Certificate verification failure when play live with vlc

Question

Certificate verification failure when play live with vlc

meiyanz opened this issue 5 years ago · 5 comments

Issue Description:
Certificate verification failure when play live with vlc
Error log:
gnutls error: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown. The certificate chain uses not yet valid certificate. The name in the certificate does not match the expected.
main error: TLS session handshake error
main error: connection error: No error
access error: HTTP connection failure
Reproduce Rate: 100%.
The commit information: commit dfaa5e0
Reproduce:
$ git clone https://github.com/OpenVisualCloud/CDN-Transcode-Sample.git
$ cd CDN-Transcode-Sample
$ git reset --hard dfaa5e0
$ sudo -E ./script/install_dependency.sh
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ printf "[Service]\nEnvironment="HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy"\n" | sudo tee /etc/systemd/system/docker.service.d/proxy.conf
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
$ cd deployment
$ make build_kubernetes
$ cmake ../ -DNVODS=0 -DNLIVES=1
$ make
$ cd ../
$ mkdir -p /etc/systemd/system/kubelet.service.d/
$ printf "[Service]\nEnvironment="HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy"\n" | sudo tee /etc/systemd/system/kubelet.service.d/proxy.conf
$ ./script/Kubernetes_setup_master.sh
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep token: | awk '{print $2}'
$make volume
$make start_kubernetes
open vlc and play live : https://10.67.113.104/hls/media_0_0/index.m3u8

Answer 1 · 2020-06-11T23:23:09.000Z

This is expected. The sample generates a self-signed certificate. It's not trusted anywhere.
Please see if there is any option in vlc to disable certificate verification.

Answer 2 · 2020-06-12T02:07:58.000Z

I doesn't find any option to disable this certificate verification in VLC.
would you mind to ask which certificate verification it needed and how it is done.

Answer 3 · 2020-06-16T21:50:40.000Z

How it was done before?
There is no good way to make a self-signed certificate trusted on a different server.
The closest I can think of is to follow this process: https://github.com/OpenVisualCloud/Dockerfiles/wiki/BKM:-Setup-Private-Docker-Registry-with-Self-Signed-Certificates

The other alternative is to expose http instead for testing purpose only.

Answer 4 · 2020-06-18T06:33:44.000Z

there is a popup window to ask for your certificate when play live normally;
but there is no popup window when I play the live.

Answer 5 · 2020-06-20T04:07:10.000Z

This is strange. There is no change to how the container works.
@TangZhiZhen, could you check if anything is changed?