|
|
||||||
|
dialer *websocket.Dialer
|
||||||
connections []*mcuProxyConnection
|
connections []*mcuProxyConnection
|
||||||
connectionsMap map[string]*mcuProxyConnection
|
connectionsMap map[string]*mcuProxyConnection
|
||||||
connectionsMu sync.RWMutex
|
connectionsMu sync.RWMutex
|
||||||
|
@ -1019,6 +1014,10 @@ func NewMcuProxy(config *goconf.ConfigFile) (Mcu, error) {
|
||||||
tokenId: tokenId,
|
tokenId: tokenId,
|
||||||
tokenKey: tokenKey,
|
tokenKey: tokenKey,
|
||||||
|
|
||||||
|
dialer: &websocket.Dialer{
|
||||||
|
Proxy: http.ProxyFromEnvironment,
|
||||||
|
HandshakeTimeout: proxyTimeout,
|
||||||
|
},
|
||||||
connectionsMap: make(map[string]*mcuProxyConnection),
|
connectionsMap: make(map[string]*mcuProxyConnection),
|
||||||
proxyTimeout: proxyTimeout,
|
proxyTimeout: proxyTimeout,
|
||||||
|
|
||||||
|
@ -1027,6 +1026,14 @@ func NewMcuProxy(config *goconf.ConfigFile) (Mcu, error) {
|
||||||
publisherWaiters: make(map[uint64]chan bool),
|
publisherWaiters: make(map[uint64]chan bool),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
skipverify, _ := config.GetBool("mcu", "skipverify")
|
||||||
|
if skipverify {
|
||||||
|
log.Println("WARNING: MCU verification is disabled!")
|
||||||
|
mcu.dialer.TLSClientConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: skipverify,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if urlType == "" {
|
if urlType == "" {
|
||||||
urlType = proxyUrlTypeStatic
|
urlType = proxyUrlTypeStatic
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue