Michael Niedermayer (HE12025-07-23): > the fix for this is to check crt.sh > > example: https://crt.sh/?q=ffmpeg.org > > and if there are or where correct certificates, reject the self signed one > otherwise allow self signed by default with a warning
“502 Bad Gateway” I doubt it can be a fix for anything. Anyway, that cannot be a fix: - the site could get compromised; - our users might not trust them; - the site could be down; - internet access might not be available; - the extra latency might be unacceptable; - … And it is our users' absolute right to access sites with self-signed or invalid certificate, starting with sites they operate themselves in test environments, without the say-so of any other site. Can somebody confirm there is an option to disable certificate checks (or at least turns them into a warning) that can be set by the caller for every protocol that ends in TLS? If not, that feature is not ready to be enabled by default. Also, I would prefer if there were at least one release cycle where the checks are done but not fatal, to let users adapt in their own time. Regards, -- Nicolas George _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
