“Could not connect to radio browser server” about radiodroid HOT 30 OPEN

EDIT:At first I put this comment in wrong ticket but I see it is the same issue 😅

I might fixed it on my device by installing Root certificate from https://letsencrypt.org/certificates:
First check if you have current Root certificate of LetsEncrypt in Android Settings>security>TrustedCredentials and search for Internet Security Research Group If it is not there then try to download them (pem files) from those links or above one

• https://letsencrypt.org/certs/isrgrootx1.pem
• https://letsencrypt.org/certs/lets-encrypt-r3.pem

To install go to Android Settings>security>Certificate storage:Install from SD card, and select those two .pem files. Then try to play any station.

from radiodroid.

Moin,

ich hatte das gleiche Problem mit 2 Android 4.4.4 Radios.
Hier eine kleine Anleitung die bei mir funktioniert hat und es keinen Sperrbildschirm gibt.
Das Gerät muss allerdings gerootet sein

Auf der Seite https://letsencrypt.org/de/certificates/ unter:

Aktiv
° Let’s Encrypt R3 (RSA 2048, O = Let's Encrypt, CN = R3)
° Signiert durch ISRG Root X1: der, pem, txt

Die "pem" und die "txt" Datei herunterladen.

URL-PEM : https://letsencrypt.org/certs/lets-encrypt-r3.pem
URL-TXT : https://letsencrypt.org/certs/lets-encrypt-r3.txt

In dem Downloadverzeichnis den Hash der PEM-Datei ermitteln mit:

openssl x509 -inform PEM -subject_hash_old -in lets-encrypt-r3.pem | head -1

hier: dec71a0b

Jetzt den Inhalt der .txt-Datei an die .pem-Datei anhängen mit:

cat lets-encrypt-r3.txt >> lets-encrypt-r3.pem

Danach die Datei umbenennen in den Hashwert und ".0" anhängen mit:

mv lets-encrypt-r3.pem dec71a0b.0

Nun noch den SHA1 wert der Datei an die Datei anhängen mit:
openssl x509 -fingerprint -in dec71a0b.0 -noout >> dec71a0b.0

Das Zertifikat dec71a0b.0 per SD-Karte oder wie auch immer auf das Gerät übertragen.
Bei mir liegt die Datei dec71a0b.0 jetzt auf dem zu modifizierenden Gerät unter:
/storage/emulate/0/Download/dec71a0b.0

Auf dem Gerät muss ein Terminalprogramm installiert sein und der root-zugriff ermöglicht.
Als Terminal-Programm habe ich "Terminal" von ALIF Technology aus dem Plas-Store verwendet.
Es sollte aber auch jedes andere Terminalprogramm funktionieren.

Als erstes müssen root-Rechte erlangt werden mit:
su

Jetzt muss die Systempartition mit lese- und schreibrechten gemountet werden mit:
mount -o remount,rw /system

Danach die Zertifikatsdatei in den richtigen Ordner kopieren oder verschieben mit:
cp dec71a0b.0 /system/etc/security/cacerts/

Noch die Rechte anpassen mit:
chmod 644 /system/etc/security/cacerts/dec71a0b.0

und das wars....

Wenn man jetzt unter den Einstellungen=>Sicherheit=>Vertrauenswürdige Anmeldedaten=>System nachschaut,
ist in der Liste das Zertifikat von "Let's Encrypt R3" neu eingetragen.

from radiodroid.

Kein Ding. Ich habe das im Großen und Ganzen auch nur aus verschiedenen Quellen zusammen getragen.
Wir hören jeden Tag SR1 und das funktioniert. Welcher Sender funktioniert denn bei dir nicht?

from radiodroid.

Ich denke ich habe das benötigte Zertifikat heraus gefunden.
DigiCert Inc. / DigiCert Global Root G2
Wenn alles klar geht, komme ich morgen dazu nach einem Zertifikat zu suchen und es für das Radio zu konvertieren.
Ich bleibe am Ball und melde mich wenn es klappt ;-)
Gruß
Tom

from radiodroid.

Jo, SWR3 läuft :-)

ich mache es jetzt mal in der Schnellausgabe. Im Prinzip alles wie oben, außer dass wir nur das .pem Zertifikat brauchen.
https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem

openssl x509 -inform PEM -subject_hash_old -in DigiCertGlobalRootG2.crt.pem | head -1

Ausgabe : c90bc37d

cat DigiCertGlobalRootG2.crt.pem > c90bc37d.0

openssl x509 -inform pem -in DigiCertGlobalRootG2.crt.pem -text -noout >> c90bc37d.0

openssl x509 -fingerprint -in DigiCertGlobalRootG2.crt.pem -noout >> c90bc37d.0

Auf den Androiden kopieren, verschieben, Rechte anpassen, neustarten, zack läuft ;-)

from radiodroid.

That's it! I installed the lets-encrypt-r3.pem cert, and it's working!

Which leads me to a couple of feature requests:

• There should be a clear error message if connection fails due to a bad certificate, or

• There should be a built-in certificate mechanism

• There should be a way to transfer settings and favourites between devices

from radiodroid.

Can confirm Problem and solution.
Over here on Android 5.0.1, dated Samsung S4 used with a Samsung docking station for which drivers only ever existed in original Samsung firmwares :-( ... but it is used for radio droid only feeding into a much much much older hifi system - which !!thanks!! to RadioDroid has web radio :-)

from radiodroid.

The solution doesn't work for me. My settings didn't have the security tab, so i just installed the 2 certificates with a certificate installer. Still get the "Could not connect to radio browser server" message.

from radiodroid.

On my Android-6 TV-box, a user-installed cert produces a persistent notification about "Network may be monitored", and a warning about the network being monitored by a third party.

This can be resolved easily - https://f-droid.org/en/packages/com.nutomic.zertman/

from radiodroid.

This doesn't work for me on an Android 7.0 (Nougat) cellphone - an Alcatel OT-5044R.

I am able to install the required certs, but due to more security theater from Google[1], apps targeting API level 24 and later (that is, 7+) will gleefully ignore any user-added CAs unless the app itself opts-in (and this is not a default configuration for your average project!).

I know, I could just spend another $50+ I do not have to replace a perfectly working cellphone (that it's used for basic stuff, nothing particularly "sensitive"!), but I would prefer to find a fix to this as I'm not keen on generating e-waste. Rooting the phone is not an option (can't find trusted root procedures for this model, nobody really cares about "free-with-fries" prepaid phones in the modding scene).

[1]https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

from radiodroid.

Same problem in Android 6 with two different Phones. Installing the certificates fixes the problem but causes a warning "Network may be monitored".

I don't understand why Android 6 has this issue but not Android 4 or 7 where I also use Radiodroid without issues.

from radiodroid.

On my Android-6 TV-box, a user-installed cert produces a persistent notification about "Network may be monitored", and a warning about the network being monitored by a third party.

This can be resolved easily - https://f-droid.org/en/packages/com.nutomic.zertman/

I tried adding 2 certs and now get the same "monitored" message. I tried the Move Certs app as mentioned above, but it won't work since phone (Android 4.4.2) is not rooted. Is there any other solution? Thanks

from radiodroid.

Wow, danke für die tolle Anleitung. 👍 Hat auch funktioniert, die App läuft. 🤗 Was allerdings leider immer noch nicht geht sind Öffentlich Rechtliche Sender. Die werden zwar gefunden, man kann sie auch anklicken, angeblich werden sie abgespielt (also es gibt Play und Pause Funktion) aber man hört nichts. Alle privaten oder ausländischen Sender funktionieren problemlos. Bei Open Radio zeigt er mir bei den ÖR Sendern "network failed" an. Ich vermute ich brauche ein weiteres Zertifikat (SSL?).

from radiodroid.

Alles was ÖR ist, also SWR3/2/1/Dasding usw. Da kommt dann nur connecting, buffering. Dann das Play Icon, aber es werden keine Titel angezeigt oder sonstiges, natürlich auch kein Ton.

from radiodroid.

Wow, vielen lieben Dank. 😊

from radiodroid.

I don't understand German, but... the instructions posted there seem to work only for rooted phones?

We need a solution for unrooted phones. Google proposes one (which is stupid, but it's the only one): change the project settings to trust user-added CAs0. For extra security, it can be even restricted per domain, although I don't see how viable would be to go in such a granular way. This is something that sadly has to be done at the project setup level.

See, I understand that user-added CAs can be abused as an attack vector, but the United Nations just reminded us that e-waste is growing at an alarmingly fast rate1, and in part it's due to planned obsolescence measures like this. At least Google gave us a way to workaround that, albeit it's strictly opt-in.

from radiodroid.

@dilworks
Sorry for what's coming. Since I can only read English and not very well at that, I have changed it to DeepL.
I'm not quite sure what you want, but you can also simply download the certificates on the Android. Then in the menu on "Security => Install from SD card" install the certificate and it will run.
The disadvantage is that a screen lock must be set up for this procedure.
I hope I was able to help you further.

Greetings
Tom

Translated with DeepL.com (free version)

from radiodroid.

Jo, SWR3 läuft :-)

ich mache es jetzt mal in der Schnellausgabe. Im Prinzip alles wie oben, außer dass wir nur das .pem Zertifikat brauchen. https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem

openssl x509 -inform PEM -subject_hash_old -in DigiCertGlobalRootG2.crt.pem | head -1

Ausgabe : c90bc37d

cat DigiCertGlobalRootG2.crt.pem > c90bc37d.0

openssl x509 -inform pem -in DigiCertGlobalRootG2.crt.pem -text -noout >> c90bc37d.0

openssl x509 -fingerprint -in DigiCertGlobalRootG2.crt.pem -noout >> c90bc37d.0

Auf den Androiden kopieren, verschieben, Rechte anpassen, neustarten, zack läuft ;-)

Vielen lieben Dank Tomm, auch von meiner Frau. Läuft wieder alles problemlos. 👌

from radiodroid.

@dilworks Sorry for what's coming. Since I can only read English and not very well at that, I have changed it to DeepL. I'm not quite sure what you want, but you can also simply download the certificates on the Android. Then in the menu on "Security => Install from SD card" install the certificate and it will run. The disadvantage is that a screen lock must be set up for this procedure. I hope I was able to help you further.

Greetings Tom

Translated with DeepL.com (free version)

Already tried that, it won't work on my phone. The certificates will install fine, but ordinary applications will gleefully ignore them, as per Google policy. And yes, I have a lock pattern set.

The only way out is to change the app manifest to opt-in to user-installed certificates - this has to be done at the source level, compile the app, and it should work (according to Google instructions). Unfortunately I don't have an Android dev environment setup here so I can test this.

from radiodroid.