SSL errrors with StartSSL cert

[Fmstrat 3]

Hi all,

 

I thought this might be an issue with the Android client at first, but I'm not so sure anymore. I'm running on Ubuntu, and I've got a cert from StartSSL, and I'm using it to secure my server. Only the HTTPS port is open to the public. Everything appears to work fine when using Firefox and the WebUI, but when connecting with Android, the server reports:

2015-05-04 00:49:18.8658 Error - HttpServer: Error in ProcessAccept
        *** Error Report ***
        Version: 3.0.5597.1
        Command line: /opt/mediabrowser/MediaBrowser.Server.Mono.exe -programdata /var/lib/mediabrowser
        Operating system: Unix 3.13.0.51
        Processor count: 2
        64-Bit OS: True
        64-Bit Process: True
        Program data path: /var/lib/mediabrowser
        Mono: 3.10.0 (tarball Wed Nov  5 12:50:04 UTC 2014)
        Application Path: /opt/mediabrowser/MediaBrowser.Server.Mono.exe
        The authentication or decryption has failed.
        System.IO.IOException
          at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
        InnerException: Mono.Security.Protocol.Tls.TlsException
        The authentication or decryption has failed.
          at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0

I've converted the cert and decrypted key in this way:

~# openssl pkcs12 -export -in host.cer -inkey host.decrypted.key -out host.pfx

I've also tried other random things like:

~# mozroots --import -–sync
~# openssl pkcs12 -in host.pfx -out certificate.p7b -nodes
~# certmgr -add -c Trust ./certificate.p7b
Mono Certificate Manager - version 3.10.0.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


Unhandled Exception:
System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found.
  at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool)
  at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found.
  at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool)
  at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0

I'm unsure why that would fail, too. Anyone have any ideas?

[psdl 5]

Hi all,

 

I thought this might be an issue with the Android client at first, but I'm not so sure anymore. I'm running on Ubuntu, and I've got a cert from StartSSL, and I'm using it to secure my server. Only the HTTPS port is open to the public. Everything appears to work fine when using Firefox and the WebUI, but when connecting with Android, the server reports:

2015-05-04 00:49:18.8658 Error - HttpServer: Error in ProcessAccept
        *** Error Report ***
        Version: 3.0.5597.1
        Command line: /opt/mediabrowser/MediaBrowser.Server.Mono.exe -programdata /var/lib/mediabrowser
        Operating system: Unix 3.13.0.51
        Processor count: 2
        64-Bit OS: True
        64-Bit Process: True
        Program data path: /var/lib/mediabrowser
        Mono: 3.10.0 (tarball Wed Nov  5 12:50:04 UTC 2014)
        Application Path: /opt/mediabrowser/MediaBrowser.Server.Mono.exe
        The authentication or decryption has failed.
        System.IO.IOException
          at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
        InnerException: Mono.Security.Protocol.Tls.TlsException
        The authentication or decryption has failed.
          at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
          at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0

I've converted the cert and decrypted key in this way:

~# openssl pkcs12 -export -in host.cer -inkey host.decrypted.key -out host.pfx

I've also tried other random things like:

~# mozroots --import -–sync
~# openssl pkcs12 -in host.pfx -out certificate.p7b -nodes
~# certmgr -add -c Trust ./certificate.p7b
Mono Certificate Manager - version 3.10.0.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


Unhandled Exception:
System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found.
  at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool)
  at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found.
  at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool)
  at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0

I'm unsure why that would fail, too. Anyone have any ideas?

 

You can't import your p7b file. Just import your normal "host.cer" file you generated with openssl.

I tried it and it was imported. But i have the same issue as you have. The authentication fails, but only when i play through the webclient on my iphone !

 

Hope we can find a solution.

[Fmstrat 3]

Yea, I figured out this morning that if there is an embedded key it fails. I had also tried importing the PEM and that worked fine. Same problem in CentOS 7 and also tried a cert from RapidSSL with the same error.

[psdl 5]

Ah ok.

 

Maybe tomorrow i will try to install manually since there is mono v4.

[psdl 5]

So i was looking at the mono-project side to download the mono version:

 

 

Mono on Linux before 3.12 by default didn’t trust any SSL certificates so you got errors when accessing HTTPS resources. This is not required anymore as 3.12 and later include a new tool that runs on package installation and syncs Mono’s certificate store with the system certificate store (on older versions you had to import Mozilla’s list of trusted certificates by running mozroots --import --sync). Some systems are configured in a way so that the necessary package isn’t pulled in when Mono is installed, in those cases make sure the ca-certificates-mono package is installed.

 

The is what you did. And after that you imported your own certificate into the mono-trust store, so to speak. Mmmh.

[Fmstrat 3]

Yea, I saw from other threads that Mono 3.12 slows things down a lot, and the devs recommend 3.10, which is what I have.

[Fmstrat 3]

I'm running this on a VM, so perhaps I will clone it and manually update Mono to see what happens, too.

[Fmstrat 3]

Darn. No luck. Tried this:

~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
~# echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list
~# apt-get update
~# apt-get install mono-devel mono-complete referenceassemblies-pcl ca-certificates-mono
~# dpkg -i /var/cache/apt/archives/mediabrowser_3.0.5597.1-0.bzr3774+201504301608~ubuntu14.04.1_all.deb
~# service mediabrowser start

Installing the latest version of mono ended up removing mediabrowser due to dependencies. As an attempt, I force installed it using dpkg, and everything runs smoothly. Unfortunately, the same SSL error comes up.

[jabbera 23]

We need to figure out if this is a mono issue or a media browser issue. The code is the same either way on our side. Can you try the same cert on a windows installation and see if your android device has the same issue?

 

It could also be a cert trust issue. If you use the cert from nginx or Apache do you get an error on the android device?

[jabbera 23]

So i was looking at the mono-project side to download the mono version:

 

 

The is what you did. And after that you imported your own certificate into the mono-trust store, so to speak. Mmmh.

This actually shouldn't matter for hosting ssl sites. You only need the cert store when you are an http client trying to validate a server certificate. In this case we are a server. We just present the cert and all intermediates (if mono fixed their bug) and the client does all the validation.

[Fmstrat 3]

We need to figure out if this is a mono issue or a media browser issue. The code is the same either way on our side. Can you try the same cert on a windows installation and see if your android device has the same issue?

 

It could also be a cert trust issue. If you use the cert from nginx or Apache do you get an error on the android device?

 

Hi Jabbera,

 

Thanks for responding. I realized this might be easier to track in GitHub, so I had just finished filing a ticket there and was going to post that here when I saw your response. In any event, it's here: https://github.com/MediaBrowser/MediaBrowser/issues/1097

 

The same cert in nginx or Apache works fine from Android. In fact, I can browse to the mediabrowser Web UI from Android and SSL works just fine.

 

Thanks.

[jabbera 23]

That points to the android client as the potential issue. I don't own any devices unfortunately. (iOS / Microsoft household)

[Fmstrat 3]

Actually, I should say, I have not tried using nginx as a reverse proxy to the HTTP port. I have only tried direct access. I know nginx as a proxy works with this specific cert, because I'm the one who started the first SSL tests for Plex and I was using the same certs: https://github.com/Fmstrat/plex-ssl

[Fmstrat 3]

That points to the android client as the potential issue. I don't own any devices unfortunately. (iOS / Microsoft household)

 

Would the server be spitting out an error if the Android client responded with something invalid? Also psdl reported his iPhone and playing a video creating the same situation.

[jabbera 23]

Either way, since it works fine everywhere else, all signs point to the android client or the way the android client interacts with mono from my 5 minute review of the issue.

 

I'd love to see if the android client can talk ssl to windows emby. No need for your full library just a small test if possible. If it can it would give whoever works on the issue a better starting point.

[jabbera 23]

Anything that causes the connection to terminate abnormally will log something in the log file most likely. We need to test these clients on windows emby ssl to point is in the right direction.

[Fmstrat 3]

I will set up a Win 8.1 VM to try it out. If this is easier to discuss on GitHub, just let me know and I'll post my results there, too.

[psdl 5]

Just to point out. I use my self signed certificates from my apache server. I also block the http port (8092) with my firewall. Masquerading is off.

[Fmstrat 3]

Anything that causes the connection to terminate abnormally will log something in the log file most likely. We need to test these clients on windows emby ssl to point is in the right direction.

 

Connecting to a Windows server with the Android client works flawlessly. Windows 8.1 Enterprise, fresh install, using the "unified" cert which is a combination of StartSSL CA, my certificate, and my decrypted key. This is the same file installed on the Linux server that the Android client does have problems with.

[psdl 5]

Hi,

 

today i started a streaming session with my computer over ssl and looked into my logs. The same error when using my iphone and the stream is not playing is appearing in the logs.

Other than on my iPhone, the stream is playing. But the errors are the same !

 

 

2015-05-05 15:21:31.6530 Info - UserManager: Authentication request for Peter has succeeded.
2015-05-05 15:21:34.7154 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal
2015-05-05 15:21:53.5842 Info - App: /opt/MediaBrowserServer/ProgramData-Server/ffmpeg/20150331/ffmpeg -fflags +genpts -i file:"/media/raid/filme/1080p/300: Rise of an Empire (2014).mkv" -map 0:0 -map 0:1 -map -0:s -codec:v:0 libvpx -force_key_frames expr:gte(t,n_forced*5) -vf "scale=min(iw\,720):trunc(ow/dar/2)*2" -pix_fmt yuv420p -speed 16 -quality good -profile:v 0 -slices 8 -crf 10 -qmin 0 -qmax 50 -maxrate:v 872001 -bufsize:v (872001*2) -b:v 872001 -vsync vfr -map_metadata -1 -threads 2 -codec:a:0 libvorbis -ab 128000 -af "aresample=async=1" -y "/opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm"
2015-05-05 15:22:06.2953 Error - App: Error streaming media. The client has most likely disconnected or transcoding has failed.
2015-05-05 15:22:06.2962 Error - HttpServer: Error in HttpListenerResponseWrapper: The object was used after being disposed.
    *** Error Report ***
    Version: 3.0.5597.1
    Command line: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe
    Operating system: Unix 3.19.5.200
    Processor count: 2
    64-Bit OS: True
    64-Bit Process: True
    Program data path: /opt/MediaBrowserServer/ProgramData-Server
    Mono: 4.0.1 (tarball Wed Apr 29 08:44:01 BST 2015)
    Application Path: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe
    The object was used after being disposed.
    System.ObjectDisposedException
      at Mono.Security.Protocol.Tls.SslStreamBase.checkDisposed () [0x00000] in <filename unknown>:0
      at Mono.Security.Protocol.Tls.SslStreamBase.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at System.Net.Security.SslStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback asyncCallback, System.Object asyncState) [0x00000] in <filename unknown>:0
      at System.Net.Security.SslStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
      at SocketHttpListener.Net.ResponseStream.InternalWrite (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
      at SocketHttpListener.Net.ResponseStream.Close () [0x00000] in <filename unknown>:0
      at MediaBrowser.Server.Implementations.HttpServer.SocketSharp.Extensions.CloseOutputStream (SocketHttpListener.Net.HttpListenerResponse response, ILogger logger) [0x00000] in <filename unknown>:0
    
2015-05-05 15:22:06.2962 Error - HttpAsyncTaskHandler: Error occured while Processing Request: The authentication or decryption has failed.
    *** Error Report ***
    Version: 3.0.5597.1
    Command line: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe
    Operating system: Unix 3.19.5.200
    Processor count: 2
    64-Bit OS: True
    64-Bit Process: True
    Program data path: /opt/MediaBrowserServer/ProgramData-Server
    Mono: 4.0.1 (tarball Wed Apr 29 08:44:01 BST 2015)
    Application Path: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe
    The authentication or decryption has failed.
    System.IO.IOException
      at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0
      at Mono.Security.Protocol.Tls.SslStreamBase.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at System.Net.Security.SslStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback asyncCallback, System.Object asyncState) [0x00000] in <filename unknown>:0
      at System.Net.Security.SslStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
      at SocketHttpListener.Net.ResponseStream.InternalWrite (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
      at SocketHttpListener.Net.ResponseStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
      at ServiceStack.Formats.HtmlFormat.SerializeToStream (IRequest request, System.Object response, IResponse httpRes) [0x00000] in <filename unknown>:0
      at ServiceStack.HttpResponseExtensionsInternal.WriteErrorToResponse (IResponse httpRes, IRequest httpReq, System.String contentType, System.String operationName, System.String errorMessage, System.Exception ex, Int32 statusCode) [0x00000] in <filename unknown>:0
      at ServiceStack.ServiceStackHost.OnUncaughtException (IRequest httpReq, IResponse httpRes, System.String operationName, System.Exception ex) [0x00000] in <filename unknown>:0
      at ServiceStack.HostContext.RaiseUncaughtException (IRequest httpReq, IResponse httpRes, System.String operationName, System.Exception ex) [0x00000] in <filename unknown>:0
      at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse response, System.Object result, ServiceStack.Web.ResponseSerializerDelegate defaultAction, IRequest request, System.Byte[] bodyPrefix, System.Byte[] bodySuffix) [0x00000] in <filename unknown>:0
      at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse httpRes, IRequest httpReq, System.Object result, System.Byte[] bodyPrefix, System.Byte[] bodySuffix) [0x00000] in <filename unknown>:0
      at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse httpRes, IRequest httpReq, System.Object result) [0x00000] in <filename unknown>:0
      at ServiceStack.Host.RestHandler+<>c__DisplayClass5.<ProcessRequestAsync>b__0 (System.Object response) [0x00000] in <filename unknown>:0
      at ServiceStack.Host.Handlers.ServiceStackHandlerBase.HandleResponse (System.Object response, System.Func`2 callback, System.Func`2 errorCallback) [0x00000] in <filename unknown>:0
    InnerException: System.IO.IOException
    Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: BeginWrite failure ---> System.Net.Sockets.SocketException: The socket is not connected
      at System.Net.Sockets.Socket.BeginSend (System.Byte[] buffer, Int32 offset, Int32 size, SocketFlags socket_flags, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      --- End of inner exception stack trace ---
      at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0
    InnerException: System.IO.IOException
    BeginWrite failure
      at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0
    InnerException: System.Net.Sockets.SocketException
    The socket is not connected
      at System.Net.Sockets.Socket.BeginSend (System.Byte[] buffer, Int32 offset, Int32 size, SocketFlags socket_flags, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
      at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0
    
2015-05-05 15:22:07.7455 Info - App: Killing ffmpeg process for /opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm
2015-05-05 15:22:07.8627 Info - App: Deleting partial stream file(s) /opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm
2015-05-05 15:22:07.8627 Info - App: FFMpeg exited with code 0
2015-05-05 15:22:15.2892 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal
2015-05-05 15:22:16.4251 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal

Edited May 5, 2015 by psdl

[jabbera 23]

This points to an issue with Mono most likely. As you can see, supporting ssl only needs 2 lines of code:

 

https://github.com/MediaBrowser/SocketHttpListener/blob/7610397d0489e99a735309ef0d0ebdb6ba6f585a/SocketHttpListener/Net/HttpConnection.cs#L54-L55

 

I'll try and come up with a smaller sample that we can send over to them.

[Fmstrat 3]

Under Ubuntu, I decided to try using nginx as an SSL proxy. This works flawlessly with Android, and in fact is significantly faster than the SSL service built into Emby (from the web console). Here is the nginx config I'm using:

server {
    listen 9999;
    server_name MYHOSTNAME.com;

    gzip             on;
    gzip_proxied     any;
    gzip_types       text/css text/plain text/xml application/xml application/javascript application/x-javascript text/javascript application/json text/$
    gzip_vary        on;

    ssl on;
    ssl_certificate /opt/certs/certificate.combined.cer;
    ssl_certificate_key /opt/certs/ssl.decrypted.key;
    ssl_session_cache shared:SSL:10m;

    location / {
        proxy_pass              http://localhost:8096;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect          http://$host:$server_port https://$host:$server_port;
    }
}

[Luke 37010]

Well done!

[Fmstrat 3]

This points to an issue with Mono most likely. As you can see, supporting ssl only needs 2 lines of code:

 

https://github.com/MediaBrowser/SocketHttpListener/blob/7610397d0489e99a735309ef0d0ebdb6ba6f585a/SocketHttpListener/Net/HttpConnection.cs#L54-L55

 

I'll try and come up with a smaller sample that we can send over to them.

 

As I look at this, I think we're reporting two separate issues. The original post is not specific to streaming, but specific to SSL negotiation.

[jabbera 23]

As I look at this, I think we're reporting two separate issues. The original post is not specific to streaming, but specific to SSL negotiation.

 

I don't know what you mean. The OP mentioned that ssl didn't work on his android client with an SSL cert. Using the same cert on Windows SSL worked. This points to an issue with mono or the way android interacts with mono. (The cert works in other words) The only thing we do to support SSL within the server is the two lines of code I pointed out, so it's unlikely to be in the socket listener library anywhere.