steini 1 Posted April 13, 2015 Posted April 13, 2015 (edited) Hey guys, loving the new plugin! I have been scratching my head for the last few days getting https working I always get this error when I try to use https: 20:19:15 T:139821167138560 NOTICE: Unable to connect to xxxx.xxx:8920 : [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) 20:19:15 T:139821167138560 NOTICE: emby DownloadUtils -> Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 783, in __bootstrap self.__bootstrap_inner() File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "/home/steini/.kodi/addons/Emby.Kodi-master/resources/lib/UserClient.py", line 310, in run self.authenticate() File "/home/steini/.kodi/addons/Emby.Kodi-master/resources/lib/UserClient.py", line 239, in authenticate resp = self.doUtils.downloadUrl(url, postBody=messageData, type="POST", authenticate=False) File "/home/steini/.kodi/addons/Emby.Kodi-master/resources/lib/DownloadUtils.py", line 223, in downloadUrl conn.request(method=type, url=urlPath, body=postBody, headers=head) File "/usr/lib/python2.7/httplib.py", line 1001, in request self._send_request(method, url, body, headers) File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request self.endheaders(body) File "/usr/lib/python2.7/httplib.py", line 997, in endheaders self._send_output(message_body) File "/usr/lib/python2.7/httplib.py", line 850, in _send_output self.send(msg) File "/usr/lib/python2.7/httplib.py", line 812, in send self.connect() File "/usr/lib/python2.7/httplib.py", line 1212, in connect server_hostname=server_hostname) File "/usr/lib/python2.7/ssl.py", line 350, in wrap_socket _context=self) File "/usr/lib/python2.7/ssl.py", line 566, in __init__ self.do_handshake() File "/usr/lib/python2.7/ssl.py", line 788, in do_handshake self._sslobj.do_handshake() SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) I have tried certs from startssl and comodo but they both fail the verification; When I try to test the cert with this command "openssl s_client -CApath /etc/ssl/certs/ -connect xxxx.xxxx:8920 I get this error: Verify return code: 21 (unable to verify the first certificate) It works fine in Chrome, but I have tried every combination of building the certs for Emby without success. Either I'm always making the same mistakes or Emby server just does not send the whole chain of trust in the pfx cert? Either way I think it could be a good idea to allow self signed certs since most users are not going to be buying a real certificate anyway. It is my understanding that python recently started to validate ssl certs by default, but I dont know when. It is broken on my Arch install which is running python 2.7.9 and python 3.4.3 but it's working fine on the latest Openelec running python 2.7.3 This is not a problem for most users yet.. but It would be great to allow self signed certs so that installs wont break when python gets updated Thanks Edited April 13, 2015 by steini
Angelblue05 4132 Posted April 13, 2015 Posted April 13, 2015 (edited) HTTPS wasn't implemented until the version I just posted 0.0.25. Can you give it a try and report back your findings with a full log (debug set to info)? Thanks It will help me put the final touches for HTTPS. Edited April 13, 2015 by Angelblue05
steini 1 Posted April 13, 2015 Author Posted April 13, 2015 sure here it is: http://pastebin.com/AYV8KCWn
Recommended Posts