[vlc-devel] [PATCH] gnutls: allow the user to trust all certificates

Ludovic Fauvet etix at videolan.org
Sun Jun 17 13:22:46 CEST 2012

On Sun, Jun 17, 2012 at 7:42 AM, Rémi Denis-Courmont <remi at remlab.net> wrote:
> We removed this non-sensical option 5 years and that was right.
> This is rejected.

I understand your point of view and the reasoning behind that.
However, I stumbled upon a real world situation where you have no
other choice than to bypass the cert verification: A server hosting
videos in HTTPS only, with a self-signed and expired cert and no way
to contact the administrator.
I know this is bad, yet VLC has thousands of options available to tune
every aspect of the playback, including the ability to overcome some
limitations and this is one of them. And you can't pretend this is a
way of protecting users because it's not our problem. People
activating this are responsible for their actions so I ask you to
reconsider your decision.

Best regards,
-- Ludovic Fauvet

More information about the vlc-devel mailing list