From 2a47c12f220a93fb5347b753b23591a2e6098f68 Mon Sep 17 00:00:00 2001
From: Alexey Khit <alexey.khit@gmail.com>
Date: Tue, 28 Feb 2023 13:46:17 +0300
Subject: [PATCH] Add DTLS InsecureSkipHelloVerify option

---
 dtlstransport.go | 5 ++---
 settingengine.go | 8 +++++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/dtlstransport.go b/dtlstransport.go
index 4029b22f527..b29b6b0fba5 100644
--- a/dtlstransport.go
+++ b/dtlstransport.go
@@ -324,9 +324,8 @@ func (t *DTLSTransport) Start(remoteParameters DTLSParameters) error {
 		dtlsConfig.ReplayProtectionWindow = int(*t.api.settingEngine.replayProtection.DTLS)
 	}
 
-	if t.api.settingEngine.dtls.retransmissionInterval != 0 {
-		dtlsConfig.FlightInterval = t.api.settingEngine.dtls.retransmissionInterval
-	}
+	dtlsConfig.FlightInterval = t.api.settingEngine.dtls.retransmissionInterval
+	dtlsConfig.InsecureSkipVerifyHello = t.api.settingEngine.dtls.insecureSkipHelloVerify
 
 	// Connect as DTLS Client/Server, function is blocking and we
 	// must not hold the DTLSTransport lock
diff --git a/settingengine.go b/settingengine.go
index 8bab83dbe86..63c3a1b5274 100644
--- a/settingengine.go
+++ b/settingengine.go
@@ -56,7 +56,8 @@ type SettingEngine struct {
 		SRTCP *uint
 	}
 	dtls struct {
-		retransmissionInterval time.Duration
+		insecureSkipHelloVerify bool
+		retransmissionInterval  time.Duration
 	}
 	sctp struct {
 		maxReceiveBufferSize uint32
@@ -349,6 +350,11 @@ func (e *SettingEngine) SetDTLSRetransmissionInterval(interval time.Duration) {
 	e.dtls.retransmissionInterval = interval
 }
 
+// SetDTLSInsecureSkipHelloVerify sets the skip HelloVerify flag for DTLS.
+func (e *SettingEngine) SetDTLSInsecureSkipHelloVerify(skip bool) {
+	e.dtls.insecureSkipHelloVerify = skip
+}
+
 // SetSCTPMaxReceiveBufferSize sets the maximum receive buffer size.
 // Leave this 0 for the default maxReceiveBufferSize.
 func (e *SettingEngine) SetSCTPMaxReceiveBufferSize(maxReceiveBufferSize uint32) {