search

iwalton3 / plex-mpv-shim

Cast media from Plex Mobile and Web apps to MPV. (Unofficial)
MIT License
368 stars 21 forks source link

Ssl certificate has expired #52

Closed Skandery closed 2 years ago

Skandery commented 3 years ago

This week (just before the plex update) received the error "An error occurred trying to play this item."

And I found this in the logs :

Traceback (most recent call last):
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\urllib\request.py", line 1346, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 1010, in _send_output
    self.send(msg)
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 950, in send
    self.connect()
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 1424, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1040, in _create
    self.do_handshake()
  File "C:\Users\SK\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)

To fix it I just did a pip install --upgrade certifi and now it works (jellyfin-mpv-shim have ignore_ssl_cert for this kind of problem maybe).

I don't know if it's the right place but I think it could help people who have the same problem.

co-sine commented 3 years ago

I definitely have the exactly same issue as yours!! So Thankful for sharing this!! However I am not a Python user (code idiot), How can I resolve this without installing Python?

LAP87 commented 3 years ago

I did the upgrade, but didn't solve my error when trying to play via mpv shim since last week

PurpleRobin commented 3 years ago

I also did the upgrade and still not working the plex console shows "incomplete TLS handshake from [IP Address]:: sslv3 alert certificate expired. I asked for the cert to be reset in the plex forums but was told it wasn't expired.

iwalton3 commented 3 years ago

If you are having this issue, did you manually install it with pip or are you using the binary distribution? I want to know if I need to repackage or if people who are having the issue can only fix it by upgrading certifi.

It looks like the last version of certifi was released before the last mpv shim version. https://pypi.org/project/certifi/

co-sine commented 3 years ago

If you are having this issue, did you manually install it with pip or are you using the binary distribution? I want to know if I need to repackage or if people who are having the issue can only fix it by upgrading certifi.

It looks like the last version of certifi was released before the last mpv shim version. https://pypi.org/project/certifi/

This is my personal request.., plz repackage it, might make everything easier.

iwalton3 commented 3 years ago

https://github.com/iwalton3/plex-mpv-shim/suites/3977456141/artifacts/100049578

co-sine commented 3 years ago

https://github.com/iwalton3/plex-mpv-shim/suites/3977456141/artifacts/100049578

hate to say this but the "An error occurred trying to play this item." error remains after reinstalling.

PurpleRobin commented 3 years ago

https://github.com/iwalton3/plex-mpv-shim/suites/3977456141/artifacts/100049578

Having the same Issue with the above one as well from the console: Oct 06, 2021 17:27:08.300 [9312] Debug — CERT: incomplete TLS handshake from [IP]: : sslv3 alert certificate expired

I installed with the binary and also upgraded with 'pip install --upgrade certifi' but it made no difference. I posted about it on the plex support forms as lots of plex users in the past week have had ssl cert errors and received this in reply

"Since that’s third party GitHub I need to refer you to them to answer this. I have no knowledge of this software, If they have a certificate in it, then they probably need to update their certificate in the client."

LAP87 commented 3 years ago

https://github.com/iwalton3/plex-mpv-shim/suites/3977456141/artifacts/100049578

This one solved my issue, thanks a bunch.

iwalton3 commented 3 years ago

Here is the thread for Jellyfin MPV Shim, where users are having a similar issue. (Although Jellyfin users tend to use Let's Encrypt which had a recent CA Root expire and not Plex's CA which I am not sure what they use.)

I posted some information there too. https://github.com/jellyfin/jellyfin-mpv-shim/issues/235

jsravn commented 3 years ago

Is it possible to add the ignore_ssl_cert option? It's not working for me either trying similar things to the jellyfin shim issue. I'm also on a letsencrypt cert. Something weird about the requests library is causing it to not recognize the new root CA properly, I'm unsure exactly what is happening.

edit: From digging around it seems this is a bug related to windows not updating CAs or something. Seems like you can work around it by manually importing certifi and explicitly using it for CA information: https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/1213

co-sine commented 3 years ago

I agree to add the ignore_ssl_cert option.. manully importing certifi is quite a complex job for me..

iwalton3 commented 3 years ago

Yeah I realized there were like a dozen different places and two different requests libraries being used. Maybe the explicit certifi dependency might be easier.

co-sine commented 3 years ago

Yeah I realized there were like a dozen different places and two different requests libraries being used. Maybe the explicit certifi dependency might be easier.

I've been trying alternative solutions none, none of them is that perfect like MPV shim, if you make it happens, I'll be really, really, really appreciate it.

co-sine commented 3 years ago

Pretty sure it is something system wise (CA?) goes wrong, I tried a fresh install of Shim in Windows Sandbox it worked again...

jsravn commented 2 years ago

Made a PR to use certifi in various places. It fixes the issue for me on Windows.

iwalton3 commented 2 years ago

https://github.com/iwalton3/plex-mpv-shim/releases/tag/v1.10.3