[vlc-devel] add support for https video streaming from websites with untrusted SSL certificates
fcvlcdev at free.fr
Tue Dec 21 02:15:00 CET 2010
Le mardi 21 décembre 2010, Rémi Denis-Courmont a écrit :
> Sure. But the underlying point is that most users do not know how when and
> when not to ignore certificate errors. The --no-tls-cert-check option (or
> whatever its name was) was not solving that problem to any meaningful
> extent. I actually think that rejecting invalid certificates is better than
> having that short-sighted option. At least lazy and incompetent admins
> cannot tell their VLC users to just disable the security.
- VLC can be used as a streaming server with TLS.
- VLC tls client must have the signed CA. (*)
- Regarding my June patch for CA locations, you learned me that the CA path
must be specified by packagers: This must be a system path and then
unprivilegied users won't be able to add CA.
So, there's one problem: Users can't set a TLS streaming server without having
a certificate signed by a root CA, or installing another CA in the clients's
That's why vlc should either provide support for an additional (and provide a
minimal interface to) certificates directory or provide a way to accept self
(*) and windows builds just currently can't without cryptoapi
More information about the vlc-devel