Flash Player cannot connect to RTMPS with error NetConnection.Connect.CertificateUntrustedSigner

[electroteque]

Flash cannot connect to RTMPS, it seems they have killed self signed certificate servers. Get an error

NetConnection.Connect.CertificateUntrustedSigner

Article about it here

 http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf

"Because Flash Player does not itself implement SSL, all behavior related to certificate verification is
determined by the browser. This approach simplifies administration of the client, but it may also result in some
variation in behavior between different browsers and operating systems. For example, the symmetric key size
and the specific algorithm used for an SSL connection are negotiated by the browser. Similarly, Flash Player
does not handle client behavior for certificates that are expired, revoked, self-signed, or do not match the URL
of a requested resource. "

What do you think ?

[paul]

Seems a bit odd to me, since I tested this in 9.0.124.. but Ill look into when I get a chance. I dont however consider this a bug in Red5 since the choice of self-signed vs. paid is the owners to make.

[electroteque]

I only discovered this for bench testing so cannot connect to rtmps. I'm thinking more a bug in how the keystore generates maybe ? I've already added the certificate "red5server.cer" into the keychans on osx without much luck.

My system is OSX and testing with Flash Player 10 / Flex 3.

I also can't seem to make a connection with the RTMPTClient.

I get the usual ssl cert confirm in the browser but can load the https url ok.

[aclarke]

Hi Dan, sorry to do this to you, but:

Hi. As part of an effort to clean up our bug database we're resolving issues that haven't been commented on for a while as incomplete, and asking the filer to please reverify the bug in the current tip of tree. Sorry about that, but we need your help.

To reopen, make sure the bug is still happening, and then please upload as much information to help us. In fact, the best thing you can do is:
1) give steps to reproduce
2) give log files/data that shows problem
3) write a JUnit test that reproduces the issue
4) submit a patch

bugs that do all 4 will get attention the fastest.

Thanks,

- Art

[electroteque]

Hi, i think its a change in how flash player 10 handles SSL certificates.

[SWF] Volumes:Henry:www:Flash:FLVPlayer:bin:VODTestPlayer.swf - 827 bytes after decompression
[SWF] Volumes:Henry:www:Flash:FLVPlayer:bin:VODTestPlayer.swf - 610,881 bytes after decompression
1/25/2009 23:20:57.858 [INFO] VODSubscriber STARTUP: VODTestPlayer0:initialize
1/25/2009 23:20:59.173 [DEBUG] Connect Connecting to  rtmps://localhost:8443/playlistTest
1/25/2009 23:20:59.260 [DEBUG] VODSubscriber NetConnection.Connect.CertificateUntrustedSigner
1/25/2009 23:20:59.589 [INFO] Connect Couldnt connect to  rtmps://localhost:8443/playlistTest
1/25/2009 23:20:59.590 [DEBUG] VODSubscriber NetConnection.Connect.Failed

I cannot test any further because I do not have access to be using real ssl ceriticates. This used to be working for self signed certificates. I tried everything, I could and the certificate is in my keychain also. I still think there is a problem somewhere that could be resolve, somehow along the lines of rtmps / ssl communication with the player ?

There is no server error, purely a flash issue, but obviouslly rtmps is not working out of the box !

Also none of the webapps are accessible when loading https I get a 404 when I do this  https://localhost:8443/playlistTest/

[electroteque]

Can we please leave this one open, the rtmps protocol is not working obviouslly !

[aclarke]

Yup; you've confirmed the issue; But I'm punting it to RC3 at the earliest.

[mondain]

I can't seem to get self-signed certs to work at all, even when installed as trusted within windows. I will try this again once I get a real certificate.

[mondain]

Fixed in 0.9 RC3