On Tue 2017-12-26 22:24:59 +0100, Floris wrote: > I'm not sure this is a VLC bug, although I think it is odd that VLC 3 has > a Chromecast feature, but it isn't working. Maybe build vlc without > Chromecast support in Debian until Google and/ or GnuTLS has a decent fix > for this issue. Or make a workaround.
Dropping chromecast support in debian doesn't seem like great option to
me if it's available upstream. And GnuTLS has at least two different
fixes available.
One approach (as noted in my earlier post on this bug report) is to
explicitly grant that self-signed cert root CA status. But that's
generally unpleasant, because it means that cert can MITM any of your
other connections.
A better approach to connecting to a persistently-named, self-signed
chromecast stream would be for VLC to take advantage of GnuTLS's "TOFU"
(trust on first use) functionality:
https://gnutls.org/manual/gnutls.html#Certificate-verification
or, if we already know that chromecast is never a strongly-secured
connection, we could just disable authentication on chromecast
connections (i do not have a chromecast, and i do not know what security
posture chromecast users expect from their connections).
hth,
--dkg
signature.asc
Description: PGP signature
