[vlc-devel] [PATCH] Add secure transport TLS module
Rémi Denis-Courmont
remi at remlab.net
Wed Dec 18 18:32:29 CET 2013
On Sun, 15 Dec 2013 19:12:40 +0100, Felix Paul Kühne
<fkuehne at videolan.org>
wrote:
> Hello,
>
> On 15.12.2013, at 19:10, Jean-Baptiste Kempf <jb at videolan.org> wrote:
>
>>>> And you probably need a separate patch to not build GnuTLS by default
>>>> in
>>>> contrib on MacOS.
>>>
>>> Should I send a patch with autoenabled securetransport (with or
without
>>> a configure switch),
Yes.
>>> and disable gnutls at the same time?
GnuTLS should be autodetected as before. My point was that you may want to
disable GnuTLS by default from MacOS *contribs*, not from MacOS VLC.
>>> Note that by
>>> disabling gnutls we would loose the tls server functionality for now.
Then it should be kept enabled on MacOS, but it is questionable for iOS.
This is a very ancilliary feature, since you nede to install your own
server key pair for server-side TLS.
>> On Mac OS, they can choose the right dylib, if they want.
>
> I'd second this stance as there are corner-cases where you still might
> want to prefer GnuTLS over SecureTransport, i.e. if you store your
custom
> certificates in a random folder instead within the system trust store
> (where they belong).
Sorry but while this is desirable from user perspective, I think this will
not work. The module probing is done _before_ we know which certificate is
used and the protocol state machine cannot be rewound at that point.
--
Rémi Denis-Courmont
Sent from my collocated server
More information about the vlc-devel
mailing list