Please migrate to GnuTLS 2.0.0

Feature requests for VLC.
wrd002
Blank Cone
Blank Cone
Posts: 11
Joined: 18 Oct 2006 19:02

Please migrate to GnuTLS 2.0.0

Postby wrd002 » 04 Oct 2007 19:55

Currently VLC uses GnuTLS 1.6, which doesn't support SHA-2 family (SHA-256 / 384 / 512) certificate signatures. This means that VLC can't read content from our secure servers :( . Fortunately, GnuTLS 2.0.0 has just been released (2007-09-04), and does all of this.

Please upgrade!

TIA

Will

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Please migrate to GnuTLS 2.0.0

Postby Rémi Denis-Courmont » 04 Oct 2007 20:41

To my understanding, TLS 1.2 is required to negociate any MAC beyond MD5 and SHA-1. TLS 1.2 is not yet published, and GnuTLS does explicitly say that its implementation is a draft.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

wrd002
Blank Cone
Blank Cone
Posts: 11
Joined: 18 Oct 2006 19:02

Re: Please migrate to GnuTLS 2.0.0

Postby wrd002 » 05 Oct 2007 01:06

For MACs that may well be true (I'd have to check to be sure). However, what I was talking about aren't MACs (which check the bulk data flowing through the connection once it's established), but rather the hashes used to form the certificate signatures. These bind the certificate chain together, and are checked during the connection establishment phase. The details of verifying the certificate chain aren't specified as part of TLS; you can use the SHA-2 cert signatures I need support for quite happily in TLS 1.0, and actually our servers do just that. It's a coincidence that GnuTLS 2.0.0 happens to support TLS 1.1, as well as SHA-2 certificate signatures.

Will.

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: Please migrate to GnuTLS 2.0.0

Postby Jean-Baptiste Kempf » 05 Oct 2007 01:46

As far as contribs and windows is concerned, we can make the switch when Rémi says it is fine.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Please migrate to GnuTLS 2.0.0

Postby Rémi Denis-Courmont » 06 Oct 2007 16:30

For MACs that may well be true (I'd have to check to be sure). However, what I was talking about aren't MACs (which check the bulk data flowing through the connection once it's established), but rather the hashes used to form the certificate signatures.
VLC does not have any specific assumption/restriction on the x509 certificates. As for the GnuTLS version, it's not part of VLC; it uses whatever the system has.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

wrd002
Blank Cone
Blank Cone
Posts: 11
Joined: 18 Oct 2006 19:02

Re: Please migrate to GnuTLS 2.0.0

Postby wrd002 » 10 Oct 2007 20:11

That doesn't seem to be true for the Windows build, though? a) Windows doesn't have a system copy of gnutls and b) the Windows libgnutls_plugin.dll is 1.7MB, whereas the linux libgnutls_plugin.so is about 23K. Now, I know Windows has a weight problem, but even so! :-)

funman
Developer
Developer
Posts: 1159
Joined: 03 Sep 2006 04:03
VLC version: master
Operating System: All of them
Location: Lost, please help me

Re: Please migrate to GnuTLS 2.0.0

Postby funman » 11 Oct 2007 11:55

the gnutls library is statically linked to the gnutls plugin, you can always do a win32 build with gnutls 2.0.0

cross compilation instructions can be found on wiki.videolan.org, or in INSTALL.win32

DGMurdockIII
Big Cone-huna
Big Cone-huna
Posts: 534
Joined: 14 Sep 2006 16:46
VLC version: y
Operating System: windows 10 64bit Pro
Contact:

Re: Please migrate to GnuTLS 2.0.0

Postby DGMurdockIII » 30 Mar 2008 01:31

needs to be updated again


Return to “VLC media player Feature Requests”

Who is online

Users browsing this forum: Bing [Bot] and 19 guests