HTTPS stream with self signed CA cert

VLC for Android and Chrome OS specific usage questions
obia
Blank Cone
Blank Cone
Posts: 20
Joined: 11 Apr 2014 13:34

HTTPS stream with self signed CA cert

Postby obia » 22 Mar 2015 20:12

I'm a bit lost now and hope to get some help here. I want to stream video from my Synology nas to the vlc app. I want to be my own Certificate Authority. This is what I've done:

1. Created my own root CA certificate
2. Successfully installed root CA cert on my Nexus 5
3. Created CSR on Synology nas
4. Created a signed certificate using the CSR and ny root CA
5. Imported the signed certificate on Synology

When browse to the nas in chrome (on the phone) I can see that the certificate is signed and secure.
But when I try to open a webdav link in vlc it is not working. The important row from the log is probably this:
Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.

Why is this happening and what do I need to do to get it working?

Here comes the complete log:

03-22 19:45:01.209 D/VLC/VideoPlayerActivity(15679): MediaRouter information : android.media.MediaRouter@1950b957
03-22 19:45:01.210 I/VLC/VideoPlayerActivity(15679): No secondary display detected
03-22 19:45:01.256 D/VLC/VideoPlayerActivity(15679): Hardware acceleration mode: 2
03-22 19:45:01.258 D/VLC/VideoPlayerActivity(15679): updateNavStatus: getChapterCountForTitle(0) = -1, getTitleCount() = -1
03-22 19:45:01.355 D/VLC/VideoPlayerActivity(15679): surfaceChanged: Surface(name=null)/@0xa6f2d04
03-22 19:45:01.367 D/VLC/AudioServiceContoller(15679): Service Connected
03-22 19:45:01.403 D/VLC/AudioService(15679): Updating widget
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Title https://mydyndnsname.org:5006/Film/Filmer/mymovie.avi
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Artist null
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Genre null
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Album null
03-22 19:45:01.406 D/VLC (15679): [ac4a8eb4] core generic: creating audio output
03-22 19:45:01.406 D/VLC (15679): [9dd3fdf4] core audio output: looking for audio output module matching "android_audiotrack": 4 candidates
03-22 19:45:01.406 D/VLC (15679): [9dd3fdf4] core audio output: using audio output module "android_audiotrack"
03-22 19:45:01.407 D/VLC (15679): [ac4a8eb4] core generic: keeping audio output
03-22 19:45:01.407 D/VLC (15679): [9fc387f4] core input: Creating an input for 'https://mydyndnsname.org:5006/Film/Filmer/mymovie.avi'
03-22 19:45:01.417 D/VLC (15679): [ac49bc34] core libvlc: meta ok for (null), need to fetch art
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for meta fetcher module matching "any": 0 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no meta fetcher modules
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: searching art for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for art finder module matching "any": 1 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no art finder modules matched
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for meta fetcher module matching "any": 0 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no meta fetcher modules
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: searching art for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for art finder module matching "any": 1 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no art finder modules matched
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: art not found for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: art not found for --- URL ---
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: using timeshift granularity of 50 MiB, in path '/tmp'
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: `https://user:pass@mydyndnsname.org:5006 ... ymovie.avi' gives access `https' demux `' path `user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi'
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: specified demux `any'
03-22 19:45:01.442 D/VLC (15679): [9fc387f4] core input: creating demux: access='https' demux='any' location='user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi' file='(null)'
03-22 19:45:01.442 D/VLC (15679): [af514194] core demux: looking for access_demux module matching "https": 7 candidates
03-22 19:45:01.442 D/VLC (15679): [af514194] core demux: no access_demux modules matched
03-22 19:45:01.448 D/VLC (15679): [9fc387f4] core input: creating access 'https' location='user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi', path='(null)'
03-22 19:45:01.448 D/VLC (15679): [af514194] core access: looking for access module matching "https": 18 candidates
03-22 19:45:01.449 D/VLC (15679): [af534074] core tls client: looking for tls client module matching "any": 1 candidates
03-22 19:45:01.449 D/VLC (15679): [af534074] gnutls tls client: using GnuTLS version 3.2.21
03-22 19:45:01.558 D/VLC (15679): [af534074] gnutls tls client: loaded 157 trusted CAs
03-22 19:45:01.558 D/VLC (15679): [af534074] core tls client: using tls client module "gnutls"
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: querying proxy for https://user:pass@mydyndnsname.org:5006 ... ymovie.avi
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: no proxy
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: http: server='mydyndnsname.org' port=5006 file='/Film/Filmer/mymovie.avi'
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: user='user'
03-22 19:45:01.559 D/VLC (15679): [af514194] core access: net: connecting to mydyndnsname.org port 5006
03-22 19:45:01.569 D/VLC (15679): [af514194] core access: connection succeeded (socket = 43)
03-22 19:45:01.569 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Resource temporarily unavailable, try again.
03-22 19:45:01.726 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: A TLS warning alert has been received.
03-22 19:45:01.738 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Resource temporarily unavailable, try again.
03-22 19:45:01.748 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Success.
03-22 19:45:01.749 E/VLC (15679): [af534554] gnutls tls session: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
03-22 19:45:01.749 D/VLC (15679): [af534554] gnutls tls session: 1 certificate(s) in the list
03-22 19:45:01.750 D/VLC (15679): [af534554] gnutls tls session: no known certificates for mydyndnsname.org
03-22 19:45:01.750 E/VLC (15679): [af534554] core tls session: TLS client session handshake error
03-22 19:45:01.750 E/VLC (15679): [af514194] http access: cannot establish HTTP/TLS session
03-22 19:45:01.769 D/VLC (15679): [af514194] core access: no access modules matched
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: open of `https://user:pass@mydyndnsname.org:5006 ... ymovie.avi' failed
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: Your input can't be opened
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: VLC is unable to open the MRL 'https://user:pass@mydyndnsname.org:5006 ... ymovie.avi'. Check the log for details.
03-22 19:45:01.771 I/VLC/VideoPlayerActivity(15679): MediaPlayerEncounteredError
03-22 19:45:01.795 I/VLC/VideoPlayerActivity(15679): MediaPlayerStopped
03-22 19:45:03.303 D/VLC (15679): [9dd3fdf4] core audio output: removing module "android_audiotrack"
03-22 19:45:03.304 D/VLC/VideoPlayerActivity(15679): Video paused - saving flag
03-22 19:45:03.323 D/VLC/VideoPlayerActivity(15679): surfaceDestroyed
03-22 19:45:03.363 D/VLC/AudioService(15679): Updating widget

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: HTTPS stream with self signed CA cert

Postby Jean-Baptiste Kempf » 22 Mar 2015 22:33

Unfortunately, there is no way, except you adding it to the Android CA storage.

Later, we'll allow you to bypass this.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

obia
Blank Cone
Blank Cone
Posts: 20
Joined: 11 Apr 2014 13:34

Re: HTTPS stream with self signed CA cert

Postby obia » 23 Mar 2015 10:48

Thanks for answering! As I suspected then. Any ETA on this?
It would be nice to allow "user" certs in VLC. Perhaps also the option to ignore ssl errors completely?

If I remove the CA root cert and instead generate a self signed certificate directly on the nas, which I then import to the Nexus phone, would that work or will that be handled the same?

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: HTTPS stream with self signed CA cert

Postby Jean-Baptiste Kempf » 23 Mar 2015 18:41

No ETA, so far.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

edwardw
Big Cone-huna
Big Cone-huna
Posts: 2346
Joined: 24 Jun 2012 23:36
VLC version: 3.0.0-git

Re: HTTPS stream with self signed CA cert

Postby edwardw » 18 Apr 2015 02:29

If you feel like doing a hack, you can recompile VLC with a flag (I think) to disable the certificate check.

obia
Blank Cone
Blank Cone
Posts: 20
Joined: 11 Apr 2014 13:34

Re: HTTPS stream with self signed CA cert

Postby obia » 04 Nov 2015 13:23

@edwardw: sorry for this late reply :) could you please share some more information about this. What flag and where to add it?

edwardw
Big Cone-huna
Big Cone-huna
Posts: 2346
Joined: 24 Jun 2012 23:36
VLC version: 3.0.0-git

Re: HTTPS stream with self signed CA cert

Postby edwardw » 05 Nov 2015 05:10

Check the config flags for gnutls in contrib.


Return to “VLC for Android and Chrome OS”

Who is online

Users browsing this forum: No registered users and 61 guests

cron