[vlc-devel] add support for https video streaming from websites with untrusted SSL certificates

[Francois Cartegnie]

Le mardi 21 décembre 2010, Rémi Denis-Courmont a écrit :
> Sure. But the underlying point is that most users do not know how when and
> when not to ignore certificate errors. The --no-tls-cert-check option (or
> whatever its name was) was not solving that problem to any meaningful
> extent. I actually think that rejecting invalid certificates is better than
> having that short-sighted option. At least lazy and incompetent admins
> cannot tell their VLC users to just disable the security.

- VLC can be used as a streaming server with TLS.
- VLC tls client must have the signed CA. (*)
- Regarding my June patch for CA locations, you learned me that the CA path 
must be specified by packagers: This must be a system path and then 
unprivilegied users won't be able to add CA.

So, there's one problem: Users can't set a TLS streaming server without having 
a certificate signed by a root CA, or installing another CA in the clients's 
system directory.

That's why vlc should either provide support for an additional (and provide a 
minimal interface to) certificates directory or provide a way to accept self 
signed CA.

Francois

(*) and windows builds just currently can't without cryptoapi