Playbin: SSL certificate checking

Maksim Liauchuk maksim_liauchuk at
Mon Mar 21 22:01:22 UTC 2022

Hi Nirbheek,

Thanks for valuable input.

I'm not 100% sure about OpenSSL, in fact I deal with Java bindings, which seem use gio-2.0 (see
Forgot to add, that I manually added that self-signed CA cert to Java cacerts. And can confirm it works because *after that* I'm able to fetch pages via HTTPS from the app. Thus I would assume native library is used for stream work.
May I ask for an advice where to look further please?

Probably not a surprise to yourself, but souphttpsrc isn't used in my setup.

 ELEMENT SETUP: URIDecodeBin: [uridecodebin0]
 SOURCE SETUP: BaseSrc: [source]
 ELEMENT SETUP: BaseSrc: [source]
 ELEMENT SETUP: Element: [typefindelement0]
 ELEMENT SETUP: DecodeBin: [decodebin0]
 ELEMENT SETUP: Element: [typefind]
 ELEMENT SETUP: Element: [queue2-0]
 ELEMENT SETUP: Element: [mpegaudioparse0]
 ELEMENT SETUP: Element: [avdec_mp3-0]
 ELEMENT SETUP: Element: [inputselector0]

 // event here

 ELEMENT SETUP: Element: [audiotee]
 ELEMENT SETUP: Bin: [abin]
 ELEMENT SETUP: Bin: [aconv]
 ELEMENT SETUP: BaseTransform: [resample]
 ELEMENT SETUP: BaseTransform: [conv]
 ELEMENT SETUP: BaseTransform: [identity]
 ELEMENT SETUP: Element: [aqueue]
 ELEMENT SETUP: BaseSink: [pulsesink1]

For a total newbie as myself, building custom alternative universal pipeline like above may be a dead end...

Looking forward hearing back from you.

Best regards,

  Maksim Liauchuk

On Mon, Mar 21, 2022, at 20:20, Nirbheek Chauhan wrote:
> On Mon, Mar 21, 2022 at 5:30 AM Maksim Liauchuk via gstreamer-devel
> <gstreamer-devel at> wrote:
>> Please bear with me if that's not a good channel for asking questions.
>> I use gstreamer as audio backend in my app. Playbin is easy to use and fulfills all my requirements.
>> Employer's Windows laptop has self-signed root CA cert, which is installed by IT automatically. Unfortunately, gstreamer doesn't see it and fails to play streams with "Secure connection setup failed" error. I tried also to put the cert into gstreamer/1.0/msvc_x86_64/etc/ssl/certs/, but still no luck.
>> Is there a way to disable strict SSL validation for Playbin? What I've seen so far is advice to switch over to souphttpsrc (, but that's something I'd like to avoid, as I work with both streams and local files.
>> Or maybe you could help to find out where gstreamer looks for certificates?
> Since you are using playbin, it's automatically plugging in some
> element to handle the HTTP URI in your app. If you are using the
> official MSI installers, it is likely souphttpsrc.
> What is confusing to me is that the OpenSSL that ships with the
> GStreamer installer already uses the CA cert that we ship in
> gstreamer/1.0/msvc_x86_64/etc/ssl/certs (path is picked up relative to
> the location of the openssl DLLs). Is it possible that your app is
> picking up some other OpenSSL? Or maybe you're using some other GIO
> module for glib-networking?
> If you want to set some property on the HTTP source element that is
> being autoplugged by playbin, you want to connect to the
> deep-element-added callback on playbin (all GstBins emit that), look
> for the source element being added, and set whatever properties you
> want on it. If it's souphttpsrc, you can set "ssl-ca-file" or
> "ssl-strict".
> Cheers,
> Nirbheek

More information about the gstreamer-devel mailing list