Genvid Forum

Getting SSL to work for data feed in Twitch extension


#1

Hey all! Not a bug, but still a tricky spot that I’m having some problems with -

I have a Genvid project based on the Unity sample with a services, game, and web component. I also have the front-facing portion of a Twitch extension working. Unfortunately for the extension to talk to the web component (which will act as the EBS), all transactions have to be performed over SSL.

This was easy enough with web calls - I have a self-signed certificate on the web portion, and it is serving up content over HTTPS. When it comes to the data stream subscription, however, I am hitting a bit of a wall. I have tried requesting the WS:// stream using WSS:// instead, but that doesn’t seem to work - I suspect the service providing the stream returned with /api/public/channels/join/ is not using the same cert?

Is there a way to get a secure stream of frame data?

Thanks!
Lucas


#2

Hi Lucas,

Fabien is working on this now and will get back to you as soon as possible.

Thanks,
Sophie


#3

Yes, at least, not necessarily.

I add a post to explain a bit more how to do it: Did the websocket server support SSL?

If I understand correctly, also, you should have received a working example from Chris.

Please note too that, with self-signed certificates, your browser need to pre-approved them before it can be used on websockets. If you don’t, the websockets connection will simply failed without the browser telling you.


#4

Hey Fabien!

I did receive some extension code to look at - but it looks like there is another socket server spooled up that handles the passing of data back and forth between the EBS and the viewer - I was hoping to be able to get the main stream working so that I could get individual frame data.

That answer helped a bunch, though! I think it should be loading the cert correctly (at least the load command didn’t complain) however when I try to use the web API I still receive a “Firefox can’t establish a connection to the server at wss://34.205.171.232:30273/” message and then a “Web socket error” message.

Just to make sure I am not missing some step:

  1. I make a call to the web service over HTTPS at the /api/public/channels/join endpoint and receive the following JSON:
    {"info":{"name":"unity sample","description":"Genvid Technologies Unity3D Sample","game":"unitySample","service":"twitch","channel":"rust_lucas","delayoffset":0,"videowidth":1280,"videoheight":720,"ntpuri":"http://34.205.171.232:30273/v1/ntp"},"uri":"ws://34.205.171.232:30273","token":"dc791d691e1160143c32ba279570dccf"}

  2. That looks good, except that the websocket uri and the ntpuri values are not over SSL, so I perform a string replacement on each - joinRep.uri.replace('ws:','wss:') and joinRep.info.ntpuri.replace('http:','https:') respectively)

  3. The JSON is now:
    {"info":{"name":"unity sample","description":"Genvid Technologies Unity3D Sample","game":"unitySample","service":"twitch","channel":"rust_lucas","delayoffset":0,"videowidth":1280,"videoheight":720,"ntpuri":"https://34.205.171.232:30273/v1/ntp"},"uri":"wss://34.205.171.232:30273","token":"dc791d691e1160143c32ba279570dccf"}

  4. I pass this into the genvid.createGenvidClient() call, add a frame listener, and attempt to start the client:
    var client = genvid.createGenvidClient(joinRep.info, joinRep.uri, joinRep.token, null,{controls:1});

    client.onDraw((frame) => { NewFrameReceived(frame); });

    client.start();

  5. I receive the above errors on client.start();

I wonder if it’s that the certificate hasn’t been accepted for the socket server, as you mention, but I’m not sure how to trust that cert - I’ve tried manually adding it to the certificate list in Chrome but I still get the error, “WebSocket connection to ‘wss://34.205.171.232:30273/’ failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR” when attempting to connect, and I can’t seem to find a place to add it in Firefox. I have added the cert for the HTTPS back-end, and that seems to work fine, but I can’t directly request the socket and have the browser request if I’d like to add it.


#5

Hi Lucas,

The service should sent you the correct URL, either wss if SSL is activated or SSL. Not that the default services job definition doesn’t have the environment variables set, and so SSL is not activated by default on it. You have to made a custom services.nomad.tmpl has shown in the previous post.