Accepting invalid SSL certificate

[roxx]

Hi everybody. I am able to play a video over HTTP using libVLC. However libvlc refuses to play a HTTPS video when the server's SSL certificate is self-signed and/or has an unknown issuer (common case for local web servers using self-signed certificates). Am I able to accept such a certificate with libVLC API? Thanks in advance!

P.S. Using libVLC 2.2.2 under KUbuntu 16.04

[Jean-Baptiste Kempf]

You need libVLC 3.0 for that.

[roxx]

How can I achieve that with 3.0? Can you post a link to documentation with a new API allowing to do that? Thanks.

[Rémi Denis-Courmont]

LibVLC 3.0 has callbacks for user dialogs. So if your application is attended, you can -among other things- have the user approve the certificate manually. This is documented in the VLC Doxygen.

Alternatively, you can also install the issuer certificate in the system trust database or equivalent. That works in released versions, and does not require user interaction.

[roxx]

Thanks. I've installed a new root CA of Hydrant, see https://hydrantid.com/support/repository/, but it still doesn't work with Hydrant certificates (libVLC 2.2.2). It says "Signer not found" in a shell output.

If I add a root CA into the system db (/usr/local/share/ca-certificates) and run update-certificates, should libVLC 2.2.2 work fine with such (but not self-signed) certificates? Or version 3.x is still required for that?

[Rémi Denis-Courmont]

The details of root CA database are system-dependent and implemented by GnuTLS, or whatever other TLS back-end VLC is built with.