Home/ Questions/Q 6009297
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T01:57:02+00:00

I’m testing the communication of my Adobe Flash app to the server using HTTPS

  • 0

I’m testing the communication of my Adobe Flash app to the server using HTTPS.

If I make the request to https://localhost everything’s fine. But if the request url is set to https://192.168.0.1 the URLLoader fails with this Stream error:

Error #2032: Stream Error. URL: https://192.168.0.1/path-to-script/

If i call the URL in the browser I get a security warning, which I can override (in Chrome):

This is probably not the site you are looking for!
[Proceed anyways]   [Back to safety]

Of course that’s because the certificate’s name ("localhost") doesn’t match the IP address.

Now, is it possible to ignore/suppress that warning/error? e.g. is it possible if I would use the flash.net.Socket class?

UPDATE

I did more thoroughly tests now.

The crossdomain.xml I’m already using:

<?xml version="1.0"?>
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="*" secure="false" />
    <allow-http-request-headers-from domain="*" headers="*"  />
</cross-domain-policy>

Working scenario:

Flash hosted on and loaded from http://www.domain-A.com
URLLoader request to https://www.domain-B.com/demo.html

Not working:

Flash still hosted and loaded from http://www.domain-A.com
URLLoader request to https://{IP_OF_SERVER}/demo.html

The problem is, that Flash doesn’t even load the crossdomain.xml because of the "bad certificate name" error. (Caused by the fact, that the certificate is issued for www.domain-B.com, not for a IP adress)

The specific error message:

*** Security Sandbox Violation ***
Request for resource at https://{IP_OF_SERVER}/demo.html by requestor from http://www.domain-A.com/flash/demo.swf is denied due to lack of policy file permissions.

To get an idea what happens:

Open https://65.54.186.107/ in your browser (it’s the IP of https://login.live.com)
To get to the website you have to acknowledge/ignore the warning.
"This is probably not the site you are looking for!" in Google Chrome
"This Connection is Untrusted" in Firefox
"There is a problem with this website’s security certificate." in IE

I’m looking for a way to "ignore" this warning in Flash.

Conclusion

If there’s no way to tell Flash to ignore SSL "bad certificate name" errors, I can only think of digging into the flash.net.Socket class.

Any other ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I came to the conclusion, that it can’t be solved. The certificate name must match the domain name, otherwise the communication will fail.

    After all, it’s a security measure. (Compare: there’s also no way for a website to tell the browser to override the security warning.)

    Only if Adobe would also implement such security warning (in a future version of Flash) and let the user decide whether or not to proceed, the certificate could be issued to another domain name.

    If you must use an IP address instead of the domain name you might consider buying a certificate issued to the IP address instead of the domain name: http://www.ssl247.com/ssl-certificates/type/ip-address

    • 0