"User" certificates on newer android versions not used
Description
vlc android is not using the user installed CA certificates on newer? android versions. It's an gnuTLS issue, see here: https://gitlab.com/gnutls/gnutls/-/issues/1512
Expected behavior
it should also use "User" CA certificates
Actual behavior
it do not uses "User" CA certificates
Steps to reproduce
- generate an domain CA certificate & an correct client certificate for an ex.: IIS
- try to access https site with browser from an windows machine, to check site is secure and cert is ok (lock symbol in url bar)
- install the CA certificate manually on an android device (tested on android 10 & 11)
- try to access https site with browser from the android device, to check site is secure and cert is ok (lock symbol in url bar)
- use vlc-android (from playstore) or any other software on android which uses gnuTLS
- try to play an m3u8 playlist with vlc android from the webserver which url starts with https://...
- Now the error happens in gnutls, see actual results
Result: [7c02f630/12a7] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
I have checked the installed system certificates count which is 138 and gnutls is reporting also 138 are loaded. Missing the "1" single user certificate. Count should be 139.
Expected Results
vlc android should also load user certificates on android and use them!
After changing gnutls: lib/system/certs.c
old, doesn't work: ret = gnutls_x509_trust_list_add_trust_dir(list, "/data/misc/keychain/cacerts-added/",
new, works: ret = gnutls_x509_trust_list_add_trust_dir(list, "/data/misc/user/0/cacerts-added/",
So clearly the path has changed on newer android versions and doesn't work with current ones.
As stated above, it's an gnuTLS issue, see here: https://gitlab.com/gnutls/gnutls/-/issues/1512 Just for reference here because android vlc is using gnutls.
Code you used
Screenshot / video
Context
libvlc version
3.6.0
Android version
Same issue on 10 & 11