Certificate did not match expected hostname

[fsmeets84]

I live in The Netherlands and installed the addon within Kodi on an Android TV media device. However, to watch most of the content I need to be connected with a Belgium VPN.

1. I connected with a Belgium VPN in Surfshark (https://surfshark.com/nl/)
2. In Kodi I try to start any video with geo filter.

Then I immediately see the message: One or more items failed to play. Check the log for more information about this message.

So I have check in the log file and the problem is that expected hostame (stream1-vod.cdn1.sbs.prd.telenet-ops.be) does not match with my hostname *.prod.surfshark.com', 'prod.surfshark.com. See log below. Actually it's more a feature request than a bug I think :)

==================================================================================

2022-02-17 10:55:56.216 T:16948 WARNING : [plugin.video.viervijfzes] [urllib3.connection] Certificate did not match expected hostname: stream1-vod.cdn1.sbs.prd.telenet-ops.be. Certificate: {'subject': ((('commonName', '.prod.surfshark.com'),),), 'issuer': ((('countryName', 'GB'),), (('stateOrProvinceName', 'Greater Manchester'),), (('localityName', 'Salford'),), (('organizationName', 'Sectigo Limited'),), (('commonName', 'Sectigo RSA Domain Validation Secure Server CA'),)), 'version': 3, 'serialNumber': 'E9EC80AB80B5473E22711F7A6D03487A', 'notBefore': 'Jan 13 00:00:00 2022 GMT', 'notAfter': 'Jan 13 23:59:59 2023 GMT', 'subjectAltName': (('DNS', '.prod.surfshark.com'), ('DNS', 'prod.surfshark.com')), 'OCSP': ('http://ocsp.sectigo.com',), 'caIssuers': ('http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt',)} 2022-02-17 10:55:56.217 T:16948 ERROR : EXCEPTION Thrown (PythonToCppException) : -->Python callback/script returned the following error<--

• NOTE: IGNORING THIS CAN LEAD TO MEMORY LEAKS! Error Type: <class 'requests.exceptions.SSLError'> Error Contents: HTTPSConnectionPool(host='stream1-vod.cdn1.sbs.prd.telenet-ops.be', port=443): Max retries exceeded with url: /geo/VANTAGE_F_YOU_VERY_VERY_MUCH/S1/volledigeafleveringen/1014444220832852701077779913893694101444/F_YOU_VERY_VERY_MUCH_1_1_F0285889/F_YOU_VERY_VERY_MUCH_1_1_F0285889.m3u8 (Caused by SSLError(SSLCertVerificationError("hostname 'stream1-vod.cdn1.sbs.prd.telenet-ops.be' doesn't match either of '.prod.surfshark.com', 'prod.surfshark.com'"))) Traceback (most recent call last): File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connectionpool.py", line 1010, in _validate_conn conn.connect() File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connection.py", line 464, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connection.py", line 512, in _match_hostname match_hostname(cert, asserted_hostname) File "C:\Program Files\Kodi\system\python\Lib\ssl.py", line 416, in match_hostname raise CertificateError("hostname %r " ssl.SSLCertVerificationError: ("hostname 'stream1-vod.cdn1.sbs.prd.telenet-ops.be' doesn't match either of '.prod.surfshark.com', 'prod.surfshark.com'",)

                                             During handling of the above exception, another exception occurred:
  
                                             Traceback (most recent call last):
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\adapters.py", line 439, in send
                                                 resp = conn.urlopen(
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\connectionpool.py", line 755, in urlopen
                                                 retries = retries.increment(
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.urllib3\lib\urllib3\util\retry.py", line 574, in increment
                                                 raise MaxRetryError(_pool, url, error or ResponseError(cause))
                                             urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='stream1-vod.cdn1.sbs.prd.telenet-ops.be', port=443): Max retries exceeded with url: /geo/VANTAGE_F_YOU_VERY_VERY_MUCH/S1/volledigeafleveringen/1014444220832852701077779913893694101444/F_YOU_VERY_VERY_MUCH_1_1_F0285889/F_YOU_VERY_VERY_MUCH_1_1_F0285889.m3u8 (Caused by SSLError(SSLCertVerificationError("hostname 'stream1-vod.cdn1.sbs.prd.telenet-ops.be' doesn't match either of '*.prod.surfshark.com', 'prod.surfshark.com'")))
  
                                             During handling of the above exception, another exception occurred:
  
                                             Traceback (most recent call last):
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\plugin.video.viervijfzes\resources\lib\service.py", line 128, in onPlayBackStopped
                                                 response = requests.get(self.stream_path)
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\api.py", line 76, in get
                                                 return request('get', url, params=params, **kwargs)
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\api.py", line 61, in request
                                                 return session.request(method=method, url=url, **kwargs)
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\sessions.py", line 542, in request
                                                 resp = self.send(prep, **send_kwargs)
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\sessions.py", line 655, in send
                                                 r = adapter.send(request, **kwargs)
                                               File "C:\Users\Audio\AppData\Roaming\Kodi\addons\script.module.requests\lib\requests\adapters.py", line 514, in send
                                                 raise SSLError(e, request=request)
                                             requests.exceptions.SSLError: HTTPSConnectionPool(host='stream1-vod.cdn1.sbs.prd.telenet-ops.be', port=443): Max retries exceeded with url: /geo/VANTAGE_F_YOU_VERY_VERY_MUCH/S1/volledigeafleveringen/1014444220832852701077779913893694101444/F_YOU_VERY_VERY_MUCH_1_1_F0285889/F_YOU_VERY_VERY_MUCH_1_1_F0285889.m3u8 (Caused by SSLError(SSLCertVerificationError("hostname 'stream1-vod.cdn1.sbs.prd.telenet-ops.be' doesn't match either of '*.prod.surfshark.com', 'prod.surfshark.com'")))
                                             -->End of Python script error report<--

[michaelarnauts]

At the first look, I think that your surfshark VPN is intercepting the HTTPS connection, and they really really shouldn't be doing this. They should be able to relay the connection without messing with the certificates just fine.

Maybe it's a setting you can disable somewhere so it doesn't try to hijack secure connections?

[michaelarnauts]

Closed. This seems to be an issue with the VPN provider that is doing mitm stuff.