
bbrouse
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2016
10:25 AM
HLS Stream suddenly failing in production
We started experiencing streams failing to load in our production channel about 3 days ago. We use hls, and play through a roVideoPlayer object.
We store a cert file in the channel that is set on the video player, as well as the client certs:
Nothing has changed on our backend, but streams fail to play. The error code is different depending on which firmware version the Roku device is running. On version 7.2 the player returns "Unspecified or invalid track path/url". On version 7.5 the player returns an unknown error response: "An unexpected problem (but not server timeout or HTTP error) has been detected".
If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.
Does anyone know what could be happening here?
We store a cert file in the channel that is set on the video player, as well as the client certs:
this.player.SetCertificatesFile("our_cert_file")
this.player.InitClientCertificates()
Nothing has changed on our backend, but streams fail to play. The error code is different depending on which firmware version the Roku device is running. On version 7.2 the player returns "Unspecified or invalid track path/url". On version 7.5 the player returns an unknown error response: "An unexpected problem (but not server timeout or HTTP error) has been detected".
If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.
Does anyone know what could be happening here?
3 REPLIES 3
ljunkie
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2016
11:13 AM
Re: HLS Stream suddenly failing in production
I immediately though this may have something to do with the 7.5 firmware timeout bug, but it sounds like it's related to the specific ca_cert you are trying to use.
Have you tested with an roUrlTransfer to see if it errors with reason? Here are a few examples of using the wrong invalid, mismatched and valid ca bundles. Note i've combined multiple code lines for easy of execution, but make it's ugly. 🙂
I can only assume the roVideoPlayer is just using the default cert when no cert is supplied to generally support https within the player.
Have you tested with an roUrlTransfer to see if it errors with reason? Here are a few examples of using the wrong invalid, mismatched and valid ca bundles. Note i've combined multiple code lines for easy of execution, but make it's ugly. 🙂
url = "https://roku.com"
port = CreateObject("roMessagePort")
'' Invalid CA bundle
cert = "pkg:/certs/invalid-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
CAfile: /tmp/plugin/PIAAAAKH5uUG/pkg:/certs/invalid-bundle.crt
CApath: none
'' Valid ca bundle, but wrong (not for the current url)
cert = "pkg:/certs/wrong-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-60 reason=SSL certificate problem: unable to get local issuer certificate
'' yeah... no ca file specified
cert = ""
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
CAfile:
CApath: none
'' Default cert supplied - working
cert = "common:/certs/ca-bundle.crt"
obj = CreateObject("roUrlTransfer"):obj.SetPort(port):obj.SetUrl(url):obj.SetCertificatesFile(cert):obj.AsyncGetToString():obj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code= 200 reason=OK
If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.
I can only assume the roVideoPlayer is just using the default cert when no cert is supplied to generally support https within the player.

RokuMarkn
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2016
11:33 AM
Re: HLS Stream suddenly failing in production
What is the expiration date on your certificate?

bbrouse
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2016
09:38 AM
Re: HLS Stream suddenly failing in production
Checking the cert itself it does appear to be expired, but has been working in production far passed it's expiration date, which is odd.
The failing streams are becoming increasingly harder to diagnose. For instance, the production channel fails to load a stream, and when it does the subtitles are not displaying; if the same exact code is run on a side loaded channel then the stream plays and the subtitles display. Differences in results across v7.2 and v7.5 only exacerbate the problem.
The failing streams are becoming increasingly harder to diagnose. For instance, the production channel fails to load a stream, and when it does the subtitles are not displaying; if the same exact code is run on a side loaded channel then the stream plays and the subtitles display. Differences in results across v7.2 and v7.5 only exacerbate the problem.