Roku Community

bbrouse · ‎11-17-2016

We started experiencing streams failing to load in our production channel about 3 days ago. We use hls, and play through a roVideoPlayer object.

We store a cert file in the channel that is set on the video player, as well as the client certs:

this.player.SetCertificatesFile("our_cert_file")
this.player.InitClientCertificates()

Nothing has changed on our backend, but streams fail to play. The error code is different depending on which firmware version the Roku device is running. On version 7.2 the player returns "Unspecified or invalid track path/url". On version 7.5 the player returns an unknown error response: "An unexpected problem (but not server timeout or HTTP error) has been detected".

If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.

Does anyone know what could be happening here?

ljunkie · ‎11-17-2016

I immediately though this may have something to do with the 7.5 firmware timeout bug, but it sounds like it's related to the specific ca_cert you are trying to use.

Have you tested with an roUrlTransfer to see if it errors with reason? Here are a few examples of using the wrong invalid, mismatched and valid ca bundles. Note i've combined multiple code lines for easy of execution, but make it's ugly. 🙂

url = "https://roku.com"
port = CreateObject("roMessagePort")

'' Invalid CA bundle
cert = "pkg:/certs/invalid-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile: /tmp/plugin/PIAAAAKH5uUG/pkg:/certs/invalid-bundle.crt
  CApath: none

'' Valid ca bundle, but wrong (not for the current url)
cert = "pkg:/certs/wrong-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-60 reason=SSL certificate problem: unable to get local issuer certificate

'' yeah... no ca file specified 
cert = ""
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile:
  CApath: none

'' Default cert supplied - working
cert = "common:/certs/ca-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code= 200 reason=OK

If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.

I can only assume the roVideoPlayer is just using the default cert when no cert is supplied to generally support https within the player.

RokuMarkn · ‎11-17-2016

What is the expiration date on your certificate?

bbrouse · ‎11-18-2016

Checking the cert itself it does appear to be expired, but has been working in production far passed it's expiration date, which is odd.

The failing streams are becoming increasingly harder to diagnose. For instance, the production channel fails to load a stream, and when it does the subtitles are not displaying; if the same exact code is run on a side loaded channel then the stream plays and the subtitles display. Differences in results across v7.2 and v7.5 only exacerbate the problem.

Roku Community

Roku Developer Program

HLS Stream suddenly failing in production

Re: HLS Stream suddenly failing in production

Re: HLS Stream suddenly failing in production

Re: HLS Stream suddenly failing in production