gnutls error: The certificate is NOT trusted

[Adsfqwop]

When trying to view anything from BitChute I get this error:

gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate chain uses expired certificate.
main error: TLS session handshake error

Example link:
https://seed132.bitchute.com/r03FfukUmW ... Hj9ytE.mp4

Using VLC 3.0.11 on Windows.

Is there any way to override this behavior, add a certificate, or any other way to get around this?

I tried all the combinations I could think of in the GnuTLS section of the preferences, but doesn't seem to make any difference what I select there. Is this a bug, or why doesn't it let me load anything from there?

Thanks.

[Hitchhiker]

Full log just in case it's needed.

Code: Select all

main debug: processing request item: 3FfYvsHj9ytE.mp4, node: Playlist, skip: 0 main debug: rebuilding array of current - root Playlist main debug: rebuild done - 2 items, index 1 main debug: starting playback of new item main debug: resyncing on 3FfYvsHj9ytE.mp4 main debug: 3FfYvsHj9ytE.mp4 is at 1 main debug: creating new input thread main debug: Creating an input for '3FfYvsHj9ytE.mp4' main debug: selected sub language[0] en main debug: selected sub language[1] en main debug: requesting art for new input thread main debug: using timeshift granularity of 50 MiB main debug: using timeshift path: C:\Users\Somebody\AppData\Local\Temp main debug: `https://seed132.bitchute.com/r03FfukUmWUo/3FfYvsHj9ytE.mp4' gives access `https' demux `any' path `seed132.bitchute.com/r03FfukUmWUo/3FfYvsHj9ytE.mp4' main debug: creating demux: access='https' demux='any' location='seed132.bitchute.com/r03FfukUmWUo/3FfYvsHj9ytE.mp4' file='\\seed132.bitchute.com\r03FfukUmWUo\3FfYvsHj9ytE.mp4' main debug: looking for access_demux module matching "https": 15 candidates main debug: no access_demux modules matched main debug: creating access: https://seed132.bitchute.com/r03FfukUmWUo/3FfYvsHj9ytE.mp4 main debug: looking for meta fetcher module matching "any": 1 candidates main debug: (path: \\seed132.bitchute.com\r03FfukUmWUo\3FfYvsHj9ytE.mp4) main debug: looking for access module matching "https": 26 candidates lua debug: Trying Lua scripts in C:\Users\Somebody\AppData\Roaming\vlc\lua\meta\fetcher lua debug: Trying Lua scripts in C:\Program Files\VideoLAN\VLC\lua\meta\fetcher main debug: no meta fetcher modules matched main debug: looking for art finder module matching "any": 2 candidates lua debug: Trying Lua scripts in C:\Users\WSomebody\AppData\Roaming\vlc\lua\meta\art lua debug: Trying Lua scripts in C:\Program Files\VideoLAN\VLC\lua\meta\art lua debug: Trying Lua playlist script C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac lua debug: skipping script (unmatched scope) C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac lua debug: Trying Lua playlist script C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac lua debug: skipping script (unmatched scope) C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac lua debug: Trying Lua playlist script C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac main debug: looking for tls client module matching "any": 1 candidates gnutls debug: using GnuTLS version 3.5.19 lua debug: skipping script (unmatched scope) C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac lua debug: Trying Lua playlist script C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac lua debug: skipping script (unmatched scope) C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac main debug: no art finder modules matched qt debug: IM: Setting an input gnutls debug: loaded 71 trusted CAs from system main debug: using tls client module "gnutls" main debug: resolving seed132.bitchute.com ... gnutls debug: TLS handshake: Resource temporarily unavailable, try again. gnutls debug: TLS handshake: Resource temporarily unavailable, try again. gnutls debug: TLS handshake: Success. gnutls debug: - safe renegotiation (RFC5746) enabled gnutls debug: - extended master secret (RFC7627) enabled gnutls debug: - false start (RFC7918) enabled gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate chain uses expired certificate. main error: TLS session handshake error main error: connection error: No error gnutls debug: TLS handshake: Resource temporarily unavailable, try again. gnutls debug: TLS handshake: Resource temporarily unavailable, try again. gnutls debug: TLS handshake: Success. gnutls debug: - safe renegotiation (RFC5746) enabled gnutls debug: - extended master secret (RFC7627) enabled gnutls debug: - false start (RFC7918) enabled gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate chain uses expired certificate. main error: TLS session handshake error main error: connection error: No error gnutls debug: TLS handshake: Resource temporarily unavailable, try again. gnutls debug: TLS handshake: Success. gnutls debug: - safe renegotiation (RFC5746) enabled gnutls debug: - false start (RFC7918) enabled gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate chain uses expired certificate. main error: TLS session handshake error main error: connection error: No error access error: HTTP connection failure main debug: no access modules matched main debug: dead input qt debug: IM: Deleting the input main debug: changing item without a request (current 1/2) main debug: nothing to play

I can confirm that the video loads in Firefox without displaying the invalid certificate error.

[Adsfqwop]

Full log just in case it's needed.

Thanks for confirming. Should I file a bug report for this then?

[Hitchhiker]

Full log just in case it's needed.

Thanks for confirming. Should I file a bug report for this then?

This issue cropped up once before six months ago and according to the devs it's not a vlc bug.
https://forum.videolan.org/viewtopic.php?f=2&t=153734

[Rémi Denis-Courmont]

When trying to view anything from BitChute I get this error:

gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate chain uses expired certificate.
main error: TLS session handshake error

Example link:
https://seed132.bitchute.com/r03FfukUmW ... Hj9ytE.mp4

The error message is correct.

- Certificate[0] info:
- subject `CN=*.bitchute.com', issuer `CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x51c82c011b8203879032e7f218a79ec1, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-03-01 00:00:00 UTC', expires `2022-03-01 23:59:59 UTC', pin-sha256="PMuF7mFtJ8Nhvh4z3CDn/YAIlb4CrS7HADo8t8d+Lqg="
Public Key ID:
sha1:6e09ee1dbfbf519e407536371234f62e53b498b5
sha256:3ccb85ee616d27c361be1e33dc20e7fd800895be02ad2ec7003a3cb7c77e2ea8
Public Key PIN:
pin-sha256:PMuF7mFtJ8Nhvh4z3CDn/YAIlb4CrS7HADo8t8d+Lqg=

- Certificate[1] info:
- subject `CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', serial 0x7d5b5126b476ba11db74160bbc530da7, RSA key 2048 bits, signed using RSA-SHA384, activated `2018-11-02 00:00:00 UTC', expires `2030-12-31 23:59:59 UTC', pin-sha256="4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng="
- Certificate[2] info:
- subject `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', issuer `CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x13ea28705bf4eced0c36630980614336, RSA key 4096 bits, signed using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', pin-sha256="x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4="

The last certificate in the chain expired (emphasis), so the certificate is not trusted. The server configuration is (way) outdated.

You might be able to work around it by deleting the expired certificate from the OS certificate trust store. I can play the provided URL in VLC just fine.

[Lotesdelere]

https://forum.videolan.org/viewtopic.php?f=2&t=153734
https://forum.videolan.org/viewtopic.php?f=14&t=153865

[Hitchhiker]

The last certificate in the chain expired (emphasis), so the certificate is not trusted. The server configuration is (way) outdated.

You might be able to work around it by deleting the expired certificate from the OS certificate trust store. I can play the provided URL in VLC just fine.

I just want to clarify your statement if I may.

You're saying you're able to play the URL in vlc 'just fine'. Do you mean that you deleted the certificate in order to do that, or managed to play it using some other method?

[Rémi Denis-Courmont]

The provided URL plays fine with VLC 3 out of the box on my system.

[Hitchhiker]

The provided URL plays fine with VLC 3 out of the box on my system.

Does that mean that Linux treats expired certificates differently to Windows?

[Lotesdelere]

It's not about the OS because I got the same error message on my Windows system with VLC 3.x while it's playing fine with other players, including FFplay, and without error messages on the same system.