Accepting invalid SSL certificate

This forum is about all development around libVLC.
roxx
Blank Cone
Blank Cone
Posts: 17
Joined: 26 Aug 2014 17:30

Accepting invalid SSL certificate

Postby roxx » 26 Jul 2016 19:21

Hi everybody. I am able to play a video over HTTP using libVLC. However libvlc refuses to play a HTTPS video when the server's SSL certificate is self-signed and/or has an unknown issuer (common case for local web servers using self-signed certificates). Am I able to accept such a certificate with libVLC API? Thanks in advance!

P.S. Using libVLC 2.2.2 under KUbuntu 16.04

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: Accepting invalid SSL certificate

Postby Jean-Baptiste Kempf » 26 Jul 2016 20:44

You need libVLC 3.0 for that.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

roxx
Blank Cone
Blank Cone
Posts: 17
Joined: 26 Aug 2014 17:30

Re: Accepting invalid SSL certificate

Postby roxx » 26 Jul 2016 20:55

How can I achieve that with 3.0? Can you post a link to documentation with a new API allowing to do that? Thanks.

Rémi Denis-Courmont
Developer
Developer
Posts: 15260
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Accepting invalid SSL certificate

Postby Rémi Denis-Courmont » 26 Jul 2016 23:22

LibVLC 3.0 has callbacks for user dialogs. So if your application is attended, you can -among other things- have the user approve the certificate manually. This is documented in the VLC Doxygen.

Alternatively, you can also install the issuer certificate in the system trust database or equivalent. That works in released versions, and does not require user interaction.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

roxx
Blank Cone
Blank Cone
Posts: 17
Joined: 26 Aug 2014 17:30

Re: Accepting invalid SSL certificate

Postby roxx » 27 Jul 2016 21:02

Thanks. I've installed a new root CA of Hydrant, see https://hydrantid.com/support/repository/, but it still doesn't work with Hydrant certificates (libVLC 2.2.2). It says "Signer not found" in a shell output.

If I add a root CA into the system db (/usr/local/share/ca-certificates) and run update-certificates, should libVLC 2.2.2 work fine with such (but not self-signed) certificates? Or version 3.x is still required for that?

Rémi Denis-Courmont
Developer
Developer
Posts: 15260
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Accepting invalid SSL certificate

Postby Rémi Denis-Courmont » 27 Jul 2016 22:06

The details of root CA database are system-dependent and implemented by GnuTLS, or whatever other TLS back-end VLC is built with.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded


Return to “Development around libVLC”

Who is online

Users browsing this forum: No registered users and 7 guests