RTMPS
Holger
I've looked through the list archive quite a bit, but couldn't find a
solution to my problem there. I'm trying to use RTMPS in the latest
version of OpenMeetings (Windows clients only at this point), so I've
enabled RTMPS in red5 and in the client configuration. I have added a
valid certificate (plus CA and intermediate cert) to the keystore. I
can see that the client does indeed try to use RTMPS, but get the
following log message:
[WARN] [Red5_Scheduler_Worker-2]
org.red5.server.net.rtmp.RTMPConnection - Closing RTMPMinaConnection
from 93.202.123.176 : 55110 to null (in: 294 out 597 ), with id 1 due
to long handshake
I get the same message also if I try to use the builtin keystore
without my valid certificate - however, when I was using a password on
the certificate's key that was different from the keystore's, I got a
different error.
Does RTMPS work at all? There was some talk on the list about "native"
RTMPS about a year ago, has that discussion led to any changes and are
they documented anywhere? Any help would be much appreciated - I'm
quite excited about OpenMeetings, but do need RTMPS support to be able
to use it.
Best regards,
Holger
seba....@gmail.com
you should use native SSL, we will publish a guide soon.
However the screensharing and recording has no SSL feature yet.
We hope to fix that when the guide is ready.
Sebastian
--
You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
To post to this group, send email to openmeet...@googlegroups.com.
To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
--
Sebastian Wagner
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba....@gmail.com
Holger Rabbach (ICT)
Hi Sebastian,
Sounds good – screensharing and recording are not of high importance at this point, so I can live without them until this is fixed. I’ll keep an eye open for the guide to be published. Thanks for your quick response.
Holger
OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 0JG - United Kingdom
Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales)
nexus
On Oct 7, 9:52 am, "Holger Rabbach (ICT)" <Holger.Rabb...@om.org>
wrote:
> Hi Sebastian,
>
> Sounds good - screensharing and recording are not of high importance at this point, so I can live without them until this is fixed. I'll keep an eye open for the guide to be published. Thanks for your quick response.
>
> Holger
>
> [cid:image001....@01CC8509.237C99B0]
> From: openmeet...@googlegroups.com [mailto:openmeet...@googlegroups.com] On Behalf Of seba.wag...@gmail.com
> Sent: Freitag, 7. Oktober 2011 15:49
> To: openmeet...@googlegroups.com
> Subject: Re: [openmeetings-user] RTMPS
>
> Hallo Holger,
>
> you should use native SSL, we will publish a guide soon.
>
> However the screensharing and recording has no SSL feature yet.
> We hope to fix that when the guide is ready.
>
> Sebastian
>
> I've looked through the list archive quite a bit, but couldn't find a
> solution to my problem there. I'm trying to use RTMPS in the latest
> version of OpenMeetings (Windows clients only at this point), so I've
> enabled RTMPS in red5 and in the client configuration. I have added a
> valid certificate (plus CA and intermediate cert) to the keystore. I
> can see that the client does indeed try to use RTMPS, but get the
> following log message:
>
> [WARN] [Red5_Scheduler_Worker-2]
> org.red5.server.net.rtmp.RTMPConnection - Closing RTMPMinaConnection
>
> I get the same message also if I try to use the builtin keystore
> without my valid certificate - however, when I was using a password on
> the certificate's key that was different from the keystore's, I got a
> different error.
>
> Does RTMPS work at all? There was some talk on the list about "native"
> RTMPS about a year ago, has that discussion led to any changes and are
> they documented anywhere? Any help would be much appreciated - I'm
> quite excited about OpenMeetings, but do need RTMPS support to be able
> to use it.
>
> Best regards,
> Holger
>
> --
> You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
> To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com<mailto:openmeetings-user%2Bunsubs...@googlegroups.com>.
>
> --
> Sebastian Wagnerhttp://www.openmeetings.dehttp://www.webbase-design.dehttp://www.wagner-sebastian.com
> You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
> To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com<mailto:openmeetings-user+unsubsc...@googlegroups.com>.
> For more options, visit this group athttp://groups.google.com/group/openmeetings-user?hl=en.
> ________________________________
> OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 0JG - United Kingdom
> Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales)
>
> 28KViewDownload
I did a lot of work a while back using RTMPS with Openmeetings and it
works well. Sounds like you have the Red5 side set up. In order to get
native SSL RTMPS to work with Openmeetings you have to checkout and
download the source and add the following bit of code to the following
file: WebContent\openmeetings\base\remote\rtmpConnection.lzx
this._nc = new NetConnection();
// local reference to rtmpconnection
this._nc.t = this;
this._nc.proxyType = "best"; --This is the line that
you have to add
After you add this line and build the app using the instructions on
the build page, RTMPS will work.
In short, this line is necessary to tell the Flash player to try
native SSL first before trying to go through other methods.
I have successfully used native SSL RTMPS using openmeetings with
Windows, Mac, and Linux clients. It sounds like you have your keystore
set up so this should be all you need.
I have been able to use the screensharer while using RTMPS but had to
hard code the port in the source to use my RTMP port. So the
screensharer has not been encrypted. I have recently been trying to
build an RTMPS screensharer but have not been sucessful yet. I am
looking forward to the guide mentioned as this should help with this
quite a bit. I hope this is helpful.
Holger Rabbach (ICT)
Holger
-----Original Message-----
From: openmeet...@googlegroups.com [mailto:openmeet...@googlegroups.com] On Behalf Of nexus
Sent: Samstag, 8. Oktober 2011 02:01
To: OpenMeetings User
Subject: [openmeetings-user] Re: RTMPS
[...]
I did a lot of work a while back using RTMPS with Openmeetings and it works well. Sounds like you have the Red5 side set up. In order to get native SSL RTMPS to work with Openmeetings you have to checkout and download the source and add the following bit of code to the following
file: WebContent\openmeetings\base\remote\rtmpConnection.lzx
this._nc = new NetConnection();
// local reference to rtmpconnection
this._nc.t = this;
this._nc.proxyType = "best"; --This is the line that
you have to add
After you add this line and build the app using the instructions on the build page, RTMPS will work.
In short, this line is necessary to tell the Flash player to try native SSL first before trying to go through other methods.
I have successfully used native SSL RTMPS using openmeetings with Windows, Mac, and Linux clients. It sounds like you have your keystore set up so this should be all you need.
I have been able to use the screensharer while using RTMPS but had to hard code the port in the source to use my RTMP port. So the screensharer has not been encrypted. I have recently been trying to build an RTMPS screensharer but have not been sucessful yet. I am looking forward to the guide mentioned as this should help with this quite a bit. I hope this is helpful.
--
You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
To post to this group, send email to openmeet...@googlegroups.com.
To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Holger Rabbach (ICT)
seba....@gmail.com
as Nexus did explain, he was using NATIVE SSL not RTMPS.
Also it does require to change source code and recompile that client.
Our guide will be quite similar to what Nexus has done.
Sebastian
nexus
On Oct 10, 9:37 am, "seba.wag...@gmail.com" <seba.wag...@gmail.com>
wrote:
>
> as Nexus did explain, he was using NATIVE SSL not RTMPS.
> Also it does require to change source code and recompile that client.
>
> Our guide will be quite similar to what Nexus has done.
>
> Sebastian
>
>
> - Show quoted text -
Sebastian is correct. I have been using native SSL rather than RTMP
tunneled over HTTPS. I downloaded a new copy of the source last week,
I believe it was r4355 and didn't have any problems. I plan on
downloading 1.8.4 later this week and will let you know, but it sounds
like maybe there is an issue somewhere in your red5 configuration.
Also, it is very important to access your application by the dns name
that you registered your cert by. Native SSL will not work by IP if
you registered your cert to openmeetings.org for example. You may also
have to put in the path to your keystore in your red5.sh or red5.bat.
For example, if you were running a linux server and red5 was installed
in the /tomcat/red5 directory and the keystore was in the conf
directory of red 5 you could put the following in red5.sh in the
JAVA_OPTS section:
$JAVA_OPTS -Djavax.net.ssl.keyStore=/tomcat/red5/conf/keystore
Also, make sure to check you logs to make sure that the RTMPS context
is loading. For example, you should see things like this somewhere in
your logs if you are running RTMPS traffice over 8443 :
2011-10-10 8:18:20,839 [main] INFO o.r.s.net.rtmp.RTMPMinaTransport -
RTMP Mina Transport bound to /0.0.0.0:8443
2011-10-10 8:18:23,099 [main] INFO
o.r.server.tomcat.rtmps.RTMPSLoader - Loading RTMPS context
2011-10-10 8:18:23,150 [main] INFO
o.r.server.tomcat.rtmps.RTMPSLoader - Connector info:
org.apache.catalina.connector.Connector/2.1
2011-10-10 8:18:23,258 [main] INFO
o.r.server.tomcat.rtmps.RTMPSLoader - Starting RTMPS engine
Holger Rabbach (ICT)
Hi Sebastian,
I thought that’s what I had set up. I did change the source code and recompile. And looking at http://gregoire.org/2009/11/12/native-rtmps-in-red5/, that’s pretty much what I did. Maybe a clarification is needed as to what the difference between RTMPS and native SSL is – I thought they were the same thing… even Nexus talks about “native RTMPS” in his mailing list posts from last year…
Holger
, Oktober 2011 15:37
To: openmeet...@googlegroups.com
Subject: Re: [openmeetings-user] Re: RTMPS
Holger Rabbach (ICT)
Sorry to come back to this old message, but I'm still confused. I did edit the client source (to add the "best" proxy type), recompiled and installed it and I did import the certificate into the keystore. Running tcpdump on my server, I can see the only ports being used (and actually even attempted) are 5080 and 1935 - I can also see that all traffic is unencrypted. The client obviously never even tries any kind SSL connection. For debugging purposes, which ports would I expect to see traffic on if it worked? Or would it try to negotiate a TLS connection on port 1935? Unfortunately Google removed all the pages on Google Groups, so the short howto that Nexus put together last year is no longer available. I'm not getting anywhere here, even though I've tried various things already, including modifying red5-core.xml to include the beans needed for RTMPS (still, since the client never even tries to connect to that additional port, it would seem to make no difference). I'd just wait for the promised bits of documentation, but since I'm working on a prototype installation for a study project, I have a deadline hanging over my head and even though it wouldn't be the end of the world if I couldn't, it would be nice if I could actually demonstrate to my tutor that the required security mechanisms already work and aren't "going to work" at some later date :). Not trying to put any pressure on anyone here, just trying to explain why I'm so persistent in coming back to this topic. I really appreciate the amount of work that's going into OpenMeetings and the helpful responses here on this list.
Best regards,
Holger
-----Original Message-----
From: openmeet...@googlegroups.com [mailto:openmeet...@googlegroups.com] On Behalf Of nexus
Sent: Samstag, 8. Oktober 2011 02:01
To: OpenMeetings User
Subject: [openmeetings-user] Re: RTMPS
this._nc = new NetConnection();
To post to this group, send email to openmeet...@googlegroups.com.
To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
seba....@gmail.com
Btw: What did fail in your case with the RTMPSClient? I have submited some problems to the forums but not yet clear what the result will be.
Sebastian
nexus
I have submitted the RTMPS setup guide that I posted a while back
under Issue 1543. I couldn't find another place to upload it to. I
think that I am getting close on an RTMPS client. The origianl issue I
ran into was that the red5-screenshare was getting compiled against an
older red5.jar that did not have the RTMPSClient, it was using the
older TomcatRTMPS which I believe is RTMP tunneled over HTTPS. I then
compiled the client against the newer red5.jar included in Red5 1.0RC1
with a minor modification and the client does compile. After compiling
it and running the client, I was getting some classes not found errors
to do with logging that has changed in Red5 1.0RC1. I then updated the
logback.jar that the screenshare client is compiled against which
eliminated those errors. Now, I am just getting errors associated with
slf4j classes not being found. I am checking into that now and plan on
doing some tests this week. I will post later in the week where I am
at as well as any possible issues. I can post my source as well. I
really love the work that you have done and wouldn't mind helping
contributing towards this.
On Oct 13, 5:24 pm, "seba.wag...@gmail.com" <seba.wag...@gmail.com>
wrote:
> Btw: What did fail in your case with the RTMPSClient? I have submited some
> problems to the forums but not yet clear what the result will be.
>
> Sebastian
>
> > openmeetings-u...@googlegroups.com<mailto:
> > openmeetings-user%2Bunsubs...@googlegroups.com>.
> > groups.google.com/group/openmeetings-user?hl=en.
>
> > > --
> > > Sebastian
> > > .wagner-sebastian.com
> > > seba.wag...@gmail.com<mailto:seba.wag...@gmail.com>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > "OpenMeetings User" group.
> > > To post to this group, send email to openmeet...@googlegroups.com
seba....@gmail.com
sounds geat, let us know if there is an issue, maybe we do currently
work on the same things ^^
Sebastian
2011/10/15 nexus <nexu...@gmail.com>:
--
Holger Rabbach (ICT)
dormi...@gmx.de
Holger Rabbach (ICT)
Hi Ed,
All I really did was follow the instructions in the document attached to issue 1543 in the issue tracker (and apply some manual “error correction” to it). I’m still running the HTTP part unencrypted at the moment, but plan to switch to HTTPS soon - I guess that should also close the unencrypted password gap.
Best regards,
Holger
From: openmeet...@googlegroups.com [mailto:openmeet...@googlegroups.com] On Behalf Of dormi...@gmx.de
Sent: Dienstag, 18. Oktober 2011 12:26
To: openmeet...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
To view this discussion on the web visit https://groups.google.com/d/msg/openmeetings-user/-/ibkIud3kMVEJ.
To post to this group, send email to
openmeet...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-u...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
seba....@gmail.com
RTMPS is used not only for the video part but also for all DATA laoding/RPC/RMI like calls.
The only additional thing you will encrypt by using HTTPS instead of HTTP is sending profile images, download/pload documents and loading the SWF/html file with the application from the server encrypted.
Sebastian
--
Sebastian Wagner
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba....@gmail.com
nexus
the HTTPS part in case you wanted it, but like Sebastian said it is
not needed since little data is transferred over HTTP. I don't use it
myself for openmeetings, but have used for other projects such as
using a Java-PHP bridge in Red5.
On Oct 18, 8:54 am, "seba.wag...@gmail.com" <seba.wag...@gmail.com>
wrote:
> server is already encrypted.
> RTMPS is used not only for the video part but also for all DATA
> laoding/RPC/RMI like calls.
>
> The only additional thing you will encrypt by using HTTPS instead of HTTP is
> sending profile images, download/pload documents and loading the SWF/html
> file with the application from the server encrypted.
>
> Sebastian
>
>
>
>
>
>
> > Hi Ed,****
>
> > ** **
> > All I really did was follow the instructions in the document attached to
> > issue 1543 in the issue tracker (and apply some manual “error correction” to
> > it). I’m still running the HTTP part unencrypted at the moment, but plan to
> > switch to HTTPS soon - I guess that should also close the unencrypted
>
> > ** **
>
> > Best regards,****
>
> > Holger****
>
> > ** **
>
> > [image: Description: holger-rabbach]****
>
> > ** **
>
> > *From:* openmeet...@googlegroups.com [mailto:
> > openmeet...@googlegroups.com] *On Behalf Of *dormiti...@gmx.de
> > *Sent:* Dienstag, 18. Oktober 2011 12:26
> > *To:* openmeet...@googlegroups.com
> > *Subject:* Re: [openmeetings-user] Re: RTMPS****
>
> > ** **
>
> > Hello Holger,****
>
> > ****
>
> > congratulations, you got it working. ****
> > We also tried to secure the use of openmeetings with RTMPS for our
> > schoolnetwork, but our work failed. So, for example, the ldap password is
>
> > ****
> > Could you write down - from the beginning to the end - how you got it
>
> > It would be so helpful.****
> > In the moment, there are so much places with partial informations and the
>
> > ****
>
> > Thanks in advance.****
>
> > ****
>
> > Greatings****
>
> > ****
>
> > Ed****
> > --
> > You received this message because you are subscribed to the Google Groups
> > "OpenMeetings User" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/openmeetings-user/-/ibkIud3kMVEJ.
> > To post to this group, send email to openmeet...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > openmeetings-u...@googlegroups.com.
> > For more options, visit this group at
>
> > ------------------------------
> > 0JG - United Kingdom
> > Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales)
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "OpenMeetings User" group.
> > To post to this group, send email to openmeet...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > openmeetings-u...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/openmeetings-user?hl=en.
>
> --
> seba.wag...@gmail.com
>
> 28KViewDownload- Hide quoted text -
dormitilla
is there a useable RTMPS implementation in the actual OM version, or
have I to change the sourcecode, like it was adivsed in some older
postings, to get it working.
@Holger Rabbach: Could you please write down your a detailed step by
step information?
Best Regards
Ed
On 19 Okt., 17:55, nexus <nexusw...@gmail.com> wrote:
> Sorry for the late reply, but I'm glad you got it working. I just put
> the HTTPS part in case you wanted it, but like Sebastian said it is
> not needed since little data is transferred over HTTP. I don't use it
> myself for openmeetings, but have used for other projects such as
> using a Java-PHP bridge in Red5.
>
> On Oct 18, 8:54 am, "seba.wag...@gmail.com" <seba.wag...@gmail.com>
> wrote:
>
>
>
> > If you are usingRTMPSthe password from the OpenMeetings client to the
> > server is already encrypted.
> >RTMPSis used not only for the video part but also for all DATA
> > > We also tried to secure the use of openmeetings withRTMPSfor our
> > Sebastian Wagnerhttp://www.openmeetings.dehttp://www.webbase-design.dehttp://www.wagn...
> > seba.wag...@gmail.com
>
> > image001.jpg
> > 28KViewDownload- Hide quoted text -
>
> > - Show quoted text -- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -
Holger Rabbach (ICT)
There is RTMPS documentation at http://code.google.com/p/openmeetings/wiki/RTMPSandHTTPS, but in only works with trunk or the nightly builds at the moment, as far as I know.
Holger
-----Original Message-----
From: openmeet...@googlegroups.com [mailto:openmeet...@googlegroups.com] On Behalf Of dormitilla
Sent: Freitag, 2. Dezember 2011 19:33
To: OpenMeetings User
Subject: [openmeetings-user] Re: RTMPS