NHK (Piksel) wants my SSL peer cert to be player.piksel.com

[tsanth]

Checklist

• I'm reporting a broken site support
• I've verified that I'm running youtube-dl version 2020.09.20
• I've checked that all provided URLs are alive and playable in a browser
• I've checked that all URLs and arguments with special characters are properly quoted or escaped
• I've searched the bugtracker for similar issues including closed ones

Verbose log

 ~/tmp/nhk  $  youtube-dl --verbose "https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/"
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: [u'--verbose', u'https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/']
[debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2020.09.20
[debug] Python version 2.7.16 (CPython) - Linux-4.19.0-10-amd64-x86_64-with-debian-10.5
[debug] exe versions: ffmpeg 4.1.6-1, ffprobe 4.1.6-1
[debug] Proxy map: {}
[NhkVod] 2088-003: Downloading JSON metadata
[Piksel] nw_vod_v_en_2088_003_20200927091000_01_1601167269: Downloading webpage
ERROR: Unable to download webpage: hostname u'player.piksel.com' doesn't match 'home.tsanth.com' (caused by CertificateError("hostname u'player.piksel.com' does
n't match 'home.tsanth.com'",)); please report this issue on https://yt-dl.org/bug . Make sure you are using the latest version; type  youtube-dl -U  to update.
 Be sure to call youtube-dl with the --verbose flag and include its complete output.
  File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 632, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 2238, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 2736, in https_open
    req, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 1195, in do_open
    h.request(req.get_method(), req.get_selector(), req.data, headers)
  File "/usr/lib/python2.7/httplib.py", line 1058, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1098, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1054, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 892, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 854, in send
    self.connect()
  File "/usr/lib/python2.7/httplib.py", line 1279, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 599, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 836, in do_handshake
    match_hostname(self.getpeercert(), self.server_hostname)
  File "/usr/lib/python2.7/ssl.py", line 292, in match_hostname
    % (hostname, dnsnames[0]))

 ~/tmp/nhk  $ 

Description

Context:

• Video is streaming from NHK: https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/
• Page has been tested and verified working on Windows 10, Chrome 85.0.4183.121 (Official Build) (64-bit)
• youtube-dl is being run on a Debian 10 machine
• A naive reading of the error suggests that the Piksel module wants to verify my SSL peer certificate is player.piksel.com, but it's coming up as home.tsanth.com (which is correct)
• It seems I'd be able to get past this by somehow spoofing my SSL peer certificate, but I'm not terribly keen on either a) hacking /usr/lib/python2.7/ssl.py or b) generating an SSL peer certificate to bypass the check
• Attempting to bypass the SSL check with --no-check-certificate results in the following (different) failure:

 ~/tmp/nhk  $  youtube-dl --verbose --no-check-certificate "https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/"
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: [u'--verbose', u'--no-check-certificate', u'https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/']
[debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2020.09.20
[debug] Python version 2.7.16 (CPython) - Linux-4.19.0-10-amd64-x86_64-with-debian-10.6
[debug] exe versions: ffmpeg 4.1.6-1, ffprobe 4.1.6-1
[debug] Proxy map: {}
[NhkVod] 2088-003: Downloading JSON metadata
[Piksel] nw_vod_v_en_2088_003_20200927091000_01_1601167269: Downloading webpage
ERROR: Unable to download webpage: HTTP Error 404: Not Found (caused by HTTPError()); please report this issue on https://yt-dl.org/bug . Make sure you are usin
g the latest version; type  youtube-dl -U  to update. Be sure to call youtube-dl with the --verbose flag and include its complete output.
  File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 632, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 2238, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File "/usr/lib/python2.7/urllib2.py", line 435, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/urllib2.py", line 548, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/urllib2.py", line 473, in error
    return self._call_chain(*args)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 556, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)

 ~/tmp/nhk  $  

• Even if I were to generate an SSL peer certificate, would I just attach it to whatever base URL I have on my Debian machine, so it identifies itself as player.piksel.com?
• For completion's sake, attempting to spoof a referer results in the following (identical to the original) failure:

 ~/tmp/nhk  $  youtube-dl --verbose --referer "https://player.piksel.com" "https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/"                 [1/885]
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: [u'--verbose', u'--referer', u'https://player.piksel.com', u'https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/']
[debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2020.09.20
[debug] Python version 2.7.16 (CPython) - Linux-4.19.0-10-amd64-x86_64-with-debian-10.6
[debug] exe versions: ffmpeg 4.1.6-1, ffprobe 4.1.6-1
[debug] Proxy map: {}
[NhkVod] 2088-003: Downloading JSON metadata
[Piksel] nw_vod_v_en_2088_003_20200927091000_01_1601167269: Downloading webpage
ERROR: Unable to download webpage: hostname u'player.piksel.com' doesn't match 'home.tsanth.com' (caused by CertificateError("hostname u'player.piksel.com' doe$
n't match 'home.tsanth.com'",)); please report this issue on https://yt-dl.org/bug . Make sure you are using the latest version; type  youtube-dl -U  to update$
 Be sure to call youtube-dl with the --verbose flag and include its complete output.
  File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 632, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 2238, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 2736, in https_open
    req, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 1195, in do_open
    h.request(req.get_method(), req.get_selector(), req.data, headers)
  File "/usr/lib/python2.7/httplib.py", line 1058, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1098, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1054, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 892, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 854, in send
    self.connect()
  File "/usr/lib/python2.7/httplib.py", line 1279, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 599, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 836, in do_handshake
    match_hostname(self.getpeercert(), self.server_hostname)
  File "/usr/lib/python2.7/ssl.py", line 292, in match_hostname
    % (hostname, dnsnames[0]))

 ~/tmp/nhk  $ 

Replication:

• $ youtube-dl --verbose "https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2088003/"