Streamlinkwrapper and streamlinksrv crash when trying to play from the new filmon plugin

[azman26]

Latest OATV 7.1 release

When I try to use the prescribed filmon plugin I get the following error while using the streamlink server. I have a black screen with streamlinkwrapper and no error message appears.

As usual, the plugin checked the latest version of Streamlink in Windows and works there without error

23:20:09,40 streamlinksrv debug [cli][info] Found matching plugin filmon for URL www.filmon.com/tv/zdf 23:20:09,141 streamlinksrv debug error: Unable to open URL: https://www.filmon.com/tv/zdf (Cannot set verify_mode to CERT_NONE when check_hostname is enabled.) Send Offline clip: /usr/lib/enigma2/python/Plugins/Extensions/StreamlinkConfig/streams/offline.mp4 127.0.0.1 - - [07/Jun/2022 23:20:17] "GET /www.filmon.com/tv/zdf HTTP/1.1" 200 - 23:20:17,560 streamlinksrv error EXCEPTION: [Errno 32] Broken pipe Send Offline clip: /usr/lib/enigma2/python/Plugins/Extensions/StreamlinkConfig/streams/offline.mp4 127.0.0.1 - - [07/Jun/2022 23:20:17] "GET /www.filmon.com/tv/zdf HTTP/1.1" 200 - 23:20:17,561 streamlinksrv debug finish >>>

Yes, I am aware that the above entry is from a modified version. Fortunately, in the modified version, you can get more than the original streamlink server using the astreamlink client. Nevertheless, the error occurs in the original version from the OATV repository.

P.S. I repeat the request how to get diagnostic data from wrappers in order to present problems with playing some streams

[4l3x2k]

I think it is a problem of streamlink under linux. On macOS I made it work by removing TLSSecLevel1Adapter() in the filmon plugin.

I get the following error message if I use streamlinkwrapper

If I'am using the the streamlink_cli I get

root@sf8008:~# python /usr/lib/python3.10/site-packages/streamlink_cli/__main__.py https://www.filmon.com/tv/zdf best
[cli][info] streamlink is running as root! Be careful!
[cli][info] Found matching plugin filmon for URL https://www.filmon.com/tv/zdf
error: Unable to open URL: https://www.filmon.com/tv/zdf (HTTPSConnectionPool(host='www.filmon.com', port=443): Max retries exceeded with url: /tv/zdf (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)'))))

which is the same error shown in the message box on tv.

For me it is ok with

• python3-yt-dlp
• enigma2-plugin-extensions-ytdlpwrapper

And using a bouquet entry like

#SERVICE 4097:0:1:0:0:0:0:0:0:0:YT-DLP%3a//https%3a//www.filmon.com/tv/zdf:[yt-dlp] FilmOn ZDF

[azman26]

The latest OATV 7.1 image Filmon works with ytdlpwrapper but after 1-1.5 minutes the broadcast stops.

[4l3x2k]

Do you have an account for filmon?

Without a account you may only be able to watch 90 seconds. That is what the website shows if you visit it by browser.

Regarding the SSLError I don't know whether python's ssl module already support openssl version 3.0.2. That may be the main reason for streamlink failing and that is why openatv 7.1 to be alpha. Maybe applications need to provide the exact ssl context supported by openssl 3.0.2 and provided by filmon to make it work.

openatv 7.1

root@sf8008:~# openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
root@sf8008:~# python3 -c 'import requests; requests.get("https://www.filmon.com")'
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
  File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 386, in _make_request
  File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
  File "/usr/lib/python3.10/site-packages/urllib3/connection.py", line 414, in connect
  File "/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
  File "/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
  File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
  File "/usr/lib/python3.10/ssl.py", line 1070, in _create
  File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
ssl.SSLError: [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/requests/adapters.py", line 440, in send
  File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 785, in urlopen
  File "/usr/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.filmon.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python3.10/site-packages/requests/api.py", line 75, in get
  File "/usr/lib/python3.10/site-packages/requests/api.py", line 61, in request
  File "/usr/lib/python3.10/site-packages/requests/sessions.py", line 529, in request
  File "/usr/lib/python3.10/site-packages/requests/sessions.py", line 645, in send
  File "/usr/lib/python3.10/site-packages/requests/adapters.py", line 517, in send
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.filmon.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)')))
root@sf8008:~#

openatv 7.0

root@sf8008:~# openssl version
OpenSSL 1.1.1l  24 Aug 2021
root@sf8008:~# python3 -c 'import requests; requests.get("https://www.filmon.com")'
root@sf8008:~#

[azman26]

I would rather bet on SSL support in 7.1 I started the filmon channel on streamlink under the windows and it's been running for about 10 minutes (and I do not have an account on filmweb)

[4l3x2k]

I bet on the provider (filmon) who already has an exception because of SSL in streamlink.

So there is nothing I can do at the moment.

For me the problem is that the openssl library version 3.0.2 does not support the provided -weak- encryption served by filmon.

[azman26]

I turned on the E2 logbook And there I found such entries And here it looks more like problems with synchronization and hsldemux

21:16:22.8219 [ActionMap] Keymap 'OkCancelActions' -> Action 'ok'. 21:16:23.9229 [filmon:channel] zdf: Downloading JSON metadata 21:16:24.8546 [ChannelSelection] zap / YoutubeDLP result url https://edge-1288-ch-gv.filmon.com/live/2759.high.stream/playlist.m3u8?id=035bca1a71b11fce016d28acd3dbea51cbc96ddfe5b9ed3f8fe3286df6a738d379cd2ad0971e27279a4c838081723723fd5b91db4ae9de39ec75f71bb110413e4a43c77f593be7c791f5331f38f8c973cd60520fa9047078258b4e4627f2a2c2299ae9f9e24611e454c39fa708330178725f0e8855fe9bff422ab24dade3f16869f77b6d448dee47ec57cef14e821a25009c8cced38fbbc9 21:16:24.8551 [Navigation] playing ref 4097:0:1:761D:4A27:EC:0:0:0:0:YT-DLP%3a//https%3a//www.filmon.com/tv/zdf:ZDF Filmon YTDLP 21:16:24.8603 [eServiceMP3] PIPELINE DESTRUCTED 21:16:24.8604 [eServiceFactoryMP3] new play service total services played is 3 21:16:24.8607 [eServiceMP3] playbin uri=https://edge-1288-ch-gv.filmon.com/live/2759.high.stream/playlist.m3u8?id=035bca1a71b11fce016d28acd3dbea51cbc96ddfe5b9ed3f8fe3286df6a738d379cd2ad0971e27279a4c838081723723fd5b91db4ae9de39ec75f71bb110413e4a43c77f593be7c791f5331f38f8c973cd60520fa9047078258b4e4627f2a2c2299ae9f9e24611e454c39fa708330178725f0e8855fe9bff422ab24dade3f16869f77b6d448dee47ec57cef14e821a25009c8cced38fbbc9 21:16:24.8615 [eServiceMP3] * starting pipeline ** 21:16:24.8641 [Screen] Showing screen 'InfoBarSummary'. 21:16:24.8647 [eRCDeviceInputDev] 0 160 1 21:16:24.8649 [InfoBarGenerics] Key: 352 (Break) KeyID='KEY_OK'. 21:16:24.8717 [eServiceMP3] STATE TRANSITION NULL -> READY 21:16:24.8815 [Screen] Showing screen 'InfoBar'. 21:16:24.9034 [eServiceMP3] pause(ePtr &ptr) 21:16:24.9036 [Pixmap] setPixmapNum(0) failed! Defined pixmaps: []. 21:16:24.9045 [eServiceMP3] pause(ePtr &ptr) 21:16:24.9046 [Pixmap] setPixmapNum(0) failed! Defined pixmaps: []. 21:16:24.9053 [Notifications] RemovePopup id = ZapError 21:16:25.8440 [eServiceMP3] PLAYBIN WITH BLOCK READY TO PAUSED state:PAUSED pending:VOID_PENDING ret:SUCCESS 21:16:25.8508 [eServiceMP3] STATE TRANSITION READY -> PAUSED

(enigma2:3513): WARNING : 21:16:25.863: ../git/gstdvbaudiosink.c:476: invalid property id 3 for "e2-sync" of type 'GParamBoolean' in 'GstDVBAudioSink'

(enigma2:3513): WARNING : 21:16:25.863: ../git/gstdvbaudiosink.c:476: invalid property id 4 for "e2-async" of type 'GParamBoolean' in 'GstDVBAudioSink'

(enigma2:3513): WARNING : 21:16:25.864: ../git/gstdvbvideosink.c:494: invalid property id 3 for "e2-sync" of type 'GParamBoolean' in 'GstDVBVideoSink'

(enigma2:3513): WARNING : 21:16:25.864: ../git/gstdvbvideosink.c:494: invalid property id 4 for "e2-async" of type 'GParamBoolean' in 'GstDVBVideoSink' 21:16:25.8709 [eServiceMP3] PLAYBIN WITH BLOCK PLAYSTART state:PLAYING pending:VOID_PENDING ret:SUCCESS 21:16:25.8719 [eServiceMP3] GST_MESSAGE_ASYNC_DONE before evUpdatedInfo 21:16:25.8875 [VolumeAdjust] Normal volume is 12. 21:16:25.9617 [eServiceMP3] START USE LAST SEEK TIMER 21:16:26.0342 [eServiceMP3] **STATE TRANSITION PAUSED -> PLAYING ****

(enigma2:3513): WARNING : 21:16:26.044: ../git/gstdvbaudiosink.c:476: invalid property id 3 for "e2-sync" of type 'GParamBoolean' in 'GstDVBAudioSink'

(enigma2:3513): WARNING : 21:16:26.044: ../git/gstdvbaudiosink.c:476: invalid property id 4 for "e2-async" of type 'GParamBoolean' in 'GstDVBAudioSink'

(enigma2:3513): WARNING : 21:16:26.045: ../git/gstdvbvideosink.c:494: invalid property id 3 for "e2-sync" of type 'GParamBoolean' in 'GstDVBVideoSink'

(enigma2:3513): WARNING : 21:16:26.045: ../git/gstdvbvideosink.c:494: invalid property id 4 for "e2-async" of type 'GParamBoolean' in 'GstDVBVideoSink' 21:16:50.5416 Gstreamer error: Internal data stream error. (1, 1654) from hlsdemux0

[4l3x2k]

hlsdemux in gstreamer is buggy and that is what streamlinksrv can handle better.

The default security level of OpenSSL under OpenATV is listed under /etc/ssl/openssl.cnf at the bottom

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=0

Are defined. This was done to continue to support the largest possible number of VPN providers.

Now it seems that python3 under OpenATV 7.1 doesn't use the switch

--with-ssl-default-suites=openssl

is created. This means that python's ssl module does not use the configuration from /etc/ssl/openssl.cnf but its own internal ones. Thanks to @bastimeyer who figured this out.

I still have to find out whether python3 is really built under OpenATV 7.1 without this switch.

Until then I was able to help myself with the following change in /usr/lib/python3.10/site-packages/streamlink/plugin/api/http_session.py

class TLSSecLevel1Adapter(requests.adapters.HTTPAdapter):
    define init_poolmanager(self, *args, **kwargs):
        ctx = ssl.create_default_context()
        ctx.set_ciphers("DEFAULT:@SECLEVEL=0")
        kwargs["ssl_context"] = ctx
        return super().init_poolmanager(*args, **kwargs)

The difference is in the line

ctx.set_ciphers("DEFAULT:@SECLEVEL=1")

the to

ctx.set_ciphers("DEFAULT:@SECLEVEL=0")

becomes.

This change should suffice if streamlink was installed on OpenATV 7.1 after 05.06 or updated after 05.06.

[4l3x2k]

I found out that python3 on openatv 7.1 doesn't work with the switch

--with-ssl-default-suites=openssl

is built. This means that the standard value that corresponds to this switch setting is used

--with-ssl-default-suites=python

That means the system-wide security level cannot be set via the openssl.cnf for python.

root@sf8008:~# python -V
Python 3.10.4
root@sf8008:~# python -m sysconfig|grep CONFIG_ARGS|tr -s " " "\n"
CONFIG_ARGS
=
"'--build=x86_64-linux'
'--host=arm-oe-linux-gnueabi'
'--target=arm-oe-linux-gnueabi'
'--prefix=/usr'
'--exec_prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin'
'--libexecdir=/usr/libexec'
'--datadir=/usr/share'
'--sysconfdir=/etc'
'--sharedstatedir=/com'
'--localstatedir=/var'
'--libdir=/usr/lib'
'--includedir=/usr/include'
'--oldincludedir=/usr/include'
'--infodir=/usr/share/info'
'--mandir=/usr/share/man'
'--disable-silent-rules'
'--disable-dependency-tracking'
''
'--without-ensurepip'
'--enable shared'
'--with-platlibdir=lib'
'build_alias=x86_64-linux'
'host_alias=arm-oe-linux-gnueabi'
'target_alias=arm-oe-linux-gnueabi'
'CC=arm-oe-linux-gnueabi-gcc
-mfpu=neon-vfpv4
-mfloat-abi=hard
-mcpu=cortex-a15
'
'CFLAGS=
-Os
- pipe
-G
-feliminate-unused-debug-types
-fmacro-prefix-map=/python3/3.10.4-r0=/usr/src/debug/python3/3.10.4-r0
-fdebug-prefix-map=/python3/3.10.4-r0=/usr/src/debug/python3/3.10.4-r0
-fdebug-prefix-map==
-fdebug-prefix-map==
-DHAVE_BROKEN_POSIX_SEMAPHORES'
'LDFLAGS=-Wl,-O1
-Wl,--hash-style=gnu
-Wl,--as-needed
-fmacro-prefix-map=/python3/3.10.4-r0=/usr/src/debug/python3/3.10.4-r0
-fdebug-prefix-map=/python3/3.10.4-r0=/usr/src/debug/python3/3.10.4-r0
-fdebug-prefix-map==
-fdebug-prefix-map==
'
'CPPFLAGS=
-I/usr/include/ncursesw
-I/usr/include/uuid'
'CPP=arm-oe-linux-gnueabi-gcc
-E
-mfpu=neon-vfpv4
-mfloat-abi=hard
-mcpu=cortex-a15'
'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig'
'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig'"
root@sf8008:~#

So for me it would mean either

1. filmon offers an encryption that supports openssl 3 without lowering the security level
2. the application (here stream link) lowers the security level for openssl 3 even further
3. python3 is built with the --with-ssl-default-suites=openssl switch

The first point would also apply to VPN providers.

If you feel the same way @azman26 then you either could

1. write to filmon that you offer a suitable encryption
2. Create an issue at streamlink
3. Create an issue at openembeded or openembedded-alliance

Creating the issue here for enigma2 won't do anything. I don't see how we could solve that. So I would say the issue can be closed.

[4l3x2k]

Issue can be closed.