It should allow a user to safely add *additional* CAs in /storage/.config/cacert.pem without losing the benefit of existing system-supplied CA certs.
Would this work without typing in any commands? Only put my own cacert.pem in /storage/.config/ ?
Ah, I forgot sadly I only have an Odroid or Raspi for testing atm
When can I test that?^^
It makes things a little bit more laborious for clean installations, but it's ok for me. Thanks for your support!
Unfortunately there will be a few silent users dont know why their private davs connections dont work anymore when updating to leia. Finding the problem via log and landing on this script will take a while Maybe Kodi/yol (SSL Certificates Issues) will solve verifypeer=false-problems and give this option a checkbox in estuary, would be another more intuitive alternative.
Probably because I don't really understand all those certificate stuff
Welcome to the club A few weeks ago I even did not know that my NAS/webdavsserver has a cert^^ And now kodi wants me to add this f****g thing to its "cert-store" only to get connection again, that worked with Isengard till Krypton without doing anything - just adding webserver-adress and voilà...nice old times
but even with copying cacert.pem to ssl folder didn't make it work.
Did you try webdavs/https? Because in relation to sftp (if you tried this) there where also other changes i kodi I believe.
But you need to make folder /storage/ssl where you add/change files (as written in one of my post).
Ah, I missunderstood this. I just knocked the code from #6 in putty and then I replaced original cacert.pem-file with my modified one directly in etc/ssl via WinSCP (what worked temporary till next restart^^)
For understanding: this autostart.sh would only mount /etc/ssl/ (to make it writable)? How do I add/replace, in the next step, my modified cert.pem-file to /etc/ssl/?
Sorry for noob-questions, these commands are like chinese for me.
When I will reproduce the issue then will make better solution
That would be so marvelous!!! As I mentioned, adamg's code had sound very easy kodi: use provided ssl certificate if available · CoreELEC/[email protected] · GitHub , but did not work, so he throw it away. Maybe you have another idea.
/storage/.config/autostart.sh can script/apply changes at boot time
Ok, why not.. - although it sounds not very userfriendly imho to handle this problem.
How should this script look like?
Does only work till the next restart - kodi restores the original cacert.pem file after that.
So problem still exist...
Thanks, thats my personal problem - i did not know how to make it writable.
I will try that and report! And how do I unmount it again?
But nevertheless I think a generally feature without workaround would be useful. I wont be the only one with problems when changing to leia.
I dont know, I use my own webdavs server (https). This does not work any longer in leia because of cert-issue.
Try setting this variable in console and then restart kodi. Of course file must exists there.
Does not change anything
Maybe another option is to set verifypeer=false in sources.xml
That does not work with cleaning/adding files to the library. SSL Certificates Issues
You need a way to add your own cert.
Since changes in Kodi you have to add your server cert to kodi's cert store: [install_dir]\system\certs\cacert.pem in windows. In LE I found this file in /etc/ssl but I was not able to change it there (cannot write there). On Odroid I use CE and informed developer in CE Forum (HTTPS/FTP not working - Kodi - CoreELEC Forums) but Adamg patch did not worked kodi: use provided ssl certificate if available · CoreELEC/[email protected] · GitHub in spite of good idea.
Can you help to geht this working again since its a global problem? If your cert isn't added to kodi people will get:
CCurlFile::FillBuffer - Failed: Peer certificate cannot be authenticated with given CA certificates(60)
and cannot connect to their webdavs/sftp sources anymore.
This is my main problem with alphas since many many weeks and I hope somebody will fix this issue before RC.
thanks for your attention and happy new year
I have some trouble with hw playback (sw plays fine) hevc files on my box (self handbraked tv series), on the other hand odroid/raybuntu build works well. how can I send you a test file GDPR-2 ? Dont want to share it here public as a matter of law.
Hm ok, would have been been easier to me since I bought a new TV via Amazon
It's not about banned repo, I dont use those repos/addons and had also problems upgrading RTMP input addon on my second box (on the first it worked fine). I solved it by copying from the first box, but something went wrong from repo side.
With your builds (tested with 1.0.8 and 1.1.1), however, there are streams which I cannot choose by simply clicking "OK".
Thats not about adamgs build, I have the same issue on RBTV Addon - the live stream is not playable by clicking "OK" on other builds (odroid) in the younger past. So I have also workaround by context menu.