Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify SSL certificates when streaming over HTTPS #3078

Open
Clementine-Issue-Importer opened this issue Dec 12, 2013 · 0 comments
Open

Verify SSL certificates when streaming over HTTPS #3078

Clementine-Issue-Importer opened this issue Dec 12, 2013 · 0 comments

Comments

@Clementine-Issue-Importer

From alan.briolat on July 29, 2012 04:48:21

The gstreamer pipeline uses "uridecodebin", which will default to "souphttpsrc" for HTTP/HTTPS streams. "souphttpsrc" doesn't verify SSL certificates, which means any streaming from an authenticated service is vulnerable to a man-in-the-middle attack using a self-signed certificate, which could steal login credentials or authentication tokens, depending on the service.

There is another HTTP handler, neonhttpsrc, in gstreamer-bad-plugins which does verify SSL certificates. I'd suggest that the pipeline be modified when the URI scheme is "https" to use "neonhttpsrc ! decodebin" instead of "uridecodebin".

Original issue: http://code.google.com/p/clementine-player/issues/detail?id=3077

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant