Add support for "turns:" scheme #5086
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
|
/backport to stable21 |
Until now no scheme could be configured to connect to the TURN server and "turn:" was used by default. The "turns:" scheme defines a connection over TLS, which in some cases is needed by clients behind a very restrictive firewall that only allows TLS connections. However, encrypted TURN connections also require a certificate to be set in the TURN server, which may not be always available. Moreover, encrypted TURN connections also require a domain. Due to all this now it is possible to set the TURN server scheme to "turn:", "turns:" or both, so the administrator can set the best suiting one. Already configured TURN servers that have no scheme configured yet defaults to "turn:" to keep the same behaviour as before. New configured TURN servers also default to "turn:", as "turns:" has some additional requirements as explained above. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
"turns:" scheme must be used with a domain. Moreover, in the case of Firefox using "turns:" with an IP address not only prevents connecting with the TURN server even if "turn:" is also specified, it fully breaks the gathering of all candidates. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
The STUN scheme can not be specified (browsers do not support "stuns:"), but a literal text was added to clarify that the scheme does not need to be included in the input field. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
Ivansss
approved these changes
Feb 5, 2021
danxuliu
force-pushed
the
add-support-for-turns-scheme
branch
from
78e9493 to
2d066b5
Compare
Member
Author
|
Integration test failures are unrelated. |
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Until now no scheme could be configured to connect to the TURN server, so
turn:was used by default. Theturns:scheme defines a connection over TLS, which in some cases is needed by clients behind a very restrictive firewall that only allows TLS connections. However, encrypted TURN connections also require a certificate to be set in the TURN server, which may not be always available. Moreover, encrypted TURN connections also require a domain. Due to all this now it is possible to set the TURN server scheme toturn:,turns:or both, so the administrator can set the best suiting one.Already configured TURN servers that have no scheme configured yet defaults to
turn:to keep the same behaviour as before. New configured TURN servers also default toturn:, asturns:has some additional restrictions as explained above.Besides that a literal
stun:was added in front of the STUN server input to clarify that the scheme is fixed and does not need to be set in that case.Follow up pull request: