GNOME Bugzilla – Bug 771505
souphttpsrc can't open https://gstreamer.freedesktop.org with official macOS / Windows build
Last modified: 2016-11-01 19:52:26 UTC
This is on OSX 10.11, if I try to do a simple playbin uri= https://gstreamer.freedesktop.org/... I get an "Unacceptable TLS certificate" error from libsoup, so I assume it can't find the system certificates, it seems like a build problem.
Related, https://bugzilla.gnome.org/show_bug.cgi?id=725721
<slomo> ca-certificates are shipped now with the packages <__tim> someone needs to check if the certificates are going to be picked up now <ocrete> also need to set the cert location in glib-networking*.recipe instead of --without-ca-certificates <slomo> yes <slomo> and it should ideally be relative to libgiognutls.so/dylib/dll or something
Olivier?
Created attachment 338366 [details] [review] Patch to read the SSL libraries from a relative patch This is one potential approach. The other possiblity is to just set the static path (although that won't work if you bundle GStreamer into the app bundle instead of installing the framework for everyone).
Review of attachment 338366 [details] [review]: This is rather complicated though, but I guess makes sense. We should also do something similar for Windows, which needs different API (see gstregistry.c e.g. which checks the plugin directory relative to libgstreamer-1.0-0.dll). Maybe we should check relative to the library, and if it's not there always check the environment variable?
Review of attachment 338366 [details] [review]: ::: recipes/glib-networking/0003-gnutls-Use-db-relative-to-libglib-2.0-if-needed.patch @@ +44,3 @@ ++#ifdef HAVE_DLADDR ++ gchar *free_me = NULL; ++ GTlsDatabase *db; db needs to be outside the #ifdef as it's used outside any #ifdef's.
Created attachment 338543 [details] [review] Updated patch Fixed the little problem that Matthew found, I also removed the bit that pointlessly updated the existing patches. I'd like to propose this patch for 1.10 as otherwise the tutorial 4 doesn't work on macOS.
Review of attachment 338543 [details] [review]: ::: recipes/glib-networking/0003-gnutls-Use-db-relative-to-libglib-2.0-if-needed.patch @@ +74,3 @@ ++ + #ifdef GST_CA_CERTIFICATES_FROM_ENV + anchor_file = g_getenv ("CA_CERTIFICATES"); This is broken: if both variables are set, you ignore the result of dladdr() and override it here. Also need to do the same for Windows still. Otherwise good to go I guess
commit a05feb005ff3bc56beb704c0b1ed435219ca5876 Author: Sebastian Dröge <sebastian@centricular.com> Date: Tue Nov 1 21:51:12 2016 +0200 glib-networking: Use a relative path for the SSL CA certs on Windows too https://bugzilla.gnome.org/show_bug.cgi?id=771505 commit 660178471d36c4762dc2f70e1cdbcf7c2ddf4c15 Author: Olivier Crete <olivier.crete@collabora.com> Date: Thu Oct 6 16:05:44 2016 -0400 glib-networking: Use a relative path for the SSL CA certs https://bugzilla.gnome.org/show_bug.cgi?id=771505