Playing from https with untrusted certificate fails

This forum is about all development around libVLC.
Sylver
New Cone
New Cone
Posts: 4
Joined: 29 Sep 2009 07:48
Operating System: Mac OS / iOS

Playing from https with untrusted certificate fails

Postby Sylver » 06 Oct 2010 13:52

Hello,
I'm working on a project to view on iPhone/iPad videos that are stored on some local network disks using http interface (I'm using libVLC and MobileVLCKit from source code of VLC for iPad) !
Thanks to the help of Pierre, I managed to make some modifications to pass needed cookies from authentication (will post the patch to vlc-devel soon) and now all is working well using http, but when I switch to https, it's not working anymore :?

I think that it may be related to the fact that my server is using an untrusted server certificate, but I'm not an expert and I have no idea of where to start ...
Here is the verbose log in case someone could confirm the origin of the problem :

[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mVLC media player - 1.2.0-git Twoflowere[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mCopyright © 1996-2010 the VideoLAN teame[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mrevision exportede[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mconfigured with /Users/sylver/Documents/iPhone/DS-Browse/vlc/configure '--prefix=/Users/sylver/Documents/iPhone/DS-Browse/vlc/install-ios-OS' '--host=arm-apple-darwin10' '--enable-debug' '--disable-shared' '--enable-static' '--disable-macosx' '--disable-macosx-defaults' '--disable-macosx-vout' '--disable-macosx-dialog-provider' '--disable-macosx-qtcapture' '--disable-macosx-eyetv' '--disable-macosx-vlc-app' '--with-macosx-sdk=' '--enable-audioqueue' '--enable-ios-vout' '--enable-avcodec' '--enable-avformat' '--enable-swscale' '--enable-faad' '--disable-mad' '--disable-a52' '--disable-fribidi' '--disable-macosx-audio' '--disable-qt4' '--disable-skins2' '--disable-libgcrypt' '--disable-remoteosd' '--disable-vcd' '--disable-postproc' '--disable-vlc' '--disable-vlm' '--disable-httpd' '--disable-nls' '--disable-glx' '--disable-visual' '--disable-lua' '--disable-sse' '--disable-neon' '--disable-mmx' 'host_alias=arm-apple-darwin10' 'CC=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc-4.2' 'CFLAGS=-isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.0.sdk -arch armv7 -miphoneos-version-min=4.0 -mno-thumb' 'LDFLAGS=-L/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.0.sdk/usr/lib -arch armv7' 'CPPFLAGS=-isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.0.sdk -arch armv7 -miphoneos-version-min=4.0 -mno-thumb' 'CPP=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/cpp-4.2' 'CXX=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/g++-4.2' 'CXXFLAGS=-isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.0.sdk -arch armv7 -miphoneos-version-min=4.0 -mno-thumb' 'OBJC=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc-4.2' 'OBJCFLAGS=-isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.0.sdk -arch armv7 -miphoneos-version-min=4.0 -mno-thumb' 'CONTRIB_DIR=/Users/sylver/Documents/iPhone/DS-Browse/vlc/extras/contrib/hosts/arm-apple-darwin10/ios' 'CXXCPP=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/cpp-4.2' 'AVCODEC_CFLAGS=-I/Users/sylver/Documents/iPhone/DS-Browse/vlc/install-ios-OSinclude' 'AVCODEC_LIBS=-L/Users/sylver/Documents/iPhone/DS-Browse/vlc/install-ios-OSlib -lavcodec -lavutil -lz' 'AVFORMAT_CFLAGS=-I/Users/sylver/Documents/iPhone/DS-Browse/vlc/install-ios-OSinclude' 'AVFORMAT_LIBS=-L/Users/sylver/Documents/iPhone/DS-Browse/vlc/install-ios-OSlib -lavcodec -lz -lavutil -lavformat'e[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mtranslation test: code is "C"e[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mchecking plugin modulese[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mloading plugins cache file /var/mobile/Applications/52EC6EE2-3955-4849-9380-A5C346DB0B82/plugins/plugins-04041e-1000000.date[0m
[e[32;1m0x7dc85b4e[0m] main libvlc warning: e[0;33mcannot read /var/mobile/Applications/52EC6EE2-3955-4849-9380-A5C346DB0B82/plugins/plugins-04041e-1000000.dat (No such file or directory)e[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mrecursively browsing `/var/mobile/Applications/52EC6EE2-3955-4849-9380-A5C346DB0B82/plugins'e[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0msaving plugins cache /var/mobile/Applications/52EC6EE2-3955-4849-9380-A5C346DB0B82/plugins/plugins-04041e-1000000.date[0m
[e[32;1m0x7dc85b4e[0m] main libvlc debug: e[0mmodule bank initialized (260 modules)e[0m
[0x7dc85b4] main libvlc debug: CPU has capabilities NEONv1
[0x7dc85b4] main libvlc debug: looking for memcpy module: 1 candidate
[0x7dc85b4] main libvlc debug: using memcpy module "dummy"
[0xfe1fa4] main interface debug: looking for interface module: 0 candidates
[0xfe1fa4] main interface debug: no interface module matched "hotkeys,none"
[0xfe1fa4] main interface debug: TIMER module_need() : 0.535 ms - Total 0.535 ms / 1 intvls (Avg 0.535 ms)
[0xfe1fa4] main interface error: no suitable interface module
[0xfe9ed4] main input debug: Creating an input for 'https://192.168.1.9:5001/video.avi'
[0xfe9ed4] main input debug: thread (input) created at priority 22 (/Users/sylver/Documents/iPhone/DS-Browse/vlc/src/input/input.c:214)
[0xfe9ed4] main input debug: thread started
[0xfe9ed4] main input debug: using timeshift granularity of 50 MiB
[0xfe9ed4] main input debug: using timeshift path '/tmp'
[0xfe9ed4] main input debug: `https://192.168.1.9:5001/video.avi' gives access `https' demux `' path `192.168.1.9:5001/video.avi'
[0xfe9ed4] main input debug: creating demux: access='https' demux='' location='192.168.1.9:5001/video.avi' file='(null)'
[0x7d4a894] main demux debug: looking for access_demux module: 0 candidates
[0x7d4a894] main demux debug: no access_demux module matched "https"
[0x7d4a894] main demux debug: TIMER module_need() : 0.639 ms - Total 0.639 ms / 1 intvls (Avg 0.639 ms)
[0xfe04c4] main playlist debug: no fetch required for (null) (art currently (null))
[0xfe9ed4] main input debug: creating access 'https' location='192.168.1.9:5001/video.avi', path='(null)'
[0x7d4a894] main access debug: looking for access module: 1 candidate
[0x7d4a894] access_http access debug: http: server='192.168.1.9' port=5001 file='/video.avi'
[0x7d4a894] main access debug: net: connecting to 192.168.1.9 port 5001
[0x7d4ae64] main demux meta debug: looking for meta fetcher module: 0 candidates
[0x7d4ae64] main demux meta debug: no meta fetcher module matched "any"
[0x7d4ae64] main demux meta debug: TIMER module_need() : 0.594 ms - Total 0.594 ms / 1 intvls (Avg 0.594 ms)
[0xfe04c4] main playlist debug: searching art for https://192.168.1.9:5001/video.avi
[0x7d4b024] main art finder debug: looking for art finder module: 1 candidate
[0x7d4b024] main art finder debug: no art finder module matching "any" could be loaded
[0x7d4b024] main art finder debug: TIMER module_need() : 0.823 ms - Total 0.823 ms / 1 intvls (Avg 0.823 ms)
[0xfe04c4] main playlist debug: art not found for https://192.168.1.9:5001/video.avi
[0x7d4a894] main access debug: connection succeeded (socket = 14)
[0x7d4ae64] main tls client debug: requested server name: 192.168.1.9
[0x7d4ae64] main tls client debug: looking for tls client module: 0 candidates
[0x7d4ae64] main tls client debug: no tls client module matched "any"
[0x7d4ae64] main tls client debug: TIMER module_need() : 0.450 ms - Total 0.450 ms / 1 intvls (Avg 0.450 ms)
[0x7d4ae64] main tls client error: TLS client plugin not available
[0x7d4a894] access_http access error: cannot establish HTTP/TLS session
[0x7d4a894] main access debug: no access module matching "https" could be loaded
[0x7d4a894] main access debug: TIMER module_need() : 26.764 ms - Total 26.764 ms / 1 intvls (Avg 26.764 ms)
[0x7d4a894] main access debug: waitpipe: object killed
[0xfe9ed4] main input error: open of `https://192.168.1.9:5001/video.avi' failed: (null)
[0xfe9ed4] main input error: Your input can't be opened
[0xfe9ed4] main input error: VLC is unable to open the MRL 'https://192.168.1.9:5001/video.avi'. Check the log for details.
[0xfe9ed4] main input debug: thread ended

Of course everything is working well when using my safari browser to get the file (but it tell me that the certificate is untrusted)
Once everything will be sorted out and cleaned, I'll post the source code of my application ;)
Thanks,
Sylver

Rémi Denis-Courmont
Developer
Developer
Posts: 15266
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Playing from https with untrusted certificate fails

Postby Rémi Denis-Courmont » 06 Oct 2010 19:37

You need to provision the appropriate certificate as trusted on the device. I have no clue how that's done on iPad.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Sylver
New Cone
New Cone
Posts: 4
Joined: 29 Sep 2009 07:48
Operating System: Mac OS / iOS

Re: Playing from https with untrusted certificate fails

Postby Sylver » 06 Oct 2010 22:38

You need to provision the appropriate certificate as trusted on the device. I have no clue how that's done on iPad.
Thanks Rémi for your answer ! I've seen in code headers that you are the one who coded the TLS part ;)

You can provision the iPhone and the iPad with the same tool (iPhone configuration utility), but it's quite a complicated thing for most people !

Using standard iPhone NSURLRequest class, I found the way to accept untrusted certificates, and I'd like to be able to do the same with libVLC ! But I guess that it would require some parts of the protocol that is not implemented ? I know nothing about TLS protocol, but if someone could point a document explaining in a simple way what is needed in this case, I could try to hack the code ...

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: Playing from https with untrusted certificate fails

Postby Jean-Baptiste Kempf » 11 Oct 2010 00:34

look at the gnutls.c code then.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.


Return to “Development around libVLC”

Who is online

Users browsing this forum: No registered users and 13 guests