HTTP/TLS on libVLC Android

This forum is about all development around libVLC.
Isleo
New Cone
New Cone
Posts: 6
Joined: 23 Aug 2016 11:38

HTTP/TLS on libVLC Android

Postby Isleo » 23 Aug 2016 12:05

Hi forum,

I am currently using libVLC Java Binding for Android. I tried a streaming video in HTTP and it works fine. However, if I try it with HTTPS, it doesn't work. I get the following errors:

Code: Select all

E/VLC: [b845cb58] gnutls tls session: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. D/VLC: [b845cb58] gnutls tls session: 5 certificate(s) in the list D/VLC: [b845cb58] gnutls tls session: no known certificates for 192.168.1.23 E/VLC: [b845cb58] core tls session: TLS client session handshake error E/VLC: [b8142e58] http access: cannot establish HTTP/TLS session D/VLC: [b8142e58] core access: no access modules matched E/VLC: [b8113f98] core input: open of `https://192.168.1.23/control/faststream.jpg?stream=MxPEG' failed E/VLC: [b8113f98] core input: Your input can't be opened E/VLC: [b8113f98] core input: VLC is unable to open the MRL 'https://192.168.1.23/control/faststream.jpg?stream=MxPEG'. Check the log for details.
Also, I have this code (in summary):

Code: Select all

try { libvlc = new LibVLC(); ArrayList<String> options = new ArrayList<String>(); options.add("-vvv"); options.add("--avformat-format=mxg"); //options.add("--http-ca=/sdcard/foo.pem"); Not working, it says "not exists" libvlc = new LibVLC(options); libvlc.setOnHardwareAccelerationError(this); MediaPlayer mMediaPlayer = new MediaPlayer(libvlc); final IVLCVout vout = mMediaPlayer.getVLCVout(); vout.setVideoView(mSurface); vout.addCallback(this); vout.attachViews(); Media m = new Media(libvlc, Uri.parse("https://192.168.1.23/control/faststream.jpg?stream=MxPEG")); mMediaPlayer.setMedia(m); mMediaPlayer.play(); } catch (Exception e) {}
In addition, I tried to install the certificate in my Android device like this: https://support.google.com/nexus/answer/2844832?hl=en

That is because I am tried to avoid Man in the Middle attacks. This software is going to be for security cameras. Here you have an example of them on a public streaming:
http://86.125.43.4/control/userimage.html

I am using libVLC because I need to play MxPEG format, that it is uncommon.

I would appreciate it if you could suggest me other way to do it or the solution itself. I also try downloading the file first and then, play it using the library, but it is a streaming, the file would be huge.

Thanks you in advance,

Isleo.

Rémi Denis-Courmont
Developer
Developer
Posts: 15267
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: HTTP/TLS on libVLC Android

Postby Rémi Denis-Courmont » 24 Aug 2016 10:28

I believe the error is fairly clear about what the problem is:
Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
TLS can only protect against MITM if the certificate is verified.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Isleo
New Cone
New Cone
Posts: 6
Joined: 23 Aug 2016 11:38

Re: HTTP/TLS on libVLC Android

Postby Isleo » 25 Aug 2016 13:07

That's right. And trusted certificates are working. However, I want to use self-signed certificates. How can I archive that? Trying to recompile GnuTLS using something like GNUTLS_VERIFY_DISABLE_CA_SIGN?

Rémi Denis-Courmont
Developer
Developer
Posts: 15267
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: HTTP/TLS on libVLC Android

Postby Rémi Denis-Courmont » 25 Aug 2016 15:23

You need to install the CA where GnuTLS will find it. With self-signed certs, that means you need to install the certs themselves. And you need to ensure the CN matches.

Without those, TLS won't protect you against MITM attackers.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Isleo
New Cone
New Cone
Posts: 6
Joined: 23 Aug 2016 11:38

Re: HTTP/TLS on libVLC Android

Postby Isleo » 25 Aug 2016 15:28

Well, but on Android if you add a self-signed cert without doing it on the trusted section (you must root your device), GnuTLS is not going to find it out.


Return to “Development around libVLC”

Who is online

Users browsing this forum: No registered users and 6 guests