Bug#885127: vlc: Cast Chromecast unusable due to gnutls error

Daniel Kahn Gillmor dkg at debian.org
Fri Dec 29 21:48:30 UTC 2017

On Tue 2017-12-26 22:24:59 +0100, Floris wrote:
> I'm not sure this is a VLC bug, although I think it is odd that VLC 3 has  
> a Chromecast feature, but it isn't working. Maybe build vlc without  
> Chromecast support in Debian until Google and/ or GnuTLS has a decent fix  
> for this issue. Or make a workaround.

Dropping chromecast support in debian doesn't seem like great option to
me if it's available upstream.  And GnuTLS has at least two different
fixes available.

One approach (as noted in my earlier post on this bug report) is to
explicitly grant that self-signed cert root CA status.  But that's
generally unpleasant, because it means that cert can MITM any of your
other connections.

A better approach to connecting to a persistently-named, self-signed
chromecast stream would be for VLC to take advantage of GnuTLS's "TOFU"
(trust on first use) functionality:


or, if we already know that chromecast is never a strongly-secured
connection, we could just disable authentication on chromecast
connections (i do not have a chromecast, and i do not know what security
posture chromecast users expect from their connections).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20171229/1633fac9/attachment-0002.sig>

More information about the Pkg-gnutls-maint mailing list