vlc https/ssl/tls options: 0.9.x? planned?

[orbisvicis]

These two features are very important and were present in vlc 0.8:

disable host root authority checks
-important when people prefer creating personal/private x509 infrastructures. Also important for all the many self-signed websites.

disable certificate validation checks
-lots of websites use invalid certificates, including my school. Most often are expired certificates. When certificates expire users would still like to access multimedia on these websites.

More detail at this post
viewtopic.php?f=12&t=51774

Can we expect these options to be eventually re-implemented?

[Rémi Denis-Courmont]

The security model of TLS is such that it's basically useless overhead if you don't check certificates. You might as well not use TLS.

[orbisvicis]

I wouldnt call it 'useless overhead' because tls will nonetheless encrypt the stream.

Unfortunately clients have no control over external servers equiping invalid/self-signed certificates. A server using tls atm will be inaccessible to vlc.

In order to keep the security model of tls intact, vlc could implement capabilities similar to firefox:
-certificate manager: ability to add self-signed certs per FQDNs. This augments the default selection of root/accepted certificates shipped with the openssl package
-ability to ignore certificate errors (i.e. invalid) per FQDN

Edit: In any case, as of now it would be simpler and faster to re-impliment the missing 0.8.x https/ssl/tls features as a stop-gap measure

[Rémi Denis-Courmont]

Yeah, it encrypts the stream. So? The session key is sent by the client to the server using its public key. If you don't check the certificate, you don't know who you're encrypting to. Pointless.

[orbisvicis]

Like I said, to keep the security model of an x509 infrastructure intact, implement a security manager similar to the one in firefox.
Then manually associate (certificates you want allowed) to (domain names).

Of course, public keys can be spoofed. Thats why the security manager should only make exceptions for root certificates and not public keys.

In any case, what about the stop-gap measure I mentioned. If a user is willing to negotiated the advanced vlc preferences, then they should be willing to accept the risks.

[Rémi Denis-Courmont]

Firefox 3 ensures great pain before users can "violate" x509 security.

VLC does not have proper UI for certificate bypass, let alone a certificate manager. This woule be a huge effort for a very uncommon use case (streaming from HTTP/SSL is not very common anyway).

You can always install custom Root CAs to %vlcuserdatadir%/ssl/certs

[orbisvicis]

That's why re-implementing 0.8's https/ssl/tls features would be the easiest and fastest compromise. At the very least vlc should expose the tls interface.

This is good to know:

You can always install custom Root CAs to %vlcuserdatadir%/ssl/certs

But what about invalid certificates?

[Rémi Denis-Courmont]

Invalid certificates are invalid are invalid.