librespot-java
librespot-java copied to clipboard
librespot-org
Ssl err
Describe the bug javax.net.ssl.SSLPeerUnverifiedException: Hostname audio4-gm-fb.spotifycdn.com not verified: certificate: sha256/mikb4l8fq5rYJv+AdSiChROLrTKpCEENcVFH4engaDw= DN: CN=audio-gm-off.spotifycdn.com subjectAltNames: [audio-gm-off.spotifycdn.com]
To Reproduce get track audio
Expected behavior Can get Audio Screenshots/Stracktraces/Logs
- am use sentry
Version/Commit xyz.gianlu.librespot:librespot-lib:1.6.3
I have the same problem. I think I managed to throw together an ugly workaround. It could also work as a hint if someone more knowledgeable wants to fix this properly.
After several days of watching this problem happen, I finally walked through the code enough to understand where it's coming from. Spotify provides a list of viable CDN's, and librespot chooses one at random. audio4-gm-fb.spotifycdn.com uses both the new 'Expires' format, has a bad cert that does not match its name, and can't serve the chunk requests anyway.
So even though there have been PR's for both the new Expires format, and work-arounds for the mismatched cert, the only actual solution is to pull it out of the rotation. I'll submit separate PR for this soon but in the meantime I'm using the following workaround in CdnFeedHelper.java:
@NotNull
private static HttpUrl getUrl(@NotNull Session session, @NotNull StorageResolveResponse resp) {
String selectedUrl = resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount()));
while (selectedUrl.contains("audio4-gm-fb")) {
LOGGER.warn("getUrl picked CDN with known issues {} (forcing re-selection)", selectedUrl );
selectedUrl = resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount()));
}
return HttpUrl.get(selectedUrl);
// return HttpUrl.get(resp.getCdnurl(session.random().nextInt(resp.getCdnurlCount())));
}
@tagdara Thanks, that change helped me get my Spocon installation working again.
I changed the file according to the snippet and then ran a mvn package, and the jar is then found in the subfolder's target dir. I added that to the install dir of Spocon on my Ubuntu server, and replaced the original jar with it.
Now playing without issues for a few hours already!
Just hit this today:
ERROR CdnManager:321 - Failed requesting chunk from network, index: 7
javax.net.ssl.SSLPeerUnverifiedException: Hostname audio4-gm-fb.spotifycdn.com not verified:
certificate: sha256/F1cDKqo299xpNogpffCQtgb/TI8o4t+d6mlsIUJgsug=
DN: CN=audio-gm-off.spotifycdn.com
subjectAltNames: [audio-gm-off.spotifycdn.com]
The fix posted by @tagdara works perfectly.
openssl s_client -connect audio4-gm-fb.spotifycdn.com:443 -verify_hostname audio4-gm-fb.spotifycdn.com
indeed shows a hostname mismatch, I guess spotify pushed something bad to prod.
I'm sry for the silly question, but I don't know java... on which line do I put this snippet? @tagdara
it’s pretty close to the top of this file, you’re replacing the body of the method, you can fully replace lines 47-50. I’d make a PR but don’t want to take it from @tagdara within any shorter timeframe
Thanks for reminding me! I made that pull request this morning. I also added https://github.com/librespot-org/librespot-java/pull/780 which has my development Dockerfile that I use for compiling librespot-java.
I'm not a Java programmer either, although I've been using these changes as an excuse to learn how to do so.
Since the issues is not closed: This solution works for all (temporary) failures (and recovers after fixed). Roughly, it takes all urls and uses the first (randomly chosen) one which works. Code can be found at https://github.com/notalexa/librespot-java/tree/broken-server-fixes
