[vlc-devel] [PATCH 1/2] gnutls: show a dialog allowing the user to bypass certificate issues

Rémi Denis-Courmont remi at remlab.net
Thu Jun 21 05:13:42 CEST 2012


Le jeudi 21 juin 2012 02:35:58 Ludovic Fauvet, vous avez écrit :
> ---
>  include/vlc_tls.h     |    2 +-
>  modules/access/http.c |    4 +++-
>  modules/misc/gnutls.c |   37 ++++++++++++++++++++++++++++++++++---
>  src/network/tls.c     |    9 +++++----
>  4 files changed, 43 insertions(+), 9 deletions(-)

I don't understand why you export the trust bit. If the certificate is not 
trustworthy, the connection should fail anyway.

I think the messages are way too simplistic for normal people to understand.

Conversely, for expired certificates, the dates are needed. For mismatched 
namse, the names are needed. And for untrusted roots, the certificates need to 
be shown. Otherwise there is no way to determine whether the situation is safe 
or not.

I am also not sure this works very well with streaming output cases.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis



More information about the vlc-devel mailing list