2019-01-18 9:46 GMT+01:00, Rodger Combs <rodger.co...@gmail.com>: > All other TLS wrappers now have a mechanism to load a system trust store > by default, without setting the cafile option. For Secure Transport and > Secure Channel, it's the OS. For OpenSSL and libtls, it's a path set at > compile-time. For GNUTLS, it's either a path set at compile-time, or the > OS trust store (if on macOS, iOS, or Windows). It's possible to configure > OpenSSL, GNUTLS, and libtls without a working trust store, but these are > broken configurations and I don't have a problem with requiring users with > that kind of install to either fix it, or explicitly opt in to insecure > behavior. mbedtls doesn't have a default trust store (it's assumed that the > application will provide one), so it continues to require the user to pass > in a path and enable verification manually.
I believe the current behaviour is more desirable as default for a multimedia library. Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
