souphttpsrc SSL/TLS handling and default CA location

dorin at
Fri Jun 19 09:19:26 UTC 2020

I just hit the unlikely and unfortunate case where a source server relies on
a certificate authority that is not trusted by linux distros (Starfield G2 -
although it's trusted by all browsers). I need to fetch data from a https
url from that server, and it returns Unacceptable TLS certificate (6).

The problem now is that I think souphttpsrc is buggy and I can't find a
workaround. Things I've tried:
 - souphttpsrc ssl-strict=0 (no difference)

 - downloaded the Starfield G2 CA file and installed it to the default CA
   - $ curl https://server works fine, this confirms the CA is trusted now
   - using curlhttpsrc in gstreamer pipeline works fine
   - using souphttpsrc still throws TLS error (6)

- souphttpsrc ssl-ca-file=/tmp/sfig2.crt.pem (no difference)
- souphttpsrc ssl-ca-file=/tmp/sfig2.crt (no difference)
- souphttpsrc ssl-use-system-ca-file=1 (no difference)

How can I get souphttpsrc to read from the server?

Sent from:

More information about the gstreamer-devel mailing list