Closed gibxxi closed 2 years ago
I'm having an issue with this as well. If I enable https on my subsonic server I get this behavior (listing things works, although not album art, but playback gives the Peer certificate cannot be authenticated error), no matter if I specify http or https for the url in the plugin.
If I disable https for subsonic the plugin works fine.
Is your cert signed by a CA that's recognized as root on the host running Kodi (e.g. Letsencrypt)? If not, you can either add your CA, or alternatively there is a setting for allowing self-signed certs in the addon.
Is your cert signed by a CA that's recognized as root on the host running Kodi (e.g. Letsencrypt)? If not, you can either add your CA, or alternatively there is a setting for allowing self-signed certs in the addon.
The advanced add-on setting to allow self-signed certificates is enabled, makes no difference.
I have no idea how or even if the certificates are signed by a CA authority of any description, as we users have no control over them. If you have a personalised "Subsonic URL" (in my case: gibsonxxi.subsonic.org), it is provided by the Subsonic author as an automatic URL redirect pointing from his server, to your local install and IP address (which will differ from his).
We have no control over the signing (or lack thereof) for the certificate attached to the "Subsonic URL". I do not provide a cert for the target IP address the "Subsonic URL" points to specifically, although the NAS it's installed on, DOES have a self-signed certificate for the default port 80 web server running on it, but neither Subsonic, nor Kodi should ever see that, given the custom port that Subsonic uses, running on it's own web server, independently.
This seems to be resolved in versions >=3.0.0. url and port settings are now separated.
Please reopen if you have issues.
It doesn't work for me, but I've given up on this addon so won't bother re-opening the issue. Tried with Subsonic address, remote IP, local IP, etc. all I get are "Connection Error" dialogs. I know the user credentials are correct as connecting via web browser works fine.
Thanks anyway.
OK, no problem. Happy to look into it if you want to share your logs.
After looking into this further it seems that this is due to increased security introduced in Leia.
The setup that causes this issue is insecure, and is not recommended but I have added some additional code in the branch called insecure to allow bypass of the security check. This is clunky and not recommended, but may get you through. https://github.com/warwickh/plugin.audio.subsonic/tree/insecure
EDIT: I am testing this. It is not working yet, but I will update once a working version is available.
OK, so there were a few things going on here.
The py-sonic library was broken and not fully supporting the insecure option for connections to the API. This is now resolved in commit 469681b
The Kodi curl library has a bypass for for verifying the cert, allowing self signed certs to work. This is now implemented when the insecure setting is enabled (For cover art and playing the audio). Resolved in commit 469681b
Unfortunately Subsonic uses a self signed cert with the name subsonic.org and this will not match when using myservername.subsonic.org subdomains. For the moment Kodi does not allow this check to be disabled. I was able to make this work by adding an entry to /etc/hosts pointing subsonic.org to the server ip. Kodi then sees the name as a match and it works. There are a few options to make your setup work, but personally I connect Kodi to my server on my local LAN on port 4040 without SSL enabled. I can connect externally using a certificate from Letsencrypt.
Closing this as I think this is the best that can be done given the limitations of Kodi security.
I can browse (and connect to) my own Subsonic server, via the registered "Subsonic URL" (myservername.subsonic.org), can view listings, etc. but playback fails with rthe following error:
2019-12-19 22:54:20.286 T:10532 ERROR: CCurlFile::FillBuffer - Failed: Peer certificate cannot be authenticated with given CA certificates(60)
(Yes, the option to accept self-signed certificates, in advanced settings is enabled).
Also, the url attempted by the plugin, is trying to connect (assume for playback) on port 80. My subsonic server only listens on ports 4040 (HTTP) and 4043 (HTTPS). any attempt to connect to my IP address at port 80, would be routed to my NAS web server, via the router, not Subsonic.
I do know that connecting directly via https is not allowed by Subsonic itself. Connection must be initiated over http, whereby the Subsonic server will negotiate and auto-switch to a SSL (https) connection. This works via web browser, but not via this plugin (which isn't the first Subsonic app i've attempted to use with this issue).