search

Syncplay / syncplay

Client/server to synchronize media playback on mpv/VLC/MPC-HC/MPC-BE on many computers
http://syncplay.pl/
Apache License 2.0
2.15k stars 215 forks source link

TLS more..... #248

Closed fmohican closed 5 years ago

fmohican commented 5 years ago

It's possible to add support for more format like PKCS#7, DER, PKCS#12, and support for self-signed certificate (single cert. or CA)

Thanks!

daniel-123 commented 5 years ago

While adding support for multiple certificate formats would be feasible, I don't really see a good enough justification for it:

With regards to the second part about self-signed "single cert. or CA": it's not completely clear to me what you mean. I assume you mean two scenarios:

Second scenario of those two will already work. Only extra step is that clients also need to add your CA to their trusted CA bundle.

With regards to first scenario with self-signed cert I have similar opinion as with certificate formats - it is feasible, but I see little justification:

fmohican commented 5 years ago
  • Complete certificate chain, but signed with your own CA.

Second scenario of those two will already work. Only extra step is that clients also need to add your CA to their trusted CA bundle.

That will work in my case, but will be nice if we can just have TSL (or only TSL), without 'server validation', just to crypt packages, also i already have my own free domain (.ml/.ga/.tk), with Let's Encrypt. However Let's Encrypt issues format PEM format but with extension ".crt" & ".key" (in term of format ins't any difference), but syncplay work only with .pem extension.

Will be nice if server had a config file and a GUI, to set all thing, after just register as "services" (on windows).

Thanks for quick answer. That help me a lot, i was unsure about "own CA scenario". Thanks for make crystal clear.

daniel-123 commented 5 years ago

However Let's Encrypt issues format PEM format but with extension ".crt" & ".key"

On two servers where I have it deployed Let's Encrypt client (certbot on Linux) creates following files: cert.pem chain.pem fullchain.pem privkey.pem. I always assumed this is the default and that's the reason why Syncplay specifically looks for those filenames. Are you using some other Let's Encrypt client?

While a GUI for server is probably not going to happen any time soon, a configuration file for server has been an idea that's floating around.

fmohican commented 5 years ago

I'm on windows atm, and certbot isn't work as excepted, so i use an website that generate cert for you https://www.sslforfree.com/ , i just add *.domain.tld and domain.tld, put text-records and done. The site generate via let's encrypt API, 3 filescertificate.crt, chain.crt and private.key

I didn't have time to setup an automation like certbot, or look over other clients like.... However that is my personal case. //edit: My case its "apart", my ISP assign Dynamic IP, so i need to use a tool like Dynu to update records every time, Dynu have an API, i need to setup more "complicated" thing to update cert with Let's Encrypt clients, so simple way its just to update it manual every 3m.

daniel-123 commented 5 years ago

Dynamic IP

That's just a side note that gets slightly offtopic: IP address isn't anywhere in the cert. So if you have a dynamic IP, but on top of it a dynamic DNS service which updates the IP your domain name points at - the certificates will work exactly the same way as for static IPs.

fmohican commented 5 years ago

Yes i know that, but think like that nameserver are setted to dynamic ip server (dynu) witch have own API, to create valid cert, we need to add TXT record to dynu's server, so i need to make 3rd party app to get txt from certbot (or other clients of Let's Encrypt) and update record on Dynu server.