Hosting a multiplayer web game for LAN only. For a Jackbox like multiplayer

Help Networking
,
3

Using IP addresses is ok for me, as I can just create a QR-Code that links to the correct IP, so users wouldn’t even have to enter it manually.

Where I got to by now

I’ve been trying out some things and I got https with wss working somewhat. At least in Chrome.
I use the X509_Generator as described above to generate a new set of Key and Certificate when the Server is started (clicking host on the PC). Then I use them when creating the WebSocket server with TLSOptions.server(key, cert).
To serve the web version for the clients/players I found godot_web by pipejakob which can take a TLS certificate and key to host the web version for everyone on the LAN.

When someone now goes to https://game.server.ip.addr:8000 the get a warning about the server using a self-signed certificate (to be expected) but after they accept they can load the game and connect to the game server.

The second part here is still not optimal. I only have gotten the connectiong to work by using TLSOptions.client_unsafe() which does not require validation of the certificate, but is also stated to be not recommended for purposes other than testing.

Another Problem with this somewhat working version is, that it only works this way on Chrome. On Firefox I still can’t connect, as Firefox seemingly does not allow the connection to the WebSocket, as it counts the Certificate as not valid, until it is manually approved.
Meaning that if one manually goes to the WebSocket connection but replaces wss:// with https:// so wss://server.ip.addr:websocket_port becomes https://server.ip.addr:websocket_port and then accepts the security warning about self-signed certificates on that site the connection to the game server over the WebSocket can then be established.

Two problems remain

  1. Having Firefox accept the wss:// connection that uses the same certificate as the website automatically.
  2. Getting TLSOptions.client(cert) to work. But this seems impossible at first glance, as there is a note on the TLSOptions documentatoin that TLS is always enforced against the CA list of the web browser, which I think would mean that a self-signed certificate will not work. Unless, accepting the self-signed certificate warning actually adds the self-signed cert to the CA list.
    I’m a bit confused about this note as the same note is also on the client_unsafe() function but that seems to work. I’ll have to look into this more.