Fmstrat 3 Posted May 4, 2015 Share Posted May 4, 2015 Hi all, I thought this might be an issue with the Android client at first, but I'm not so sure anymore. I'm running on Ubuntu, and I've got a cert from StartSSL, and I'm using it to secure my server. Only the HTTPS port is open to the public. Everything appears to work fine when using Firefox and the WebUI, but when connecting with Android, the server reports: 2015-05-04 00:49:18.8658 Error - HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.0.5597.1 Command line: /opt/mediabrowser/MediaBrowser.Server.Mono.exe -programdata /var/lib/mediabrowser Operating system: Unix 3.13.0.51 Processor count: 2 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/mediabrowser Mono: 3.10.0 (tarball Wed Nov 5 12:50:04 UTC 2014) Application Path: /opt/mediabrowser/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 I've converted the cert and decrypted key in this way: ~# openssl pkcs12 -export -in host.cer -inkey host.decrypted.key -out host.pfx I've also tried other random things like: ~# mozroots --import -–sync ~# openssl pkcs12 -in host.pfx -out certificate.p7b -nodes ~# certmgr -add -c Trust ./certificate.p7b Mono Certificate Manager - version 3.10.0.0 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. Unhandled Exception: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found. at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool) at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found. at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool) at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0 I'm unsure why that would fail, too. Anyone have any ideas? Link to comment Share on other sites More sharing options...
psdl 5 Posted May 4, 2015 Share Posted May 4, 2015 Hi all, I thought this might be an issue with the Android client at first, but I'm not so sure anymore. I'm running on Ubuntu, and I've got a cert from StartSSL, and I'm using it to secure my server. Only the HTTPS port is open to the public. Everything appears to work fine when using Firefox and the WebUI, but when connecting with Android, the server reports: 2015-05-04 00:49:18.8658 Error - HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.0.5597.1 Command line: /opt/mediabrowser/MediaBrowser.Server.Mono.exe -programdata /var/lib/mediabrowser Operating system: Unix 3.13.0.51 Processor count: 2 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/mediabrowser Mono: 3.10.0 (tarball Wed Nov 5 12:50:04 UTC 2014) Application Path: /opt/mediabrowser/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 I've converted the cert and decrypted key in this way: ~# openssl pkcs12 -export -in host.cer -inkey host.decrypted.key -out host.pfx I've also tried other random things like: ~# mozroots --import -–sync ~# openssl pkcs12 -in host.pfx -out certificate.p7b -nodes ~# certmgr -add -c Trust ./certificate.p7b Mono Certificate Manager - version 3.10.0.0 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. Unhandled Exception: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found. at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool) at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Invalid encoding ---> System.FormatException: Invalid character found. at (wrapper managed-to-native) System.Convert:InternalFromBase64String (string,bool) at System.Convert.FromBase64String (System.String s) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.PEM (System.Byte[] data) [0x00000] in <filename unknown>:0 at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile (System.String filename) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.LoadCertificates (System.String filename, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Add (ObjectType type, Mono.Security.X509.X509Store store, System.String file, System.String password, Boolean verbose) [0x00000] in <filename unknown>:0 at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in <filename unknown>:0 I'm unsure why that would fail, too. Anyone have any ideas? You can't import your p7b file. Just import your normal "host.cer" file you generated with openssl. I tried it and it was imported. But i have the same issue as you have. The authentication fails, but only when i play through the webclient on my iphone ! Hope we can find a solution. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 Yea, I figured out this morning that if there is an embedded key it fails. I had also tried importing the PEM and that worked fine. Same problem in CentOS 7 and also tried a cert from RapidSSL with the same error. Link to comment Share on other sites More sharing options...
psdl 5 Posted May 4, 2015 Share Posted May 4, 2015 Ah ok. Maybe tomorrow i will try to install manually since there is mono v4. Link to comment Share on other sites More sharing options...
psdl 5 Posted May 4, 2015 Share Posted May 4, 2015 So i was looking at the mono-project side to download the mono version: Mono on Linux before 3.12 by default didn’t trust any SSL certificates so you got errors when accessing HTTPS resources. This is not required anymore as 3.12 and later include a new tool that runs on package installation and syncs Mono’s certificate store with the system certificate store (on older versions you had to import Mozilla’s list of trusted certificates by running mozroots --import --sync). Some systems are configured in a way so that the necessary package isn’t pulled in when Mono is installed, in those cases make sure the ca-certificates-mono package is installed. The is what you did. And after that you imported your own certificate into the mono-trust store, so to speak. Mmmh. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 Yea, I saw from other threads that Mono 3.12 slows things down a lot, and the devs recommend 3.10, which is what I have. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 I'm running this on a VM, so perhaps I will clone it and manually update Mono to see what happens, too. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 Darn. No luck. Tried this: ~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF ~# echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list ~# apt-get update ~# apt-get install mono-devel mono-complete referenceassemblies-pcl ca-certificates-mono ~# dpkg -i /var/cache/apt/archives/mediabrowser_3.0.5597.1-0.bzr3774+201504301608~ubuntu14.04.1_all.deb ~# service mediabrowser start Installing the latest version of mono ended up removing mediabrowser due to dependencies. As an attempt, I force installed it using dpkg, and everything runs smoothly. Unfortunately, the same SSL error comes up. Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 4, 2015 Share Posted May 4, 2015 We need to figure out if this is a mono issue or a media browser issue. The code is the same either way on our side. Can you try the same cert on a windows installation and see if your android device has the same issue? It could also be a cert trust issue. If you use the cert from nginx or Apache do you get an error on the android device? Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 4, 2015 Share Posted May 4, 2015 So i was looking at the mono-project side to download the mono version: The is what you did. And after that you imported your own certificate into the mono-trust store, so to speak. Mmmh. This actually shouldn't matter for hosting ssl sites. You only need the cert store when you are an http client trying to validate a server certificate. In this case we are a server. We just present the cert and all intermediates (if mono fixed their bug) and the client does all the validation. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 We need to figure out if this is a mono issue or a media browser issue. The code is the same either way on our side. Can you try the same cert on a windows installation and see if your android device has the same issue? It could also be a cert trust issue. If you use the cert from nginx or Apache do you get an error on the android device? Hi Jabbera, Thanks for responding. I realized this might be easier to track in GitHub, so I had just finished filing a ticket there and was going to post that here when I saw your response. In any event, it's here: https://github.com/MediaBrowser/MediaBrowser/issues/1097 The same cert in nginx or Apache works fine from Android. In fact, I can browse to the mediabrowser Web UI from Android and SSL works just fine. Thanks. Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 4, 2015 Share Posted May 4, 2015 That points to the android client as the potential issue. I don't own any devices unfortunately. (iOS / Microsoft household) Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 Actually, I should say, I have not tried using nginx as a reverse proxy to the HTTP port. I have only tried direct access. I know nginx as a proxy works with this specific cert, because I'm the one who started the first SSL tests for Plex and I was using the same certs: https://github.com/Fmstrat/plex-ssl Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 That points to the android client as the potential issue. I don't own any devices unfortunately. (iOS / Microsoft household) Would the server be spitting out an error if the Android client responded with something invalid? Also psdl reported his iPhone and playing a video creating the same situation. Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 4, 2015 Share Posted May 4, 2015 Either way, since it works fine everywhere else, all signs point to the android client or the way the android client interacts with mono from my 5 minute review of the issue. I'd love to see if the android client can talk ssl to windows emby. No need for your full library just a small test if possible. If it can it would give whoever works on the issue a better starting point. Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 4, 2015 Share Posted May 4, 2015 Anything that causes the connection to terminate abnormally will log something in the log file most likely. We need to test these clients on windows emby ssl to point is in the right direction. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 4, 2015 Author Share Posted May 4, 2015 I will set up a Win 8.1 VM to try it out. If this is easier to discuss on GitHub, just let me know and I'll post my results there, too. Link to comment Share on other sites More sharing options...
psdl 5 Posted May 4, 2015 Share Posted May 4, 2015 Just to point out. I use my self signed certificates from my apache server. I also block the http port (8092) with my firewall. Masquerading is off. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 5, 2015 Author Share Posted May 5, 2015 Anything that causes the connection to terminate abnormally will log something in the log file most likely. We need to test these clients on windows emby ssl to point is in the right direction. Connecting to a Windows server with the Android client works flawlessly. Windows 8.1 Enterprise, fresh install, using the "unified" cert which is a combination of StartSSL CA, my certificate, and my decrypted key. This is the same file installed on the Linux server that the Android client does have problems with. Link to comment Share on other sites More sharing options...
psdl 5 Posted May 5, 2015 Share Posted May 5, 2015 (edited) Hi, today i started a streaming session with my computer over ssl and looked into my logs. The same error when using my iphone and the stream is not playing is appearing in the logs. Other than on my iPhone, the stream is playing. But the errors are the same ! 2015-05-05 15:21:31.6530 Info - UserManager: Authentication request for Peter has succeeded.2015-05-05 15:21:34.7154 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal2015-05-05 15:21:53.5842 Info - App: /opt/MediaBrowserServer/ProgramData-Server/ffmpeg/20150331/ffmpeg -fflags +genpts -i file:"/media/raid/filme/1080p/300: Rise of an Empire (2014).mkv" -map 0:0 -map 0:1 -map -0:s -codec:v:0 libvpx -force_key_frames expr:gte(t,n_forced*5) -vf "scale=min(iw\,720):trunc(ow/dar/2)*2" -pix_fmt yuv420p -speed 16 -quality good -profile:v 0 -slices 8 -crf 10 -qmin 0 -qmax 50 -maxrate:v 872001 -bufsize:v (872001*2) -b:v 872001 -vsync vfr -map_metadata -1 -threads 2 -codec:a:0 libvorbis -ab 128000 -af "aresample=async=1" -y "/opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm"2015-05-05 15:22:06.2953 Error - App: Error streaming media. The client has most likely disconnected or transcoding has failed.2015-05-05 15:22:06.2962 Error - HttpServer: Error in HttpListenerResponseWrapper: The object was used after being disposed. *** Error Report *** Version: 3.0.5597.1 Command line: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe Operating system: Unix 3.19.5.200 Processor count: 2 64-Bit OS: True 64-Bit Process: True Program data path: /opt/MediaBrowserServer/ProgramData-Server Mono: 4.0.1 (tarball Wed Apr 29 08:44:01 BST 2015) Application Path: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe The object was used after being disposed. System.ObjectDisposedException at Mono.Security.Protocol.Tls.SslStreamBase.checkDisposed () [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at System.Net.Security.SslStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback asyncCallback, System.Object asyncState) [0x00000] in <filename unknown>:0 at System.Net.Security.SslStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0 at SocketHttpListener.Net.ResponseStream.InternalWrite (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0 at SocketHttpListener.Net.ResponseStream.Close () [0x00000] in <filename unknown>:0 at MediaBrowser.Server.Implementations.HttpServer.SocketSharp.Extensions.CloseOutputStream (SocketHttpListener.Net.HttpListenerResponse response, ILogger logger) [0x00000] in <filename unknown>:0 2015-05-05 15:22:06.2962 Error - HttpAsyncTaskHandler: Error occured while Processing Request: The authentication or decryption has failed. *** Error Report *** Version: 3.0.5597.1 Command line: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe Operating system: Unix 3.19.5.200 Processor count: 2 64-Bit OS: True 64-Bit Process: True Program data path: /opt/MediaBrowserServer/ProgramData-Server Mono: 4.0.1 (tarball Wed Apr 29 08:44:01 BST 2015) Application Path: /opt/MediaBrowserServer/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at System.Net.Security.SslStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 count, System.AsyncCallback asyncCallback, System.Object asyncState) [0x00000] in <filename unknown>:0 at System.Net.Security.SslStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0 at SocketHttpListener.Net.ResponseStream.InternalWrite (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0 at SocketHttpListener.Net.ResponseStream.Write (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0 at ServiceStack.Formats.HtmlFormat.SerializeToStream (IRequest request, System.Object response, IResponse httpRes) [0x00000] in <filename unknown>:0 at ServiceStack.HttpResponseExtensionsInternal.WriteErrorToResponse (IResponse httpRes, IRequest httpReq, System.String contentType, System.String operationName, System.String errorMessage, System.Exception ex, Int32 statusCode) [0x00000] in <filename unknown>:0 at ServiceStack.ServiceStackHost.OnUncaughtException (IRequest httpReq, IResponse httpRes, System.String operationName, System.Exception ex) [0x00000] in <filename unknown>:0 at ServiceStack.HostContext.RaiseUncaughtException (IRequest httpReq, IResponse httpRes, System.String operationName, System.Exception ex) [0x00000] in <filename unknown>:0 at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse response, System.Object result, ServiceStack.Web.ResponseSerializerDelegate defaultAction, IRequest request, System.Byte[] bodyPrefix, System.Byte[] bodySuffix) [0x00000] in <filename unknown>:0 at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse httpRes, IRequest httpReq, System.Object result, System.Byte[] bodyPrefix, System.Byte[] bodySuffix) [0x00000] in <filename unknown>:0 at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse (IResponse httpRes, IRequest httpReq, System.Object result) [0x00000] in <filename unknown>:0 at ServiceStack.Host.RestHandler+<>c__DisplayClass5.<ProcessRequestAsync>b__0 (System.Object response) [0x00000] in <filename unknown>:0 at ServiceStack.Host.Handlers.ServiceStackHandlerBase.HandleResponse (System.Object response, System.Func`2 callback, System.Func`2 errorCallback) [0x00000] in <filename unknown>:0 InnerException: System.IO.IOException Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: BeginWrite failure ---> System.Net.Sockets.SocketException: The socket is not connected at System.Net.Sockets.Socket.BeginSend (System.Byte[] buffer, Int32 offset, Int32 size, SocketFlags socket_flags, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: System.IO.IOException BeginWrite failure at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.InternalBeginWrite (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: System.Net.Sockets.SocketException The socket is not connected at System.Net.Sockets.Socket.BeginSend (System.Byte[] buffer, Int32 offset, Int32 size, SocketFlags socket_flags, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, Int32 offset, Int32 size, System.AsyncCallback callback, System.Object state) [0x00000] in <filename unknown>:0 2015-05-05 15:22:07.7455 Info - App: Killing ffmpeg process for /opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm2015-05-05 15:22:07.8627 Info - App: Deleting partial stream file(s) /opt/MediaBrowserServer/ProgramData-Server/transcoding-temp/d4c3bf5d7fdb0e0f32d35d8806b209be.webm2015-05-05 15:22:07.8627 Info - App: FFMpeg exited with code 02015-05-05 15:22:15.2892 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal2015-05-05 15:22:16.4251 Error - HttpServer: Error in SharpWebSocket: An exception has occurred while receiving a message.. Exception.Message: Internal error (no progress possible) ReadInternal Edited May 5, 2015 by psdl Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 5, 2015 Share Posted May 5, 2015 This points to an issue with Mono most likely. As you can see, supporting ssl only needs 2 lines of code: https://github.com/MediaBrowser/SocketHttpListener/blob/7610397d0489e99a735309ef0d0ebdb6ba6f585a/SocketHttpListener/Net/HttpConnection.cs#L54-L55 I'll try and come up with a smaller sample that we can send over to them. Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 5, 2015 Author Share Posted May 5, 2015 Under Ubuntu, I decided to try using nginx as an SSL proxy. This works flawlessly with Android, and in fact is significantly faster than the SSL service built into Emby (from the web console). Here is the nginx config I'm using: server { listen 9999; server_name MYHOSTNAME.com; gzip on; gzip_proxied any; gzip_types text/css text/plain text/xml application/xml application/javascript application/x-javascript text/javascript application/json text/$ gzip_vary on; ssl on; ssl_certificate /opt/certs/certificate.combined.cer; ssl_certificate_key /opt/certs/ssl.decrypted.key; ssl_session_cache shared:SSL:10m; location / { proxy_pass http://localhost:8096; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http://$host:$server_port https://$host:$server_port; } } 1 Link to comment Share on other sites More sharing options...
Luke 37098 Posted May 5, 2015 Share Posted May 5, 2015 Well done! Link to comment Share on other sites More sharing options...
Fmstrat 3 Posted May 5, 2015 Author Share Posted May 5, 2015 This points to an issue with Mono most likely. As you can see, supporting ssl only needs 2 lines of code: https://github.com/MediaBrowser/SocketHttpListener/blob/7610397d0489e99a735309ef0d0ebdb6ba6f585a/SocketHttpListener/Net/HttpConnection.cs#L54-L55 I'll try and come up with a smaller sample that we can send over to them. As I look at this, I think we're reporting two separate issues. The original post is not specific to streaming, but specific to SSL negotiation. Link to comment Share on other sites More sharing options...
jabbera 23 Posted May 5, 2015 Share Posted May 5, 2015 As I look at this, I think we're reporting two separate issues. The original post is not specific to streaming, but specific to SSL negotiation. I don't know what you mean. The OP mentioned that ssl didn't work on his android client with an SSL cert. Using the same cert on Windows SSL worked. This points to an issue with mono or the way android interacts with mono. (The cert works in other words) The only thing we do to support SSL within the server is the two lines of code I pointed out, so it's unlikely to be in the socket listener library anywhere. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now