Bug 725721 – Use system certificate storage for checking TLS certificates

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 725721 - Use system certificate storage for checking TLS certificates


Summary:	Use system certificate storage for checking TLS certificates


Status:	RESOLVED OBSOLETE

Product:	GStreamer
Classification:	Platform
Component:	cerbero
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-03-05 12:52 UTC by Sebastian Dröge (slomo)
Modified:	2018-05-04 13:24 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Sebastian Dröge (slomo) 2014-03-05 12:52:38 UTC

See summary.

On Android we could use /system/etc/security/cacerts for system certs and /data/misc/keystore for certs installed by the user. The former is a normal directory with certificates one per file, the latter unfortunately seems to be encrypted. Might need to implement some JNI magic that uses the public Android API.

No idea what we can do on iOS, OSX and Windows yet.

Comment 1 Sebastian Dröge (slomo) 2014-03-05 12:53:06 UTC

Alternatively we could of course ship our own collection of CA certificates like Mozilla does

Comment 2 Sebastian Dröge (slomo) 2018-05-04 13:24:41 UTC

We ship our own certificates