search

avstack / gst-meet

Connect GStreamer pipelines to Jitsi Meet conferences
Apache License 2.0
70 stars 25 forks source link

Error: IO error: invalid certificate: BadDER #7

Closed alesovmed closed 3 years ago

alesovmed commented 3 years ago

Hi ! I'm stuck with certificate, I guess probably due to self signed certificate. Any idea how to get around this would be most welcome . Thank you! Best regards, Ales

$ gst-meet --web-socket-url=wss://meet.iskratel.build/xmpp-websocket --xmpp-domain=meet.iskratel.build --room-name=novas --send-pipeline="autovideosrc ! queue ! videoconvert ! vp8enc buffer-size=1000 deadline=1 name=video autoaudiosrc ! queue ! audioconvert ! audioresample ! opusenc name=audio" --recv-pipeline-participant-template="opusdec name=audio ! autoaudiosink vp8dec name=video ! videoconvert ! autovideosink" --verbose=3 Oct 07 16:04:03.318 INFO Connecting XMPP WebSocket to wss://meet.iskratel.build/xmpp-websocket Oct 07 16:04:03.319 DEBUG No cached session for DNSNameRef("meet.iskratel.build")
Oct 07 16:04:03.319 DEBUG Not resuming any session
Oct 07 16:04:03.321 DEBUG Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
Oct 07 16:04:03.321 DEBUG Not resuming
Oct 07 16:04:03.321 DEBUG TLS1.3 encrypted extensions: [ServerNameAck]
Oct 07 16:04:03.321 DEBUG ALPN protocol is None
Oct 07 16:04:03.321 WARN Sending fatal alert DecodeError
Error: IO error: invalid certificate: BadDER

Caused by: invalid certificate: BadDER

jbg commented 3 years ago

Unfortunately, rustls doesn't support self-signed certificates, and right now we always use rustls for the websocket connections. If you can get a valid certificate on your server, that will fix it, otherwise I'll leave this issue open to track adding native-tls support.

jbg commented 3 years ago

This should be resolved in latest git master, which now defaults to using your system native TLS library. Rustls can still be used by building with --no-default-features --features tls-rustls.

jbg commented 3 years ago

I'll close this since it should be resolved. If you still have problems, let us know!

alesovmed commented 3 years ago

Hi Jasper ! There is still a problem. (gst-meet version remained 0.2.2) Perhaps there is some new option that should be invoked in run-time or during build process for using self-signed certificates? (E.g. wscat has "--no-check" runtime option and browsers optionally require adding an exception.)