Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bbrouse
Visitor
‎11-17-2016 10:25 AM

HLS Stream suddenly failing in production

We started experiencing streams failing to load in our production channel about 3 days ago. We use hls, and play through a roVideoPlayer object.

We store a cert file in the channel that is set on the video player, as well as the client certs:
this.player.SetCertificatesFile("our_cert_file")
this.player.InitClientCertificates()

 
Nothing has changed on our backend, but streams fail to playThe error code is different depending on which firmware version the Roku device is running. On version 7.2 the player returns "Unspecified or invalid track path/url". On version 7.5 the player returns an unknown error response: "An unexpected problem (but not server timeout or HTTP error) has been detected".

If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.

Does anyone know what could be happening here?
0 Kudos
Reply
3 REPLIES 3
ljunkie
Visitor
‎11-17-2016 11:13 AM

Re: HLS Stream suddenly failing in production

I immediately though this may have something to do with the 7.5 firmware timeout bug, but it sounds like it's related to the specific ca_cert you are trying to use.

Have you tested with an roUrlTransfer to see if it errors with reason? Here are a few examples of using the wrong invalid, mismatched and valid ca bundles. Note i've combined multiple code lines for easy of execution, but make it's ugly. 🙂

url = "https://roku.com"
port = CreateObject("roMessagePort")

'' Invalid CA bundle
cert = "pkg:/certs/invalid-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile: /tmp/plugin/PIAAAAKH5uUG/pkg:/certs/invalid-bundle.crt
  CApath: none

'' Valid ca bundle, but wrong (not for the current url)
cert = "pkg:/certs/wrong-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-60 reason=SSL certificate problem: unable to get local issuer certificate

'' yeah... no ca file specified 
cert = ""
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile:
  CApath: none

'' Default cert supplied - working
cert = "common:/certs/ca-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code= 200 reason=OK




If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.


I can only assume the roVideoPlayer is just using the default cert when no cert is supplied to generally support https within the player.
0 Kudos
Reply
RokuMarkn
Visitor
‎11-17-2016 11:33 AM

Re: HLS Stream suddenly failing in production

What is the expiration date on your certificate?
0 Kudos
Reply
bbrouse
Visitor
‎11-18-2016 09:38 AM

Re: HLS Stream suddenly failing in production

Checking the cert itself it does appear to be expired, but has been working in production far passed it's expiration date, which is odd.

The failing streams are becoming increasingly harder to diagnose. For instance, the production channel fails to load a stream, and when it does the subtitles are not displaying; if the same exact code is run on a side loaded channel then the stream plays and the subtitles display. Differences in results across v7.2 and v7.5 only exacerbate the problem.
0 Kudos
Reply