Package: vlc
Version: 0.8.5-test3.debian-3
Severity: wishlist
When streaming music (ogg, in this case) over https, vlc now includes
the option to verify the certificate. However, the certificate
authorities that it uses come from ~/.vlc/ssl/certs/ca-certficates.crt:
if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/certs",
p_tls->p_vlc->psz_homedir ) != -1 )
{
gnutls_Addx509Directory( (vlc_object_t *)p_session,
p_sys->x509_cred, psz_path,
VLC_FALSE );
free( psz_path );
}
if( asprintf( &psz_path, "%s/ca-certificates.crt",
config_GetDataDir ( (vlc_object_t *)p_session) ) != -1 )
{
gnutls_Addx509File( (vlc_object_t *)p_session,
p_sys->x509_cred, psz_path, VLC_FALSE );
free( psz_path );
}
While this incredibly useful for allowing vlc to validate certificates
issued by cacert.org, it's kind of annoying to have to configure this on
a per-user (and per-app) basis. I seem to already have cacert's root
certificate in /etc/ssl/certs/ca-certificates.crt; why not load that
first, and then load ~/.vlc/ssl/certs/ca-certificates.crt? If apps
actually standardized on that, it would be much nicer.
Note that this might actually be better filed on gnutls itself; perhaps
it could automatically load these CA certificates upon initialization,
well before gnutls_certificate_set_x509_trust_file and friends are called?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
