HTTP/TLS on libVLC Android

[Isleo]

Hi forum,

I am currently using libVLC Java Binding for Android. I tried a streaming video in HTTP and it works fine. However, if I try it with HTTPS, it doesn't work. I get the following errors:

Code: Select all

E/VLC: [b845cb58] gnutls tls session: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. D/VLC: [b845cb58] gnutls tls session: 5 certificate(s) in the list D/VLC: [b845cb58] gnutls tls session: no known certificates for 192.168.1.23 E/VLC: [b845cb58] core tls session: TLS client session handshake error E/VLC: [b8142e58] http access: cannot establish HTTP/TLS session D/VLC: [b8142e58] core access: no access modules matched E/VLC: [b8113f98] core input: open of `https://192.168.1.23/control/faststream.jpg?stream=MxPEG' failed E/VLC: [b8113f98] core input: Your input can't be opened E/VLC: [b8113f98] core input: VLC is unable to open the MRL 'https://192.168.1.23/control/faststream.jpg?stream=MxPEG'. Check the log for details.

Also, I have this code (in summary):

Code: Select all

try { libvlc = new LibVLC(); ArrayList<String> options = new ArrayList<String>(); options.add("-vvv"); options.add("--avformat-format=mxg"); //options.add("--http-ca=/sdcard/foo.pem"); Not working, it says "not exists" libvlc = new LibVLC(options); libvlc.setOnHardwareAccelerationError(this); MediaPlayer mMediaPlayer = new MediaPlayer(libvlc); final IVLCVout vout = mMediaPlayer.getVLCVout(); vout.setVideoView(mSurface); vout.addCallback(this); vout.attachViews(); Media m = new Media(libvlc, Uri.parse("https://192.168.1.23/control/faststream.jpg?stream=MxPEG")); mMediaPlayer.setMedia(m); mMediaPlayer.play(); } catch (Exception e) {}

In addition, I tried to install the certificate in my Android device like this: https://support.google.com/nexus/answer/2844832?hl=en

That is because I am tried to avoid Man in the Middle attacks. This software is going to be for security cameras. Here you have an example of them on a public streaming:
http://86.125.43.4/control/userimage.html

I am using libVLC because I need to play MxPEG format, that it is uncommon.

I would appreciate it if you could suggest me other way to do it or the solution itself. I also try downloading the file first and then, play it using the library, but it is a streaming, the file would be huge.

Thanks you in advance,

Isleo.

[Rémi Denis-Courmont]

I believe the error is fairly clear about what the problem is:

Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.

TLS can only protect against MITM if the certificate is verified.

[Isleo]

That's right. And trusted certificates are working. However, I want to use self-signed certificates. How can I archive that? Trying to recompile GnuTLS using something like GNUTLS_VERIFY_DISABLE_CA_SIGN?

[Rémi Denis-Courmont]

You need to install the CA where GnuTLS will find it. With self-signed certs, that means you need to install the certs themselves. And you need to ensure the CN matches.

Without those, TLS won't protect you against MITM attackers.

[Isleo]

Well, but on Android if you add a self-signed cert without doing it on the trusted section (you must root your device), GnuTLS is not going to find it out.