Bug#885127: vlc: Cast Chromecast unusable due to gnutls error
Rémi Denis-Courmont
remi at remlab.net
Tue Dec 26 19:52:09 UTC 2017
On dimanche 24 décembre 2017 11:48:51 EET floris wrote:
> Package: src:vlc
> Version: 3.0.0~rc2-2
> Severity: normal
>
> Dear Maintainer,
>
> I'm unable to cast a video with vlc to the chromecast due to a gnutls error:
>
> From command line or via Video -> Renderer -> Scan -> Chromecast
>
> vlc -vv --sout="#chromecast{ip=192.168.1.14}" test.mp4
>
> ...
> [00007ff9a0003020] gnutls tls client debug: using GnuTLS version 3.5.16
> [0000558879fa27c0] qt interface debug: IM: Setting an input
> [00007ff9a0003020] gnutls tls client debug: loaded 149 trusted CAs from
> system [00007ff9a0003020] main tls client debug: using tls client module
> "gnutls" [00007ff9a0003020] main tls client debug: resolving 192.168.1.14
> ... [00007ff9a0003020] gnutls tls client debug: TLS handshake: Resource
> temporarily unavailable, try again.
> [00007ff9a0003020] gnutls tls client debug: TLS handshake: Success.
> [00007ff9a0003020] gnutls tls client debug: - safe renegotiation (RFC5746)
> enabled
> [00007ff9a0003020] gnutls tls client debug: - extended master secret
> (RFC7627) enabled
> [00007ff9a0003020] gnutls tls client debug: - false start (RFC7918) enabled
> [00007ff9a0003020] gnutls tls client error: Certificate verification
> failure: The certificate is NOT trusted. The certificate issuer is unknown.
> The certificate chain uses insecure algorithm. The name in the certificate
> does not match the expected.
> [00007ff9a0003020] main tls client error: TLS session handshake error
> [00007ff9a0003020] main tls client error: connection error: Resource
> temporarily unavailable
> [00007ff9a0000ec0] stream_out_chromecast stream out error: cannot load the
> Chromecast controller (Failed to create client session)
> [00007ff9a0000ec0] main stream out debug: no sout stream modules matched
> [00007ff9a0000ec0] main stream out debug: destroying chain... (name=(null))
> [00007ff9a0000ec0] main stream out debug: destroying chain done
> [00007ff9a0000ba0] main stream output error: stream chain failed for
> `chromecast{ip=192.168.1.14}'
> [00007ff9a80009e0] main input error: cannot start stream output instance,
> aborting
> [0000558879f5d250] main playlist debug: dead input
> ...
>
> Apparently, on a windows machine you get a "trust this certificate" pop-up
> window and you are able to import the chromecast certificate.
That popup also exists in Linux. But it is not adequate to handle insecure
algorithms, only unknown or mismatched certificates.
> In Debian
> there isn't such window. How to accept the chromecast certificate?
The TLS support within VLC is identical for Windows and Linux. The difference
is the Windows version ships an older version of GnuTLS, than that in Debian.
Presumably, the server is using SHA-1 certificate signatures - which are being
phased out industry-wide, and no longer accepted by newer GnuTLS version.
I don't see how this is a VLC bug. It's actually working as intended. If you
think the diagnostic is wrong, then it's a problem with GnuTLS.
--
Rémi Denis-Courmont
More information about the pkg-multimedia-maintainers
mailing list