Question / Help Unable to Live Stream to Facebook Live over rtmps://

#1
Hoping someone can point out that I am doing something wrong. I have not been able to connect to Facebook Live over rtmps using the latest off of master, version 23.0.1-151-g29a1a97-modified (linux), on Centos 7. I have verified that mbed-tls development libraries are installed and it is being used by OBS.

The issue I am facing are relevant to these lines in the log file.
Code:
Mar 27 18:55:16 fbc-video nautilus-classic.desktop: info: [rtmp stream: 'adv_stream'] Connecting to RTMP URL rtmps://live-api-s.facebook.com:443/rtmp/...
Mar 27 18:55:16 fbc-video nautilus-classic.desktop: info: RTMP_Connect1, TLS_Connect failed: -0x7680
Mar 27 18:55:16 fbc-video nautilus-classic.desktop: info: [rtmp stream: 'adv_stream'] Connection to rtmps://live-api-s.facebook.com:443/rtmp/ failed: -2
OBS is not able to complete the handshake and the error from mbed-tls is 0x7680. That error is found in ssl.h in mbed-tls.
Code:
#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680
Has anyone else faced this issue? How did you fix it? Surely you can disable cert verification in mbed-tls. I do not know how to do it without digging into mbed-tls.

Any help is appreciated.
 
#2
Figured it out after some digging into mbed-tls forums. I updated plugins/obs-outputs/librtmp/rtmp_sys.h with MBEDTLS_SSL_VERIFY_OPTIONAL from MBEDTLS_SSL_VERIFY_REQUIRED.

Code:
124 #define TLS_client(ctx,s)       \
125   s = malloc(sizeof(mbedtls_ssl_context));\
126   mbedtls_ssl_init(s);\
127   mbedtls_ssl_setup(s, &ctx->conf);\
128         mbedtls_ssl_config_defaults(&ctx->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);\
129   mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);\
130         mbedtls_ssl_conf_rng(&ctx->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg)
131
132 #define TLS_server(ctx,s)\
133   s = malloc(sizeof(mbedtls_ssl_context));\
134   mbedtls_ssl_init(s);\
135   mbedtls_ssl_setup(s, ctx->conf);\
136         mbedtls_ssl_conf_endpoint(ctx->conf, MBEDTLS_SSL_IS_SERVER);\
137   mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);\
138         mbedtls_ssl_conf_rng(ctx->conf, mbedtls_ctr_drbg_random, ctx->ctr_drbg);\
139         mbedtls_ssl_conf_own_cert(ctx->conf, &ctx->cert, &ctx->key);\
140         mbedtls_ssl_conf_dh_param_bin(ctx->conf,\
141     (const unsigned char *)my_dhm_P, strlen(my_dhm_P),\
142     (const unsigned char *)my_dhm_G, strlen(my_dhm_G))
I am sure there is a proper way to do this, but for now I just need it to work.
 
#3
I am having the exact same issue, I believe. I have been using RTMP for Facebook Live (I just heard for the first time that it is being deprecated) and I have always been unable to stream with RTMPS/SSL.
I'm on Ubuntu 18.10. I just installed (via apt) OpenSSL and ffmpeg. Obviously I updated the server URL and stream key. I have had no luck...

I suppose an RTMPS module wasn't loaded...?

Code:
08:54:21 AM.214: FFMPEG VAAPI supported
08:54:21 AM.287: VLC found, VLC video source enabled
08:54:21 AM.288: ---------------------------------
08:54:21 AM.288:   Loaded Modules:
08:54:21 AM.288:     vlc-video.so
08:54:21 AM.288:     text-freetype2.so
08:54:21 AM.288:     rtmp-services.so
08:54:21 AM.288:     obs-x264.so
08:54:21 AM.288:     obs-transitions.so
08:54:21 AM.288:     obs-outputs.so
08:54:21 AM.288:     obs-libfdk.so
08:54:21 AM.288:     obs-filters.so
08:54:21 AM.288:     obs-ffmpeg.so
08:54:21 AM.288:     linux-v4l2.so
08:54:21 AM.288:     linux-pulseaudio.so
08:54:21 AM.288:     linux-jack.so
08:54:21 AM.288:     linux-decklink.so
08:54:21 AM.288:     linux-capture.so
08:54:21 AM.288:     linux-alsa.so
08:54:21 AM.288:     image-source.so
08:54:21 AM.288:     frontend-tools.so
08:54:21 AM.288:     decklink-ouput-ui.so
08:54:21 AM.288: ---------------------------------
08:54:21 AM.292: ==== Startup complete ===============================================
And here is the error from trying to start the stream;

Code:
09:03:00 AM.015: libfdk_aac encoder created
09:03:00 AM.015: libfdk_aac bitrate: 192, channels: 2
09:03:00 AM.016: [rtmp stream: 'adv_stream'] Connecting to RTMP URL rtmps://live-api-s.facebook.com:443/rtmp/...
09:03:00 AM.103: RTMP_Connect1, no SSL/TLS support
09:03:00 AM.104: [rtmp stream: 'adv_stream'] Connection to rtmps://live-api-s.facebook.com:443/rtmp/ failed: -2
09:03:00 AM.104: ==== Streaming Stop ================================================
I really need to figure out what I'm doing wrong before May...
 
#5
I'm seeing the exact same error message as evinrude. I suspect it's related to Rpmfusion's packaging, as I'm seeing this in Fedora 29. I've opened a bug at https://bugzilla.rpmfusion.org/show_bug.cgi?id=5237

I suspect mbed-tls is simply not able to find a ca-bundle.

It looks like SparkplugEsquire is seeing an unrelated problem, though the end result is probably the same.
I have Fedora 29 on a personal SSD. I brought it on campus and booted from it, and I have the exact same issue, as far as I can tell.
 

R1CH

Forum Admin
Developer
#6
OBS currently expects CA certs to be in /etc/ssl/certs/. If they are in a different location please let us know, we can add additional CA search paths to the mbed TLS init.

Note that the "RTMP_Connect1, no SSL/TLS support" means the version of OBS you're using was built without RTMPS / mbedTLS.
 

4nrkey

New Member
#7
Hi there,

I'm experiencing the same problem here.

My log : https://obsproject.com/logs/JhIMAfQ-YwCcC80S

06:44:16.988: [rtmp stream: 'simple_stream'] Connecting to RTMP URL rtmps://live-api-s.facebook.com:443/rtmp/...
06:44:17.093: RTMP_Connect1, no SSL/TLS support
06:44:17.093: [rtmp stream: 'simple_stream'] Connection to rtmps://live-api-s.facebook.com:443/rtmp/ failed: -2


Figured it out after some digging into mbed-tls forums. I updated plugins/obs-outputs/librtmp/rtmp_sys.h with MBEDTLS_SSL_VERIFY_OPTIONAL from MBEDTLS_SSL_VERIFY_REQUIRED.
@evinrude : How did you manage to do it? I searched a bit in the forums and can't find an answer. If you have the link to where you found a solution, it would be very appreciated.

OBS currently expects CA certs to be in /etc/ssl/certs/. If they are in a different location please let us know, we can add additional CA search paths to the mbed TLS init.

Note that the "RTMP_Connect1, no SSL/TLS support" means the version of OBS you're using was built without RTMPS / mbedTLS.
@R1CH :
There is a file named ca-certificates.crt in the folder /etc/ssl/certs/ . Should I look for something specific in this folder? And should I update my OBS version to be able to broadcast live on Facebook? I intalled OBS a week ago for the first time, and I don't see any update.
 
#8
Hi there,

I'm experiencing the same problem here.

My log : https://obsproject.com/logs/JhIMAfQ-YwCcC80S

06:44:16.988: [rtmp stream: 'simple_stream'] Connecting to RTMP URL rtmps://live-api-s.facebook.com:443/rtmp/...
06:44:17.093: RTMP_Connect1, no SSL/TLS support
06:44:17.093: [rtmp stream: 'simple_stream'] Connection to rtmps://live-api-s.facebook.com:443/rtmp/ failed: -2
There are two distinct issues in this thread. The simple problem is OBS compiled without SSL support. That's the issue your log indicates. If you built OBS from source, you will need to re-compile with ssl support.

The other issue is that when connecting to Facebook, the SSL connection fails, complaining that the Facebook SSL certificate won't verify. The CA bundle is symlinked in /etc/ssl/certs as expected, so I'm sorta stumped as to what the root problem is there. It seems fairly reproducible on Fedora/RPMFusion.

I wonder if it would be possible to split this thread into the two separate issues.
 

4nrkey

New Member
#9
If you built OBS from source, you will need to re-compile with ssl support.
I'm running Linux mint, and everythng is user friendly, so I have little idea how to compile OBS with or without SSL support. I just clicked install and it "worked". I wouldn't be able to recompile it, it's out of my capacities unless provided with a good step by step procedure.

On the other forum you posted the bug on, you said "The workaround has been to stream with RTMP-- without ssl." How do I do that? I tried to remove the "s" from the facebook streaming URL in OBS, and of course it doesn't work! ;) I see the code evinrude posted, but I don't know how to apply it. I would be grateful if you could help me with that. So far, I entered the #define line in the terminal and it returned nothing.

Thank you!
 
#10
Hi there,

I'm experiencing the same problem here.

My log : https://obsproject.com/logs/JhIMAfQ-YwCcC80S

06:44:16.988: [rtmp stream: 'simple_stream'] Connecting to RTMP URL rtmps://live-api-s.facebook.com:443/rtmp/...
06:44:17.093: RTMP_Connect1, no SSL/TLS support
06:44:17.093: [rtmp stream: 'simple_stream'] Connection to rtmps://live-api-s.facebook.com:443/rtmp/ failed: -2




@evinrude : How did you manage to do it? I searched a bit in the forums and can't find an answer. If you have the link to where you found a solution, it would be very appreciated.



@R1CH :
There is a file named ca-certificates.crt in the folder /etc/ssl/certs/ . Should I look for something specific in this folder? And should I update my OBS version to be able to broadcast live on Facebook? I intalled OBS a week ago for the first time, and I don't see any update.
@4nrkey Sorry for the late response. I was never notified via email that anyone was responding to this thread. All I did was modify the code as I explained in my second post to get around the SSL issues. I did not update the ca certs on the box. I just wanted it to work and I am a Software Developer by trade so this was an easy fix for me to just "get it working".
 
#11
I'm running Linux mint, and everythng is user friendly, so I have little idea how to compile OBS with or without SSL support. I just clicked install and it "worked". I wouldn't be able to recompile it, it's out of my capacities unless provided with a good step by step procedure.

On the other forum you posted the bug on, you said "The workaround has been to stream with RTMP-- without ssl." How do I do that? I tried to remove the "s" from the facebook streaming URL in OBS, and of course it doesn't work! ;) I see the code evinrude posted, but I don't know how to apply it. I would be grateful if you could help me with that. So far, I entered the #define line in the terminal and it returned nothing.

Thank you!
You'll also need to change the "443" in the URL to "80".
 
#12
Figured it out after some digging into mbed-tls forums. I updated plugins/obs-outputs/librtmp/rtmp_sys.h with MBEDTLS_SSL_VERIFY_OPTIONAL from MBEDTLS_SSL_VERIFY_REQUIRED.

Code:
124 #define TLS_client(ctx,s)       \
125   s = malloc(sizeof(mbedtls_ssl_context));\
126   mbedtls_ssl_init(s);\
127   mbedtls_ssl_setup(s, &ctx->conf);\
128         mbedtls_ssl_config_defaults(&ctx->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);\
129   mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);\
130         mbedtls_ssl_conf_rng(&ctx->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg)
131
132 #define TLS_server(ctx,s)\
133   s = malloc(sizeof(mbedtls_ssl_context));\
134   mbedtls_ssl_init(s);\
135   mbedtls_ssl_setup(s, ctx->conf);\
136         mbedtls_ssl_conf_endpoint(ctx->conf, MBEDTLS_SSL_IS_SERVER);\
137   mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);\
138         mbedtls_ssl_conf_rng(ctx->conf, mbedtls_ctr_drbg_random, ctx->ctr_drbg);\
139         mbedtls_ssl_conf_own_cert(ctx->conf, &ctx->cert, &ctx->key);\
140         mbedtls_ssl_conf_dh_param_bin(ctx->conf,\
141     (const unsigned char *)my_dhm_P, strlen(my_dhm_P),\
142     (const unsigned char *)my_dhm_G, strlen(my_dhm_G))
I am sure there is a proper way to do this, but for now I just need it to work.
Hey man this works for me! Thank you for posting this workaround!
https://www.youtube.com/watch?v=gOj7j8V7nTg
hope someone else found this helpful ;)
 
Top