[vlc-devel] [PATCH] Add secure transport TLS module

Rémi Denis-Courmont remi at remlab.net
Wed Dec 18 18:32:29 CET 2013

On Sun, 15 Dec 2013 19:12:40 +0100, Felix Paul Kühne
<fkuehne at videolan.org>
> Hello,
> On 15.12.2013, at 19:10, Jean-Baptiste Kempf <jb at videolan.org> wrote:
>>>> And you probably need a separate patch to not build GnuTLS by default
>>>> in
>>>> contrib on MacOS.
>>> Should I send a patch with autoenabled securetransport (with or
>>> a configure switch),


>>> and disable gnutls at the same time?

GnuTLS should be autodetected as before. My point was that you may want to
disable GnuTLS by default from MacOS *contribs*, not from MacOS VLC.

>>> Note that by
>>> disabling gnutls we would loose the tls server functionality for now.

Then it should be kept enabled on MacOS, but it is questionable for iOS.
This is a very ancilliary feature, since you nede to install your own
server key pair for server-side TLS.

>> On Mac OS, they can choose the right dylib, if they want.
> I'd second this stance as there are corner-cases where you still might
> want to prefer GnuTLS over SecureTransport, i.e. if you store your
> certificates in a random folder instead within the system trust store
> (where they belong).

Sorry but while this is desirable from user perspective, I think this will
not work. The module probing is done _before_ we know which certificate is
used and the protocol state machine cannot be rewound at that point.

Rémi Denis-Courmont
Sent from my collocated server

More information about the vlc-devel mailing list