-
Notifications
You must be signed in to change notification settings - Fork 596
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to disable cert checking via the api? #259
Comments
I might need some help debugging this, as this is not a use case I work with regularly. Can you tell me what happens in this code in CSteamNetworkConnectionBase::BThinkCryptoReady:
Step into
My expectation is that |
here is console output given via the debug print callback
stepping in
and we reach "Otherwise, we don't have a signed cert (yet?)." |
inside of
EUnsignedCert CSteamNetworkConnectionUDP::AllowRemoteUnsignedCert()
{
// NOTE: No special override for localhost.
// Should we add a separate convar for this?
// For the CSteamNetworkConnectionlocalhostLoopback connection,
// we know both ends are us. but if they are just connecting to
// 127.0.0.1, it's not clear that we should handle this any
// differently from any other connection
// Enabled by convar?
int nAllow = m_connectionConfig.m_IP_AllowWithoutAuth.Get();
if ( nAllow > 1 )
return k_EUnsignedCert_Allow;
if ( nAllow == 1 )
return k_EUnsignedCert_AllowWarn;
// Lock it down
return k_EUnsignedCert_Disallow;
} that should return, the stack (ignore 8 to 13):
that leads to // Check if we want to intentionally disable auth
if ( AllowLocalUnsignedCert() == k_EUnsignedCert_Allow )
{
SetLocalCertUnsigned();
return true;
} my guess is that |
I see. I think the bug is actually in this function:
It isn't using the base class behaviour which is checking whether we are running in an environment with no cert authority. |
I edited |
That's a fine fix in your situation. I'm thinking through how things "should" work in all the different use cases and what the correct fix is. It might end up being exactly what you are suggesting. :) |
I want to implement a "no auth" mode into my client & server where unauthenticated clients can join the server and the server will just accept any identity its given when in this mode, without any cert authority. (I need this for testing)
when I initialize via
GameNetworkingSockets_Init
if I leave the identity null then I have no problems connecting, after I configureIP_AllowWithoutAuth
&Unencrypted
viaSetGlobalConfigValue
.but that is not a good solution for me. my game is persistent and I use the identity for selecting the correct user data for this session/connection.
I can not figure out how to do this, if the api supports it, how do I do this, and if not then I think it should be able to.
I think my use case is not that odd.
The text was updated successfully, but these errors were encountered: