Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Search instead for 
Did you mean: 
bbrouse
Level 7

HLS Stream suddenly failing in production

We started experiencing streams failing to load in our production channel about 3 days ago. We use hls, and play through a roVideoPlayer object.

We store a cert file in the channel that is set on the video player, as well as the client certs:
this.player.SetCertificatesFile("our_cert_file")
this.player.InitClientCertificates()

 
Nothing has changed on our backend, but streams fail to playThe error code is different depending on which firmware version the Roku device is running. On version 7.2 the player returns "Unspecified or invalid track path/url". On version 7.5 the player returns an unknown error response: "An unexpected problem (but not server timeout or HTTP error) has been detected".

If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.


Does anyone know what could be happening here?
0 Kudos
3 Replies
ljunkie
Level 7

Re: HLS Stream suddenly failing in production

I immediately though this may have something to do with the 7.5 firmware timeout bug, but it sounds like it's related to the specific ca_cert you are trying to use.

Have you tested with an roUrlTransfer to see if it errors with reason? Here are a few examples of using the wrong invalid, mismatched and valid ca bundles. Note i've combined multiple code lines for easy of execution, but make it's ugly. Smiley Happy

url = "https://roku.com"
port = CreateObject("roMessagePort")

'' Invalid CA bundle
cert = "pkg:/certs/invalid-bundle.crt"
obj = CreateObject("roUrlTransfer")Smiley Surprisedbj.SetPort(port)Smiley Surprisedbj.SetUrl(url)Smiley Surprisedbj.SetCertificatesFile(cert)Smiley Surprisedbj.AsyncGetToString()Smiley Surprisedbj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile: /tmp/plugin/PIAAAAKH5uUG/pkg:/certs/invalid-bundle.crt
  CApath: none

'' Valid ca bundle, but wrong (not for the current url)
cert = "pkg:/certs/wrong-bundle.crt"
obj = CreateObject("roUrlTransfer")Smiley Surprisedbj.SetPort(port)Smiley Surprisedbj.SetUrl(url)Smiley Surprisedbj.SetCertificatesFile(cert)Smiley Surprisedbj.AsyncGetToString()Smiley Surprisedbj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-60 reason=SSL certificate problem: unable to get local issuer certificate

'' yeah... no ca file specified
cert = ""
obj = CreateObject("roUrlTransfer")Smiley Surprisedbj.SetPort(port)Smiley Surprisedbj.SetUrl(url)Smiley Surprisedbj.SetCertificatesFile(cert)Smiley Surprisedbj.AsyncGetToString()Smiley Surprisedbj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code=-77 reason=error setting certificate verify locations:
  CAfile:
  CApath: none

'' Default cert supplied - working
cert = "common:/certs/ca-bundle.crt"
obj = CreateObject("roUrlTransfer")Smiley Surprisedbj.SetPort(port)Smiley Surprisedbj.SetUrl(url)Smiley Surprisedbj.SetCertificatesFile(cert)Smiley Surprisedbj.AsyncGetToString()Smiley Surprisedbj.InitClientCertificates():event = wait(0, port)
?"code=";event.GetResponseCode();" reason=";event.GetFailureReason()
code= 200 reason=OK




If the two lines above are removed from the player, or if a dummy file is added to theSetCertificatesFile call then video playback works.


I can only assume the roVideoPlayer is just using the default cert when no cert is supplied to generally support https within the player.
0 Kudos
RokuMarkn
Level 7

Re: HLS Stream suddenly failing in production

What is the expiration date on your certificate?
0 Kudos
bbrouse
Level 7

Re: HLS Stream suddenly failing in production

Checking the cert itself it does appear to be expired, but has been working in production far passed it's expiration date, which is odd.

The failing streams are becoming increasingly harder to diagnose. For instance, the production channel fails to load a stream, and when it does the subtitles are not displaying; if the same exact code is run on a side loaded channel then the stream plays and the subtitles display. Differences in results across v7.2 and v7.5 only exacerbate the problem.
0 Kudos