Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ssl err #742

Closed
thedtvn opened this issue Oct 22, 2023 · 9 comments
Closed

Ssl err #742

thedtvn opened this issue Oct 22, 2023 · 9 comments

Comments

@thedtvn
Copy link

thedtvn commented Oct 22, 2023

Describe the bug
javax.net.ssl.SSLPeerUnverifiedException: Hostname audio4-gm-fb.spotifycdn.com not verified:
certificate: sha256/mikb4l8fq5rYJv+AdSiChROLrTKpCEENcVFH4engaDw=
DN: CN=audio-gm-off.spotifycdn.com
subjectAltNames: [audio-gm-off.spotifycdn.com]

To Reproduce
get track audio

Expected behavior
Can get Audio
Screenshots/Stracktraces/Logs

  • am use sentry
    image

Version/Commit
xyz.gianlu.librespot:librespot-lib:1.6.3
@manfreddz
Copy link

I have the same problem. I think I managed to throw together an ugly workaround. It could also work as a hint if someone more knowledgeable wants to fix this properly.

skip_audio4-gm-fb.patch.gz

@tagdara
Copy link
Contributor

tagdara commented Oct 28, 2023

After several days of watching this problem happen, I finally walked through the code enough to understand where it's coming from. Spotify provides a list of viable CDN's, and librespot chooses one at random. audio4-gm-fb.spotifycdn.com uses both the new 'Expires' format, has a bad cert that does not match its name, and can't serve the chunk requests anyway.

So even though there have been PR's for both the new Expires format, and work-arounds for the mismatched cert, the only actual solution is to pull it out of the rotation. I'll submit separate PR for this soon but in the meantime I'm using the following workaround in CdnFeedHelper.java:

 @NotNull
    private static HttpUrl getUrl(@NotNull Session session, @NotNull StorageResolveResponse resp) {
        String selectedUrl = resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount()));
        while (selectedUrl.contains("audio4-gm-fb")) {
            LOGGER.warn("getUrl picked CDN with known issues {} (forcing re-selection)", selectedUrl );
            selectedUrl = resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount()));
        }
        return HttpUrl.get(selectedUrl);
        // return HttpUrl.get(resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount())));
    }

@peterdk
Copy link

peterdk commented Oct 28, 2023
edited
Loading

@tagdara Thanks, that change helped me get my Spocon installation working again.

I changed the file according to the snippet and then ran a mvn package, and the jar is then found in the subfolder's target dir. I added that to the install dir of Spocon on my Ubuntu server, and replaced the original jar with it.

Now playing without issues for a few hours already!

@a-mahr
Copy link

a-mahr commented Oct 29, 2023
edited
Loading

https://community.spotify.com/t5/Spotify-for-Developers/spotifycdn-com-SSL-Cert-error/m-p/5659363#M11297

@charleywright
Copy link

Just hit this today:

ERROR CdnManager:321 - Failed requesting chunk from network, index: 7                                                                              
javax.net.ssl.SSLPeerUnverifiedException: Hostname audio4-gm-fb.spotifycdn.com not verified:                                                                               
    certificate: sha256/F1cDKqo299xpNogpffCQtgb/TI8o4t+d6mlsIUJgsug=                                                                                                       
    DN: CN=audio-gm-off.spotifycdn.com                                                                                                                                     
    subjectAltNames: [audio-gm-off.spotifycdn.com]

The fix posted by @tagdara works perfectly.

openssl s_client -connect audio4-gm-fb.spotifycdn.com:443 -verify_hostname audio4-gm-fb.spotifycdn.com

indeed shows a hostname mismatch, I guess spotify pushed something bad to prod.

@Fummowo
Copy link

Fummowo commented Nov 11, 2023

I'm sry for the silly question, but I don't know java...
on which line do I put this snippet? @tagdara

@a-mahr
Copy link

a-mahr commented Nov 11, 2023
edited
Loading

@Fummowo https://github.com/librespot-org/librespot-java/blob/dev/lib/src/main/java/xyz/gianlu/librespot/audio/cdn/CdnFeedHelper.java

it’s pretty close to the top of this file, you’re replacing the body of the method, you can fully replace lines 47-50. I’d make a PR but don’t want to take it from @tagdara within any shorter timeframe

@tagdara tagdara mentioned this issue Nov 11, 2023
Merged
@tagdara
Copy link
Contributor

tagdara commented Nov 11, 2023

Thanks for reminding me! I made that pull request this morning. I also added #780 which has my development Dockerfile that I use for compiling librespot-java.

I'm not a Java programmer either, although I've been using these changes as an excuse to learn how to do so.

@lesar8 lesar8 mentioned this issue Nov 16, 2023
Closed
aumann added a commit to aumann/librespot-java that referenced this issue Jan 2, 2024
@aumann
Apply workaround for librespot-org#742
13f2b84
@notalexa
Copy link

Since the issues is not closed: This solution works for all (temporary) failures (and recovers after fixed). Roughly, it takes all urls and uses the first (randomly chosen) one which works. Code can be found at https://github.com/notalexa/librespot-java/tree/broken-server-fixes

@thedtvn thedtvn closed this as completed Mar 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@peterdk @manfreddz @Fummowo @tagdara @charleywright @notalexa @a-mahr @thedtvn