Adobe-Runtime-Support
Adobe-Runtime-Support copied to clipboard
airsdk
when using URLLOader with https: Streaming error 2032 on some devices
Problem Description
Describe your problem in detail. Include the following information:
Air SDK 33.1.575 Adobe Animate
There are some Windows pc's reporting when using https: to a php file the are getting error 2032. I cannnot reproduce it here on all Windows PCs its working on some maybe Windows 7 PC's this occurs.
When I change to http: then its working.
Please help.
sURL = root.VAR.isHttps+root.LIZScript
trace ("Request:" + sURL)
var myData:URLRequest = new URLRequest(sURL)
//var myData:URLRequest = new URLRequest("https://www.blue-2.at/VST/SKTVST.php")
myData.method = URLRequestMethod.POST
var variables:URLVariables = new URLVariables()
variables.F_Mail = F_Mail.text
variables.F_Key = F_Key.text
myData.data = variables
var loader:URLLoader = new URLLoader()
loader.dataFormat = URLLoaderDataFormat.TEXT // VARIABLES
loader.addEventListener(Event.COMPLETE, KeyComplete)
loader.addEventListener(IOErrorEvent.IO_ERROR, onError);
loader.addEventListener(HTTPStatusEvent.HTTP_RESPONSE_STATUS, onhttp);
try {
loader.load(myData)
} catch (error:Error) {
F_Status.text="Fehler im Lizenzserver: Bitte mail an [email protected]"
}
Likely to be related to this: https://blog.dnsimple.com/2021/09/letsencrypt-intermediate-expiration/
What we really need is a machine where this can be reproduced, so that we can look at what the Windows inet certificate handling code is saying... do you know whether the users see this consistently i.e. if it fails, it always fails? And if so, is there anyone who would be willing to run a test app on that machine?
The issue is explained here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
"older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates"
Although I would have hoped that the users would get an AIR certificate error dialog, rather than just getting the 2032 error...
thanks
I see. Yes I have a customer from Germany. He has Windows 7. I can ask him and give him some goodies, if he supports us.
The user ALWAYS gets this, ig he switches to HTTP (I added an option in the APP) everything works fine.
What do I add to my APP and what should the user be doing ? Cheers and Thank You
What I found out. I have 2 PCs were it is making problems. On the ONE there is a Windows Windows saying that
"The certificate of the Internate SIte, you are contacting is expired or invalid. Do like to access ? "
if customer says yes, it works
What I found is that i can look into the loakl Certifikates and see if X1Root cert is existing. I will keep you posted here.
hi!
I tried the following.
- I checked on customer site if he has the ISRG Root X1 certifacte in WIndows. So i followed an other ticket to download the certificate from Letsencrypt isrgrootx1.der and installed it on the clients machine. We lookes and the certificate was in the trustd certificicates of Windows.
- When we startet my APP the same problem occurs, we are getting the 2032 error and also no possiblity to save an untrusted certificate
- so please tell me what i can ask my customer to proceed cheers Michael
No one.
I have a problem that all my apps running ion some older Windows Systems cannot access PHP through ssh. So i really need a suggestion what to do. thanks
Recently I had similar issue with connection to PHP server on older Windows and found solution that maybe could help you. You should check on clients computer if TLS usage is enabled: Control Panel > Internet Options > Advanced. If TLS usage is disabled I was getting 2032 error. Hope it helps!
another two customers. I tried now your Idea. ALL TSL are checked and we get the streaming error. 2032.
They bought a NEW LAPTOP with latest Windows and we get the 2032 error when trying to access a PHP with https: Please help.
What I have is
var myData:URLRequest = new URLRequest(PHPString)
myData.method = URLRequestMethod.POST
var variables:URLVariables = new URLVariables()
variables.F_Mail = F_Mail.text
variables.F_Key = F_Key.text
myData.data = variables
var loader:URLLoader = new URLLoader()
loader.dataFormat = URLLoaderDataFormat.VARIABLES
loader.addEventListener(Event.COMPLETE, KeyComplete)
loader.addEventListener(IOErrorEvent.IO_ERROR, onError);
loader.addEventListener(HTTPStatusEvent.HTTP_RESPONSE_STATUS, onhttp);
loader.load(myData)
on error is throwing 2032
Hi @Menard1965 - if you're seeing this with a new computer, I'd expect it to have all the necessary certificates etc - so unless the server's certificates have been revoked, this may be something different. Are you able to confirm they can hit that URL with a web browser from their machine and get a sensible response? and do you see any server logs that may explain it?
thanks
I phones with the customer and his NEW computer was August 2021 so Sep 2021 what I read was the Time when the Letscrypt had this change ?.
Which URL do you mean ? the one with the PHP File ?I dont have access to all logs on my hosted server thanks so much
Sorry, can you clarify "NEW LAPTOP with latest Windows" = presumably Windows 11 build 22000? although anything reasonably recent should have the necessary certificates for this..
new URLRequest(PHPString) -> what happens if they enter that PHPString into a browser?
Please Help! every week I have at least one customer. The can not register to my license Server which is a php script. I use https to open the phpscript.
The user has windows 8 The user is not getting any error, so the function is not fireing anything.
var myData:URLRequest = new URLRequest(PHPString)
myData.method = URLRequestMethod.POST
var variables:URLVariables = new URLVariables()
variables.F_Mail = F_Mail.text
variables.F_Key = F_Key.text
myData.data = variables
var loader:URLLoader = new URLLoader()
loader.dataFormat = URLLoaderDataFormat.VARIABLES
loader.addEventListener(Event.COMPLETE, KeyComplete)
loader.addEventListener(IOErrorEvent.IO_ERROR, onError);
loader.addEventListener(HTTPStatusEvent.HTTP_RESPONSE_STATUS, onhttp);
loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurityError);
loader.load(myData)
Hi -> are you saying there's no 2032 error showing up any more? so none of those event listeners are firing? That seems curious..
Is there any way to reproduce this, e.g. if you had a Windows 8 machine that was set to just repeatedly post this message, would it come back with a failure (or lack of response) every so often? And do you know from server logs whether the message is actually being received or what the responses might be (e.g. if it's AWS based, you can perhaps see what responses are sent back, in case there are some queries that result in an error code)?
thanks
i can ask the customer if he is willing to test something:
var myData:URLRequest = new URLRequest(PHPString)
myData.method = URLRequestMethod.POST
var variables:URLVariables = new URLVariables()
variables.F_Mail = F_Mail.text
variables.F_Key = F_Key.text
myData.data = variables
var loader:URLLoader = new URLLoader()
loader.dataFormat = URLLoaderDataFormat.VARIABLES
loader.addEventListener(Event.COMPLETE, KeyComplete)
loader.addEventListener(IOErrorEvent.IO_ERROR, onError);
loader.addEventListener(HTTPStatusEvent.HTTP_RESPONSE_STATUS, onhttp);
loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurityError);
loader.load(myData)
That are the functions
when the customer clicks the button he has nothing on the screen so no event is fired. The field F_Status.text is a text field on the screen, which is filled by the procedure
function onhttp(e:HTTPStatusEvent)
{
F_Status.text="Konnte den Lizenzserver nicht erreichen:" + e.status
}
function onSecurityError(e:SecurityErrorEvent)
{
F_Status.text="Konnte den Lizenzserver nicht erreichen (Security):" + e.errorID
}
function onError(e:Event)
{
F_Status.text="Konnte den Lizenzserver nicht erreichen: ". e.errorID
}
The bug is still not fixed. Downloading remote content from https produces streamEror: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: https://bla bla
http is working fine but http sites are now blocked by modern browsers. I'm stuck here...
What i tried to do. When i connect to PHP with https: and the URL loaded event is not fired i am setting a counter
When i cklick again and the counter is greater than one i connect using http: instead https:
its not solving the problem, but if a user connects at the beginning of the app i set a variable isHTTPS to false and store the value in the shared variables, so the user will connect with http when using the app.
I hope there will be a solution. Its happiong on old Windows systems or systems with no Windoes updates. There must be some problem with certificates
@ajwfrost The latest update of Windows 11 will only enable TLS 1.3 in Internet Options by default. At this time, no network request can be invoked. Whether the support of TLS 1.3 will be followed up during operation
@RayGyoe we'll have to check this on a Win11 machine but we use the WinINet functions which doesn't give the ability to specify this - so if the OS is updated to only allow TLS 1.3, then I would hope that their networking functions also allow that! There are a set of equivalent functions (WinHTTP) that do give greater control, so we could switch to using those for HTTPS requests perhaps.
More info/actions under https://github.com/airsdk/Adobe-Runtime-Support/issues/724
In win 11, my app will pop up a warning to remind users to enable TLS1.2 or 1.1 in network settings, which will greatly affect the user experience. In addition, I may use ANE to operate the registry first
Windows 11 Professional - 22H2 Date: 2022/11/12 Version: 22621.963
I've just run up a simple/basic AIR app on Windows 11, and it appears to use TLS 1.3 already by default without us having to change anything. Using the https://www.cloudflare.com/en-gb/ssl/encrypted-sni/ website, and verifying via Wireshark, we're getting the data over TLS 1.3 using normal URLLoader/URLStream objects.
I've just run up a simple/basic AIR app on Windows 11, and it appears to use TLS 1.3 already by default without us having to change anything. Using the https://www.cloudflare.com/en-gb/ssl/encrypted-sni/ website, and verifying via Wireshark, we're getting the data over TLS 1.3 using normal URLLoader/URLStream objects.
In my device, win10 and 11 cannot make network requests normally when only TLS1.3 is enabled:https://vsdevelop.com/wp-content/uploads/2023/01/2023-01-28-11-38-04-1.mp4