Comments (11)
@FOXNEOAdvancedTechnology great to hear you compiled the demo app with no issues. Indeed, we do have TLS security configured in the CURL client. As you noticed correctly, this works by adding the cert to the appropriate store in the linux. Mac OS x is very similar to it. For example, a lot of the systems do come preconfigured with a set of well-known certificate fingerprints in /etc/ssl/cert.pem
file. You can add the content of the SFSRootCAG2.pem to the end of this file.
from amazon-kinesis-video-streams-producer-sdk-cpp.
My OS X (El Capitan V. 10.11.6) had no /etc/ssl directory. Even when I add one with SFSRootCAG2.pem as /etc/ssl/cert.pem, I get the same authentication problem with curl.
from amazon-kinesis-video-streams-producer-sdk-cpp.
@FOXNEOAdvancedTechnology could you please reboot the computer and then ensure the /etc/ssl/cert.pem
file has a read access for the account you are using? ls -l
.
A couple of other things to try to shed more light into the issue:
curl https://www.amazon.com
curl https://kinesisvideo.us-west-2.amazonaws.com
and see if curl is able to get at least a response.
Please respond so we can help you debug the networking issue better.
from amazon-kinesis-video-streams-producer-sdk-cpp.
OK, rebooted MacBook with OS X El Capitan 10.11.6.
$pwd
/etc/ssl
$ ls -l
total 8
-rw-r--r--@ 1 root wheel 1424 Feb 27 12:03 cert.pem
$ curl https://www.amazon.com [returns a ton of HTML as expected]
$ curl https://kinesisvideo.us-west-2.amazonaws.com
<MissingAuthenticationTokenException>
<Message>Missing Authentication Token</Message>
</MissingAuthenticationTokenException>
Still seeing:
./kinesis_video_gstreamer_sample_app VidTransDemo
...
ERROR - curl perform failed for url https://kinesisvideo.us-west-2.amazonaws.com/describeStream with result Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem: unable to get local issuer certificate
from amazon-kinesis-video-streams-producer-sdk-cpp.
@FOXNEOAdvancedTechnology I apologize for the inconvenience. Looks like the curl command is unable to refer the local cert path. Can you please navigate to <producer_sdk_path>/kinesis-video-native-build/downloads/local/bin
and run the following commands and paste the output here?
./curl-config –ca
./curl https://kinesisvideo.us-west-2.amazonaws.com --verbose
NOTE: Please use the curl binary from the downloads/local/bin
instead of the system default curl.
Thanks
Babu
from amazon-kinesis-video-streams-producer-sdk-cpp.
Also can you run otool -L kinesis_video_gstreamer_sample_app
inside kinesis-video-native-build folder and paste the output? We had a similar issue recently where the kinesis_video_gstreamer_sample_app
was referring to the system default libcurl instead of the one which we download and build as part of the install-script
.
from amazon-kinesis-video-streams-producer-sdk-cpp.
I'll note that I did get kinesis_video_gstreamer_sample_app running on Raspberry Pi on Raspian with the Pi cam, but still no luck on OS X.
Indeed, I guess if you are using your own libssl and curl that it might not obey the OS X Keychain for certs. The question is where would the downloaded libssl be looking for the certs?
$./curl-config --ca
returns a blank line!
$ ./curl https://kinesisvideo.us-west-2.amazonaws.com --verbose
* Rebuilt URL to: https://kinesisvideo.us-west-2.amazonaws.com/
* Trying 34.214.37.45...
* TCP_NODELAY set
* Connected to kinesisvideo.us-west-2.amazonaws.com (34.214.37.45) port 443 (#0)
* ALPN, offering http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ otool -L kinesis_video_gstreamer_sample_app
kinesis_video_gstreamer_sample_app:
@rpath/libproducer.dylib (compatibility version 0.0.0, current version 0.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/libgstreamer-1.0.0.dylib (compatibility version 1204.0.0, current version 1204.0.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/libgstapp-1.0.0.dylib (compatibility version 1204.0.0, current version 1204.0.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/libgobject-2.0.0.dylib (compatibility version 5401.0.0, current version 5401.2.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/libglib-2.0.0.dylib (compatibility version 5401.0.0, current version 5401.2.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/liblog4cplus-1.2.5.dylib (compatibility version 7.0.0, current version 7.4.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local//lib/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local//lib/libssl.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/googletest-release-1.8.0/googletest/libgtest.dylib (compatibility version 0.0.0, current version 0.0.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/googletest-release-1.8.0/googletest/libgtest_main.dylib (compatibility version 0.0.0, current version 0.0.0)
[redacted]/amazon-kinesis-video-streams-producer-sdk-cpp/kinesis-video-native-build/downloads/local/lib/libcurl.4.dylib (compatibility version 10.0.0, current version 10.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 120.1.0)
from amazon-kinesis-video-streams-producer-sdk-cpp.
That's exactly the problem ./curl-config --ca
should return /etc/ssl/cert.pem
. Basically curl is not able to refer the cert ca bundle and thus fails validation. curl
which was downloaded as part of the install-script uses libssl and other dependencies from the local folder (<producer_sdk_path/kinesis-video-native-build/downloads/local/lib). Looks like your curl was not build properly. Can you please reinstall curl by following below steps? This should fix the issue.
rm <producer_sdk_path>/kinesis-video-native-build/downloads/local/lib/libcurl*
rm <producer_sdk_path>/kinesis-video-native-build/downloads/local/bin/curl*
cd <producer_sdk_path>/kinesis-video-native-build/downloads/curl-7.57.0
export DOWNLOADS=<producer_sdk_path>/kinesis-video-native-build/downloads
make clean
./configure --prefix=$DOWNLOADS/local/ --enable-dynamic --disable-rtsp --disable-ldap --without-zlib --with-ssl=$DOWNLOADS/local/ --with-ca-bundle=/etc/ssl/cert.pem
make
make install
After reinstalling you can verify it by running ./curl-config --ca
. By default the curl library should pick up the default path /etc/ssl/cert.pem but looks like its not doing that it in all cases. I'll add this configure option in install-script so that it doesn't happen again.
from amazon-kinesis-video-streams-producer-sdk-cpp.
That seems to have solved the problem, thanks!
from amazon-kinesis-video-streams-producer-sdk-cpp.
Hi I'm getting the below error , Can I please get some support?
/curl https://kinesisvideo.us-west-2.amazonaws.com --verbose
CApath: none
- TLSv1.2 (OUT), TLS handshake, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server key exchange (12):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Client hello (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- TLSv1.2 (IN), TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- ALPN, server did not agree to a protocol
- Server certificate:
- subject: CN=kinesisvideo.us-west-2.amazonaws.com
- start date: Nov 21 00:00:00 2017 GMT
- expire date: Nov 21 12:00:00 2018 GMT
- subjectAltName: host "kinesisvideo.us-west-2.amazonaws.com" matched cert's "kinesisvideo.us-west-2.amazonaws.com"
- issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
- SSL certificate verify ok.
GET / HTTP/1.1
Host: kinesisvideo.us-west-2.amazonaws.com
User-Agent: curl/7.57.0
Accept: /
< HTTP/1.1 403 Forbidden
< x-amzn-RequestId: 57b17141-3b02-11e8-9c1b-dbec9b0dc602
< Content-Length: 127
< Date: Sun, 08 Apr 2018 07:56:27 GMT
<
Missing Authentication Token
from amazon-kinesis-video-streams-producer-sdk-cpp.
@dragosnicolae5555 can I ask you what you are trying to accomplish? The public APIs use AWS Sig V4 authentication aside from using TLS 1.2
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
from amazon-kinesis-video-streams-producer-sdk-cpp.
Related Issues (20)
- [QUESTION] Gstreamer event/message for streaming/connection releated issues in KVS SDK HOT 2
- [QUESTION] kvs_gstreamer_sample hanging after "pad link successful" HOT 1
- compilation error on Ubuntu HOT 1
- [QUESTION] Struggling with KVS streams on iOS HOT 6
- Not able to access media on Media Playback on Kinesis Video Streamer
- [QUESTION] Raspberry Pi からの映像送信でエラーが発生
- I am getting this error while running: cmake -DBUILD_GSTREAMER_PLUGIN=TRUE .. HOT 4
- [BUG] Streaming h.265 video from RTSP HOT 5
- [BUG] HOT 1
- [BUG] Gst plugin kvssink is built as static library
- [FEATURE] Make log level in kvssink configurable. HOT 1
- [BUG] `kvssink` occasionally generates non-monotonic PTS HOT 1
- How to resolve a "MAX_FRAGMENT_DURATION_REACHED" error when trying to stream RTSP camera feed into KVS HOT 3
- Failed to allocate memory HOT 3
- [BUG] HOT 1
- Stream video to your Kinesis video stream and view the live stream HOT 5
- [BUG] KVS Fails to build due to Threadpool.c.o issue HOT 4
- kvs_gstreamer_sample fails to run on Raspberry Pi bookworm
- [QUESTION] Streaming MP4 file data to Kinesis Video Streams results in Transferred a partial file error with CURL HOT 1
- [BUG] "Make" resulting in "incompatible pointer to integer conversion" Errors HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amazon-kinesis-video-streams-producer-sdk-cpp.