How to disable cert checking via the api?

[Yorizuka]

I want to implement a "no auth" mode into my client & server where unauthenticated clients can join the server and the server will just accept any identity its given when in this mode, without any cert authority. (I need this for testing)

when I initialize via GameNetworkingSockets_Init if I leave the identity null then I have no problems connecting, after I configure IP_AllowWithoutAuth & Unencrypted via SetGlobalConfigValue.

but that is not a good solution for me. my game is persistent and I use the identity for selecting the correct user data for this session/connection.

[#3104342239 UDP invalid@127.0.0.1:25569 'PS client'] problem detected locally (5002): Need a cert authority!`
[#3104342239 UDP invalid@127.0.0.1:25569] problem (5002) Need a cert authority!, but connection already dead (0 5002 Need a cert authority!)

I can not figure out how to do this, if the api supports it, how do I do this, and if not then I think it should be able to.
I think my use case is not that odd.

[zpostfacto]

I might need some help debugging this, as this is not a use case I work with regularly.

Can you tell me what happens in this code in CSteamNetworkConnectionBase::BThinkCryptoReady:

	// Check if we want to intentionally disable auth
	if ( AllowLocalUnsignedCert() == k_EUnsignedCert_Allow )
	{
		SetLocalCertUnsigned();
		return true;
	}

Step into AllowLocalUnsignedCert function:

EUnsignedCert CSteamNetworkConnectionBase::AllowLocalUnsignedCert()
{
	// Base class - we will not attempt connections without a local cert,
	// unless we are running in a way that is configured without one
	if ( !m_pSteamNetworkingSocketsInterface->BCanRequestCert() )
		return k_EUnsignedCert_Allow;
	else
		return k_EUnsignedCert_Disallow;
}

My expectation is that BCanRequestCert should return false, and then it should return k_EUnsignedCert_Allow. What are you seeing when you reproduce this problem?

[Yorizuka]

here is console output given via the debug print callback

Bug: src/steamnetworkingsockets/clientlib/steamnetworkingsockets_connections.cpp(2966): [#3019161547 UDP invalid@127.0.0.1:25569] problem (5002) Need a cert authority!, but connection already dead (0 5002 Need a cert authority!)
Bug: src/steamnetworkingsockets/clientlib/steamnetworkingsockets_connections.cpp(1158): Assertion Failed: false
Msg: [#3019161547 UDP invalid@127.0.0.1:25569 'PS client'] problem detected locally (5002): Need a cert authority!

stepping in bool CSteamNetworkConnectionBase::BThinkCryptoReady( SteamNetworkingMicroseconds usecNow )
the following checks did not return true.

• we already have a cert?
• If we are using an anonymous identity.
• Already have a signed cert?
• Check if we want to intentionally disable auth

and we reach "Otherwise, we don't have a signed cert (yet?)."
and Msg: [#3019161547 UDP invalid@127.0.0.1:25569 'PS client'] problem detected locally (5002): Need a cert authority! is printed

[Yorizuka]

inside of EUnsignedCert CSteamNetworkConnectionUDP::AllowRemoteUnsignedCert()

int nAllow = m_connectionConfig.m_IP_AllowWithoutAuth.Get(); is a value of 1

EUnsignedCert CSteamNetworkConnectionUDP::AllowRemoteUnsignedCert()
{
	// NOTE: No special override for localhost.
	// Should we add a separate convar for this?
	// For the CSteamNetworkConnectionlocalhostLoopback connection,
	// we know both ends are us.  but if they are just connecting to
	// 127.0.0.1, it's not clear that we should handle this any
	// differently from any other connection

	// Enabled by convar?
	int nAllow = m_connectionConfig.m_IP_AllowWithoutAuth.Get();
	if ( nAllow > 1 )
		return k_EUnsignedCert_Allow;
	if ( nAllow == 1 )
		return k_EUnsignedCert_AllowWarn;

	// Lock it down
	return k_EUnsignedCert_Disallow;
}

that should return, k_EUnsignedCert_AllowWarn.

the stack (ignore 8 to 13):

#0  SteamNetworkingSocketsLib::CSteamNetworkConnectionUDP::AllowRemoteUnsignedCert(this = 0x5555565ea710) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_udp.cpp:1776
#1  SteamNetworkingSocketsLib::CSteamNetworkConnectionUDP::AllowLocalUnsignedCert(this = 0x5555565ea710) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_udp.cpp:1789
#2  SteamNetworkingSocketsLib::CSteamNetworkConnectionBase::BThinkCryptoReady(this = 0x5555565ea710, usecNow = 3000002271339) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_connections.cpp:1149
#3  SteamNetworkingSocketsLib::CSteamNetworkConnectionBase::InitConnectionCrypto(this = 0x5555565ea710, usecNow = 3000002271339) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_connections.cpp:1023
#4  SteamNetworkingSocketsLib::CSteamNetworkConnectionBase::BInitConnection(this = 0x5555565ea710, usecNow = 3000002271339, nOptions = 1, pOptions = 0x7fffffffddc0, errMsg = @0x7fffffffd8e0: ")\?\?\?\?\�\?\?\�\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\?w\?UUU\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\�\?\?e\?\?UUU\?\?\?\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\?\?\\vVUU\?\?\?\?\?\?\?\�\?\?\?\?\?UUU\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\\a\?\?\?\?\?\?\?\?\?\?\?\?\?\?\? \?\?\?\?\�\?\?\?\?\?\?\?\�\?\?)\?\?UUU\?\?\?\?\\vVUU\?\?"...) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_connections.cpp:981
#5  SteamNetworkingSocketsLib::CSteamNetworkConnectionUDP::BInitConnect(this = 0x5555565ea710, addressRemote = , nOptions = 1, pOptions = 0x7fffffffddc0, errMsg = @0x7fffffffd8e0: ")\?\?\?\?\�\?\?\�\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\?w\?UUU\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\�\?\?e\?\?UUU\?\?\?\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\�\?\?\?\?\?\?\?\?\?\\vVUU\?\?\?\?\?\?\?\�\?\?\?\?\?UUU\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\\a\?\?\?\?\?\?\?\?\?\?\?\?\?\?\? \?\?\?\?\�\?\?\?\?\?\?\?\�\?\?)\?\?UUU\?\?\?\?\\vVUU\?\?"...) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_udp.cpp:1169
#6  SteamNetworkingSocketsLib::CSteamNetworkingSockets::ConnectByIPAddress(this = 0x555556137a40, address = , nOptions = 1, pOptions = 0x7fffffffddc0) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/csteamnetworkingsockets.cpp:1113
#7  SteamAPI_ISteamNetworkingSockets_ConnectByIPAddress(self = 0x555556137a40, address = , nOptions = 1, pOptions = 0x7fffffffddc0) at /home/yori/Desktop/projects/runic/srcC/GNS/src/steamnetworkingsockets/clientlib/steamnetworkingsockets_flat.cpp:26
#8  _D4rune5steam10networking23ISteamNetworkingSockets18ConnectByIPAddressMFKxSQCvQCtQCq21SteamNetworkingIPAddrixPSQEfQEdQEa28SteamNetworkingConfigValue_tZSQFuQFsQFp19HSteamNetConnection(this = , pOptions = 0x7fffffffddc0, nOptions = 1, address = ) at src/rune/steam/networking.d:2898
#9  _D4rune3ent11play_spaces22PlaySpaceManagerClient10connect_toFNeAyaZv(connect_to = "127.0.0.1:25560") at src/rune/ent/play_spaces.d:322
#10  _D4rune10event_loop6game3d__T16Rune3dGameClientTS5runic6common10GameConfigZQBu18join_single_playerMFNeZv(this = 0x7ffff7b52060) at src/rune/event_loop/game3d.d:112
#11  _D4rune10event_loop6game3d__T16Rune3dGameClientTS5runic6common10GameConfigZQBu8on_startMFNeCQDmQDk4main13RuneGameMainIAyaE3std8typecons__T4FlagVQBaa10_546f446576576f726c64ZQBiZv(this = 0x7ffff7b52060, to_dev_world = true, direct_join_to = 0x0, rune_game_main = 0x7fffffffe0b8) at src/rune/event_loop/game3d.d:87
#12  _D4rune10event_loop4main__T18RuneGameMainStructTS5runic6common10GameConfigTCQBbQy11RunicClientTCQBvQBs11RunicServerZQDlQDwMFNeAAyaZv(this = 0x7fffffffe0a8, arguments = ) at src/rune/event_loop/main.d:141
#13  _Dmain(arguments = ) at src/rune/event_loop/main.d:173

that leads to CSteamNetworkConnectionBase::BThinkCryptoReady not use a unsigned cert.

// Check if we want to intentionally disable auth
if ( AllowLocalUnsignedCert() == k_EUnsignedCert_Allow )
{
	SetLocalCertUnsigned();
	return true;
}

my guess is that if ( AllowLocalUnsignedCert() == k_EUnsignedCert_Allow ) should become if ( AllowLocalUnsignedCert() != k_EUnsignedCert_Disallow )

[zpostfacto]

I see. I think the bug is actually in this function:

EUnsignedCert CSteamNetworkConnectionUDP::AllowLocalUnsignedCert()
{
	// Same logic actually applies for remote and local
	return AllowRemoteUnsignedCert();
}

It isn't using the base class behaviour which is checking whether we are running in an environment with no cert authority.

[Yorizuka]

I edited ( AllowLocalUnsignedCert() == k_EUnsignedCert_Allow ) to ( AllowLocalUnsignedCert() != k_EUnsignedCert_Disallow ) and it seems to be doing what I want, but, im not sure if this is a correct solution.

[zpostfacto]

That's a fine fix in your situation. I'm thinking through how things "should" work in all the different use cases and what the correct fix is. It might end up being exactly what you are suggesting. :)