LibVLC TLS client - Certificate verification failure
Hello guys,
I found interesting behavior with this live stream:
VLC Android 3.0.13 play this stream type fine, but LibVLC Android sample and my APP (with the same libVLC aar as the VLC Android) don't:
Logs from the Sample app (unsuccessful play):
2018-10-23 21:10:56.920 14648-14648/org.videolan.java_sample D/VLC: [c974f830/3938] libvlc input: Creating an input for 'broumov-namesti-big.m3u8'
2018-10-23 21:10:56.921 14648-14726/org.videolan.java_sample D/VLC: [c974f830/3986] libvlc input: using timeshift granularity of 50 MiB
2018-10-23 21:10:56.921 14648-14726/org.videolan.java_sample D/VLC: [c974f830/3986] libvlc input: using default timeshift path
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [c974f830/3986] libvlc input: `https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8' gives access `https' demux `any' path `postak.broum.net:8443/hls/broumov-namesti-big.m3u8'
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [dd016b70/3986] libvlc input source: creating demux: access='https' demux='any' location='postak.broum.net:8443/hls/broumov-namesti-big.m3u8' file='(null)'
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [dd016df0/3986] libvlc demux: looking for access_demux module matching "https": 6 candidates
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [dd016df0/3986] libvlc demux: no access_demux modules matched
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [e09641f0/3986] libvlc stream: creating access: https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [e09641f0/3986] libvlc stream: looking for access module matching "https": 20 candidates
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: looking for tls client module matching "any": 1 candidates
2018-10-23 21:10:56.922 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: using GnuTLS version 3.5.18
2018-10-23 21:10:56.967 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: loaded 137 trusted CAs from system
2018-10-23 21:10:56.967 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: using tls client module "gnutls"
2018-10-23 21:10:56.968 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: resolving postak.broum.net ...
2018-10-23 21:10:57.143 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: TLS handshake: Resource temporarily unavailable, try again.
2018-10-23 21:10:57.287 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: TLS handshake: Success.
2018-10-23 21:10:57.287 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: - safe renegotiation (RFC5746) enabled
2018-10-23 21:10:57.287 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: - false start (RFC7918) enabled
2018-10-23 21:10:57.288 14648-14726/org.videolan.java_sample E/VLC: [e49c2c30/3986] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-23 21:10:57.288 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: 1 certificate(s) in the list
2018-10-23 21:10:57.289 14648-14726/org.videolan.java_sample D/VLC: [e49c2c30/3986] libvlc tls client: no known certificates for postak.broum.net
2018-10-23 21:10:57.289 14648-14726/org.videolan.java_sample E/VLC: [e49c2c30/3986] libvlc tls client: TLS session handshake error
2018-10-23 21:10:57.289 14648-14726/org.videolan.java_sample E/VLC: [e49c2c30/3986] libvlc tls client: connection error: No such file or directory
2018-10-23 21:10:57.289 14648-14726/org.videolan.java_sample E/VLC: [e09641f0/3986] libvlc stream: HTTP connection failure
2018-10-23 21:10:57.300 14648-14726/org.videolan.java_sample D/VLC: [e09641f0/3986] libvlc stream: no access modules matched
2018-10-23 21:10:57.300 14648-14726/org.videolan.java_sample E/VLC: [c974f830/3986] libvlc input: Your input can't be opened
2018-10-23 21:10:57.300 14648-14726/org.videolan.java_sample E/VLC: [c974f830/3986] libvlc input: VLC is unable to open the MRL 'https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8'. Check the log for details.
Logs from My app (unsuccessful play):
2018-10-20 09:22:10.570 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [dcb74350/1e08] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-20 09:22:10.571 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [dcb74350/1e08] libvlc tls client: TLS session handshake error
2018-10-20 09:22:10.571 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [dcb74350/1e08] libvlc tls client: connection error: No such file or directory
2018-10-20 09:22:10.572 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [cbbc3f70/1e08] libvlc stream: HTTP connection failure
2018-10-20 09:22:10.586 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [cbfef830/1e08] libvlc input: Your input can't be opened
2018-10-20 09:22:10.586 32362-7688/cz.yetanotherview.webcamviewer.app.maintenance E/VLC: [cbfef830/1e08] libvlc input: VLC is unable to open the MRL 'https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8'. Check the log for details.
Logs from VLC Android 3.0.13 - debug build (success play):
2018-10-23 21:05:33.946 16687-16693/? W/SurfaceFlinger: Attempting to set client state on removed layer: org.videolan.vlc.debug/org.videolan.vlc.gui.MainActivity#1
2018-10-23 21:05:33.946 16687-16693/? W/SurfaceFlinger: Attempting to set client state on removed layer: Dim Layer for - Task=3236#0
2018-10-23 21:05:33.946 16687-16693/? W/SurfaceFlinger: Attempting to destroy on removed layer: org.videolan.vlc.debug/org.videolan.vlc.gui.MainActivity#1
2018-10-23 21:05:33.946 16687-16693/? W/SurfaceFlinger: Attempting to destroy on removed layer: Dim Layer for - Task=3236#0
2018-10-23 21:05:33.966 14305-14375/org.videolan.vlc.debug I/VLC/medialibrary: ../src/MediaLibrary.cpp:344 virtual MediaPtr medialibrary::MediaLibrary::media(const std::string &) const Fetching media from mrl: https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8
2018-10-23 21:05:33.972 14305-14376/org.videolan.vlc.debug I/VLC/medialibrary: ../src/MediaLibrary.cpp:344 virtual MediaPtr medialibrary::MediaLibrary::media(const std::string &) const Fetching media from mrl: https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8
2018-10-23 21:05:33.977 14305-14375/org.videolan.vlc.debug I/VLC/medialibrary: ../src/MediaLibrary.cpp:348 virtual MediaPtr medialibrary::MediaLibrary::media(const std::string &) const Found external media: https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8
2018-10-23 21:05:33.991 14305-14305/org.videolan.vlc.debug I/VLC/MediaDatabase: Media.Event.MetaChanged: 12
2018-10-23 21:05:33.991 14305-14305/org.videolan.vlc.debug I/VLC/MediaDatabase: Media.Event.MetaChanged: 12
2018-10-23 21:05:33.996 14305-14376/org.videolan.vlc.debug I/VLC/medialibrary: ../src/MediaLibrary.cpp:348 virtual MediaPtr medialibrary::MediaLibrary::media(const std::string &) const Found external media: https://postak.broum.net:8443/hls/broumov-namesti-big.m3u8
2018-10-23 21:05:34.259 14305-14372/org.videolan.vlc.debug E/VLC: [00000074d91a24d0/3824] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-23 21:05:34.344 14305-14305/org.videolan.vlc.debug I/VLC/MediaDatabase: Media.Event.ParsedChanged
2018-10-23 21:05:34.354 14305-14305/org.videolan.vlc.debug I/VLC/PlaybackService: MediaPlayer.Event.Playing
2018-10-23 21:05:34.362 14305-14305/org.videolan.vlc.debug W/AudioManager: Use of stream types is deprecated for operations other than volume control
2018-10-23 21:05:34.362 14305-14305/org.videolan.vlc.debug W/AudioManager: See the documentation of requestAudioFocus() for what to use instead with android.media.AudioAttributes to qualify your playback use case
2018-10-23 21:05:34.364 16754-24492/? I/MediaFocusControl: requestAudioFocus() from uid/pid 10233/14305 clientId=android.media.AudioManager@adc657eorg.videolan.vlc.PlaybackService$1@437cadf callingPack=org.videolan.vlc.debug req=1 flags=0x0 sdk=26
2018-10-23 21:05:34.455 14305-14305/org.videolan.vlc.debug I/TextInputLayout: EditText added is not a TextInputEditText. Please switch to using that class instead.
2018-10-23 21:05:34.484 14305-14380/org.videolan.vlc.debug E/VLC: [00000074c5cc5af0/382c] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-23 21:05:34.599 16927-16927/? W/StaticLayout: maxLineHeight should not be -1. maxLines:1 lineCount:1
2018-10-23 21:05:34.747 16927-16927/? I/chatty: uid=10033(com.android.systemui) identical 6 lines
2018-10-23 21:05:34.747 16927-16927/? W/StaticLayout: maxLineHeight should not be -1. maxLines:1 lineCount:1
2018-10-23 21:05:34.907 14305-14380/org.videolan.vlc.debug E/VLC: [00000074c5cc5af0/382c] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-23 21:05:35.255 14305-14380/org.videolan.vlc.debug I/chatty: uid=10233(org.videolan.vlc.debug) config_GetGener identical 1 line
2018-10-23 21:05:35.629 14305-14380/org.videolan.vlc.debug E/VLC: [00000074c5cc5af0/382c] libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
2018-10-23 21:05:35.727 14305-14372/org.videolan.vlc.debug E/VLC: [00000074c551a110/3824] libvlc decoder: buffer deadlock prevented
2018-10-23 21:05:35.727 14305-14372/org.videolan.vlc.debug E/VLC: [00000074c551ab90/3824] libvlc decoder: buffer deadlock prevented
VLC Android app logs multiple times this line:
libvlc tls client: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
but continue with playing... I know, that the problem is probably from self signed certificate, but the question is, how is it possible VLC App deals it with success result? :)
I tried inspect your implementation for something "special", but I was not successful :(