[vlc-devel] [PATCH 1/2] gnutls: show a dialog allowing the user to bypass certificate issues
Rémi Denis-Courmont
remi at remlab.net
Thu Jun 21 05:13:42 CEST 2012
Le jeudi 21 juin 2012 02:35:58 Ludovic Fauvet, vous avez écrit :
> ---
> include/vlc_tls.h | 2 +-
> modules/access/http.c | 4 +++-
> modules/misc/gnutls.c | 37 ++++++++++++++++++++++++++++++++++---
> src/network/tls.c | 9 +++++----
> 4 files changed, 43 insertions(+), 9 deletions(-)
I don't understand why you export the trust bit. If the certificate is not
trustworthy, the connection should fail anyway.
I think the messages are way too simplistic for normal people to understand.
Conversely, for expired certificates, the dates are needed. For mismatched
namse, the names are needed. And for untrusted roots, the certificates need to
be shown. Otherwise there is no way to determine whether the situation is safe
or not.
I am also not sure this works very well with streaming output cases.
--
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis
More information about the vlc-devel
mailing list