webosbrew / webos-homebrew-channel

Unofficial webOS TV homebrew store and root-related tooling
MIT License
883 stars 47 forks source link

Stock plex app shows invalid certificate error code -202 #203

Open h4de5 opened 4 days ago

h4de5 commented 4 days ago

I am not sure if this is the right place to post this, but I really hope you can at least point me in the right direction.

since a week or two my stock plex app on my rooted LG OLED55C8PLA with firmware 05.40.09 only says:

Loading not possible server certificate is not trustworthy error code -202

(it says it in my language, this is just a rough translation)

this message comes before I can even open up any settings within plex. I run my server locally in the network and publicly behind a reverse proxy that takes care of issuing the certificate. this has not changed since over a year. tls1.3 was in place for my server also for that long - so unless something really recent changed on letsencrypt side, I guess plex themselves changed something and the app is opening their servers first to get to my local movies.. I can also open my plex server and the plex web app using the build-in browser on the tv. it does not work in terms of javascript but at least it does not show a certificate error..

I already tried to rebuild my local certificates on the plex server, and checked what the plex app on the tv actually does (its just a html page and a small javascript - so I guess just a wrapper for some kind of wasm - but its all encrypted on the TV: /lg/appstore/cryptofs/apps/usr/palm/applications/cdp-30 ). I read about how to update root certificates on my TV with a shell script, but this was from 2021 and there are also posts that this did not help - therefore I have not tried this yet. LG provides tls and root certificates ( https://webostv.developer.lge.com/develop/specifications/tls ) and even a recent firmware update (05.50.56 from november 2024) for this 2018'ish TV, which is kinda great but also will most probably close my root access to it..

my current guess is, that the firmware update will fix my issue but will remove root and therefore adfree-youtube :(

so I would like to try to update the root certificates from LG's website first, but I don't know how yet.

if this does not work or does not help, I would like to know if its possible to decrypt the sources of the plex app and maybe provide a home-brew version of it.

any help or idea is highly appreciated! having plex working specially before the holidays would really help me out ;)

throwaway96 commented 4 days ago

I see you found setup-cert-overlay.sh. There's also webos1-bindca, which shows a different way to do basically the same thing.

I don't think either one does exactly what you want, but modification should be straightforward.

h4de5 commented 4 days ago

yep. found it.. but did not help. the plex app still could not get loaded. I am not sure if this helps or if it is even related, but (regardless of adding those files to ca-certificates) when I run:

openssl s_client -servername app.plex.tv -connect app.plex.tv:443

on the tv i got this:

CONNECTED(00000003)
depth=1 C = US, O = Let's Encrypt, CN = R11
verify error:num=20:unable to get local issuer certificate

while when I run it locally i got this:

CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = app.plex.tv
verify return:1

same for curl:

curl --head "https://app.plex.tv"
curl: (60) SSL certificate problem: unable to get local issuer certificate

as said I can open the page using the TV's internal browser - without issues.

thingul commented 2 days ago

To chime in here, I had the exact same issue, same tv and same firmware. I took the plunge and upgraded the firmware, it fixed the 202 error so I can use plex again, I can still use the ad free youtube and any homebrew stuff.

h4de5 commented 2 days ago

did you upgrade to the latest one? 05.50.56 (e.g. https://www.lg.com/de/support/produkt-hilfe/cs-OLED55C8LLA.AEU/ ) how did you root the tv after the upgrade?

thingul commented 2 days ago

Just checked, it is 05.50.45, all I did before was update homebrew channel (https://github.com/webosbrew/webos-homebrew-channel) to the latest version, enable software update on the tv again and updated it via the normal menu, root was still there after reboot. I think originally I used the rootmytv site to root it, don't think that works anymore.