[elcaron80]

Hi,

I am trying to remotely connect to an Emby instance via an Apache2-SSL-proxy. The Apache2 server with letsencrypt gets an A+ rating from Qualys, and another Kodi 16 instance can successfully connect.

Now, I am trying to setup Kodi 17 with the Emby addon beta.

- Login issues to the server where solved with pip updating "requests" from minor version 10 to 13

I am still stuck with more or less randomly (but most of the time) showing the following errors:

Code:

23:36:24.651 T:140640650262272  NOTICE: EMBY.default_movies -> Parameter string: ?dbid=57&mode=play&id=b909fe8ad4b55d2a5ffc91a628e382fa&filename=MyMovie.2016..BluRay..mkv
23:36:24.704 T:140640650262272  NOTICE: EMBY.downloadutils -> ERROR:: Invalid SSL certificate for: https://emby.example.net:443/emby/Users/someid/Items/someid?format=json
23:36:24.706 T:140640650262272   ERROR: EXCEPTION Thrown (PythonToCppException) : -->Python callback/script returned the following error<--
                                             - NOTE: IGNORING THIS CAN LEAD TO MEMORY LEAKS!
                                            Error Type: <class 'requests.exceptions.SSLError'>
                                            Error Contents: ('bad handshake: SysCallError(0, None)',)
                                            Traceback (most recent call last):
                                              File "/home/examplemyuser/.kodi/addons/plugin.video.emby.movies/default.py", line 50, in <module>
                                                entrypoint.doPlayback(itemid, dbid)
                                              File "/home/myuser/.kodi/addons/plugin.video.emby/resources/lib/entrypoint.py", line 45, in doPlayback
                                                item = emby.getItem(itemId)
                                              File "/home/myuser/.kodi/addons/plugin.video.emby/resources/lib/read_embyserver.py", line 113, in getItem
                                                item = self.doUtils.downloadUrl("{server}/emby/Users/{UserId}/Items/%s?format=json" % itemid)
                                              File "/home/myuser/.kodi/addons/plugin.video.emby/resources/lib/downloadutils.py", line 259, in downloadUrl
                                                response = self._requests(action_type, session, **kwargs)
                                              File "/home/myuser/.kodi/addons/plugin.video.emby/resources/lib/downloadutils.py", line 380, in _requests
                                                response = session.get(**kwargs)
                                              File "/home/myuser/.kodi/addons/script.module.requests/lib/requests/api.py", line 70, in get
                                                return request('get', url, params=params, **kwargs)
                                              File "/home/myuser/.kodi/addons/script.module.requests/lib/requests/api.py", line 56, in request
                                                return session.request(method=method, url=url, **kwargs)
                                              File "/home/myuser/.kodi/addons/script.module.requests/lib/requests/sessions.py", line 488, in request
                                                resp = self.send(prep, **send_kwargs)
                                              File "/home/myuser/.kodi/addons/script.module.requests/lib/requests/sessions.py", line 609, in send
                                                r = adapter.send(request, **kwargs)
                                              File "/home/myuser/.kodi/addons/script.module.requests/lib/requests/adapters.py", line 497, in send
                                                raise SSLError(e, request=request)
                                            SSLError: ('bad handshake: SysCallError(0, None)',)
                                            -->End of Python script error report<--
23:36:24.737 T:140640650262272 WARNING: CPythonInvoker(6, /home/myuser/.kodi/addons/plugin.video.emby.movies/default.py): the python script "/home/myuser/.kodi/addons/plugin.video.emby.movies/default.py" has left several classes in memory that we couldn't clean up. The classes include: N9XBMCAddon9xbmcaddon5AddonE
23:36:24.749 T:140643334241792   ERROR: PlayMedia could not play media: plugin://plugin.video.emby.movies/?dbid=57&mode=play&id=someid&filename=MyMovie.2016..BluRay..mkv

and

Code:

23:50:58.004 T:140342919374592  NOTICE: Creating InputStream
23:50:58.183 T:140342919374592   ERROR: CCurlFile::FillBuffer - Failed: SSL connect error(35)
23:50:58.183 T:140342919374592   ERROR: CCurlFile::Open failed with code 0 for https://emby.example.net:443/emby/Videos/someid/stream?static=true
23:50:58.184 T:140342919374592   ERROR: Open - failed to open source <https://emby.example.net:443/emby/Videos/someid/stream?static=true>
23:50:58.184 T:140342919374592   ERROR: CVideoPlayer::OpenInputStream - error opening [https://emby.example.net:443/emby/Videos/someid/stream?static=true]
23:50:58.184 T:140342919374592  NOTICE: CVideoPlayer::OnExit()
23:50:58.184 T:140345424244224   ERROR: Playlist Player: skipping unplayable item: 1, path [plugin://plugin.video.emby.tvshows/someid/?dbid=296&mode=play&id=someid&filename=MyOtherTVSeries.mkv]

I cannot really make out a scheme when what happens.

I think maybe forcing the connections to IPv4 with an /etc/hosts entry did something (since then, most of the thumbnails show up), but I am not sure.

Any ideas about this? As I said, it is working with Kodi 16 and the Emby stable, but from the trace, it seems to be a kodi issue if I am not wrong.

[wsnipex]

it is not a kodi issue, your system simply cannot verify the certificate because it doesn't know the Cert Authority.

Download the CA Root cert(or an appropriate intermediate) and install it with trust anchor

try to download the file with curl or wget from the command line first.

[elcaron80]

My system in general can verify the certificate, letsencrypt is known as a cert authority. I don't know if python has its own store, but there are reasons that stand against the assumption that the root cert or an intermediate is missing:
- I can open the URL in the browser without problems
- Login and synchronization with Emby worked since I updated the requests python package. This is only possible via HTTPS (everything else is behind the firewall)
- I get thumbnails for most videos

Lately I only get the second (error(35)), but I never explicitly installed any certificates.

[elcaron80]

Ok, this is weird. My pip command seems to have been linked to pip3. Strangely, updating the requests package there enabled the login. After I updated requests with pip2, playback is now working.

[elcaron80]

Nope, now it is error 35 again

[elcaron80]

And after changing from the python3-pycurl package from apt to pip's pycurl package, it is the certificate issue again.
curl on the command line, however, has no issues with the certificate.

I wonder if error(35) is the same issue but with pycurl linked against gnutls (from apt) instead of openssl (from pip). I have no idea, though, where to put the certificate and why https login and synchronisation works.

[elcaron80]

Ok, removing pyopenssl from both python2 and python3 seems to have done the trick.

So, recap:
- Update requests with pip for both python2 and python3
- Install/update pycurl with pip for both python2 and python3
- Uninstall pyOpenssl for both python2 and python3

[Mave]

Ok, removing pyopenssl from both python2 and python3 seems to have done the trick.

So, recap:
- Update requests with pip for both python2 and python3
- Install/update pycurl with pip for both python2 and python3
- Uninstall pyOpenssl for both python2 and python3

You're a hero! I had the same problem with a webdav source and i couldn't figure out the problem. This solved my problem too!
The only problem now is that 'letsencrypt renew' doesn't work anymore on the machine running kodi because of the missing openssl package. Is there any workaround for that?

*edit*
It seems that updating pyopenssl does the trick too, maybe the default 16.2 version is outdated, after updating i am at 17.0.0.