fix: Add TLS option to DialICE (#330)

* fix: Add TLS option to DialICE

* Fix DialICE timeout arg

Author: kylecarbs

internal/cmd/tunnel.go

@@ -111,7 +111,7 @@ func (c *tunnneler) start(ctx context.Context) error {
 		CredentialType: webrtc.ICECredentialTypePassword,
 	}
 
-	err := wsnet.DialICE(server, 0)
+	err := wsnet.DialICE(server, nil)
 	if errors.Is(err, wsnet.ErrInvalidCredentials) {
 		return xerrors.Errorf("failed to authenticate your user for this workspace")
 	}

wsnet/dial_test.go

@@ -20,7 +20,7 @@ func ExampleDial_basic() {
 	}}
 
 	for _, server := range servers {
-		err := DialICE(server, 0)
+		err := DialICE(server, nil)
 		if errors.Is(err, ErrInvalidCredentials) {
 			// You could do something...
 		}

wsnet/rtc.go

@@ -31,19 +31,30 @@ var (
 	controlChannel = "control"
 )
 
+// DialICEOptions provides options for dialing an ICE server.
+type DialICEOptions struct {
+	Timeout time.Duration
+	// Whether to ignore TLS errors.
+	InsecureSkipVerify bool
+}
+
 // DialICE confirms ICE servers are dialable.
 // Timeout defaults to 200ms.
-func DialICE(server webrtc.ICEServer, timeout time.Duration) error {
+func DialICE(server webrtc.ICEServer, options *DialICEOptions) error {
+	if options == nil {
+		options = &DialICEOptions{}
+	}
+
 	for _, rawURL := range server.URLs {
-		err := dialICEURL(server, rawURL, timeout)
+		err := dialICEURL(server, rawURL, options)
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-func dialICEURL(server webrtc.ICEServer, rawURL string, timeout time.Duration) error {
+func dialICEURL(server webrtc.ICEServer, rawURL string, options *DialICEOptions) error {
 	url, err := ice.ParseURL(rawURL)
 	if err != nil {
 		return err
@@ -69,13 +80,13 @@ func dialICEURL(server webrtc.ICEServer, rawURL string, timeout time.Duration) e
 				return resErr
 			}
 			dconn, dialErr := dtls.Dial("udp4", udpAddr, &dtls.Config{
-				InsecureSkipVerify: true,
+				InsecureSkipVerify: options.InsecureSkipVerify,
 			})
 			err = dialErr
 			udpConn = turn.NewSTUNConn(dconn)
 		case ice.ProtoTypeTCP:
 			tcpConn, err = tls.Dial("tcp4", turnServerAddr, &tls.Config{
-				InsecureSkipVerify: true,
+				InsecureSkipVerify: options.InsecureSkipVerify,
 			})
 		}
 	}
@@ -100,7 +111,7 @@ func dialICEURL(server webrtc.ICEServer, rawURL string, timeout time.Duration) e
 		Password:       pass,
 		Realm:          "",
 		Conn:           udpConn,
-		RTO:            timeout,
+		RTO:            options.Timeout,
 	})
 	if err != nil {
 		return err

wsnet/rtc_test.go

@@ -22,7 +22,10 @@ func TestDialICE(t *testing.T) {
 			Username:       "example",
 			Credential:     "test",
 			CredentialType: webrtc.ICECredentialTypePassword,
-		}, time.Millisecond)
+		}, &DialICEOptions{
+			Timeout:            time.Millisecond,
+			InsecureSkipVerify: true,
+		})
 		if err != nil {
 			t.Error(err)
 		}
@@ -37,7 +40,10 @@ func TestDialICE(t *testing.T) {
 			Username:       "example",
 			Credential:     "test",
 			CredentialType: webrtc.ICECredentialTypePassword,
-		}, time.Millisecond)
+		}, &DialICEOptions{
+			Timeout:            time.Millisecond,
+			InsecureSkipVerify: true,
+		})
 		if !errors.Is(err, ErrMismatchedProtocol) {
 			t.Error(err)
 		}
@@ -52,7 +58,10 @@ func TestDialICE(t *testing.T) {
 			Username:       "example",
 			Credential:     "invalid",
 			CredentialType: webrtc.ICECredentialTypePassword,
-		}, time.Millisecond)
+		}, &DialICEOptions{
+			Timeout:            time.Millisecond,
+			InsecureSkipVerify: true,
+		})
 		if !errors.Is(err, ErrInvalidCredentials) {
 			t.Error(err)
 		}
@@ -63,7 +72,10 @@ func TestDialICE(t *testing.T) {
 
 		err := DialICE(webrtc.ICEServer{
 			URLs: []string{"turn:stun.l.google.com:19302"},
-		}, time.Millisecond)
+		}, &DialICEOptions{
+			Timeout:            time.Millisecond,
+			InsecureSkipVerify: true,
+		})
 		if !errors.Is(err, ErrMismatchedProtocol) {
 			t.Error(err)
 		}