Page 1 of 1

Accepting invalid SSL certificate

Posted: 26 Jul 2016 19:21
by roxx
Hi everybody. I am able to play a video over HTTP using libVLC. However libvlc refuses to play a HTTPS video when the server's SSL certificate is self-signed and/or has an unknown issuer (common case for local web servers using self-signed certificates). Am I able to accept such a certificate with libVLC API? Thanks in advance!

P.S. Using libVLC 2.2.2 under KUbuntu 16.04

Re: Accepting invalid SSL certificate

Posted: 26 Jul 2016 20:44
by Jean-Baptiste Kempf
You need libVLC 3.0 for that.

Re: Accepting invalid SSL certificate

Posted: 26 Jul 2016 20:55
by roxx
How can I achieve that with 3.0? Can you post a link to documentation with a new API allowing to do that? Thanks.

Re: Accepting invalid SSL certificate

Posted: 26 Jul 2016 23:22
by Rémi Denis-Courmont
LibVLC 3.0 has callbacks for user dialogs. So if your application is attended, you can -among other things- have the user approve the certificate manually. This is documented in the VLC Doxygen.

Alternatively, you can also install the issuer certificate in the system trust database or equivalent. That works in released versions, and does not require user interaction.

Re: Accepting invalid SSL certificate

Posted: 27 Jul 2016 21:02
by roxx
Thanks. I've installed a new root CA of Hydrant, see https://hydrantid.com/support/repository/, but it still doesn't work with Hydrant certificates (libVLC 2.2.2). It says "Signer not found" in a shell output.

If I add a root CA into the system db (/usr/local/share/ca-certificates) and run update-certificates, should libVLC 2.2.2 work fine with such (but not self-signed) certificates? Or version 3.x is still required for that?

Re: Accepting invalid SSL certificate

Posted: 27 Jul 2016 22:06
by Rémi Denis-Courmont
The details of root CA database are system-dependent and implemented by GnuTLS, or whatever other TLS back-end VLC is built with.