Bad certificate name causes Security Sandbox Violation Error in Adobe Flash movie

I'm testing the communication of my Adobe Flash app to the server using HTTPS.

If I make the request to https://localhost everything's fine. But if the request url is set to https://192.168.0.1 the URLLoader fails with this Stream error:

Error #2032: Stream Error. URL: https://192.168.0.1/path-to-script/

If i call the URL in the browser I get a security warning, which I can override (in Chrome):

This is probably not the site you are looking for!
[Proceed anyways]   [Back to safety]

Of course that's because the certificate's name ("localhost") doesn't match the IP address.

Now, is it possib开发者_开发百科le to ignore/suppress that warning/error? e.g. is it possible if I would use the flash.net.Socket class?

UPDATE

I did more thoroughly tests now.

The crossdomain.xml I'm already using:

<?xml version="1.0"?>
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="*" secure="false" />
    <allow-http-request-headers-from domain="*" headers="*"  />
</cross-domain-policy>

Working scenario:

Flash hosted on and loaded from http://www.domain-A.com

URLLoader request to https://www.domain-B.com/demo.html

Not working:

Flash still hosted and loaded from http://www.domain-A.com

URLLoader request to https://{IP_OF_SERVER}/demo.html

The problem is, that Flash doesn't even load the crossdomain.xml because of the "bad certificate name" error. (Caused by the fact, that the certificate is issued for www.domain-B.com, not for a IP adress)

The specific error message:

*** Security Sandbox Violation ***

Request for resource at https://{IP_OF_SERVER}/demo.html by requestor from http://www.domain-A.com/flash/demo.swf is denied due to lack of policy file permissions.

To get an idea what happens:

Open https://65.54.186.107/ in your browser (it's the IP of https://login.live.com)

To get to the website you have to acknowledge/ignore the warning.

"This is probably not the site you are looking for!" in Google Chrome

"This Connection is Untrusted" in Firefox

"There is a problem with this website's security certificate." in IE

...

I'm looking for a way to "ignore" this warning in Flash.

Conclusion

If there's no way to tell Flash to ignore SSL "bad certificate name" errors, I can only think of digging into the flash.net.Socket class.

Any other ideas?

I came to the conclusion, that it can't be solved. The certificate name must match the domain name, otherwise the communication will fail.

After all, it's a security measure. (Compare: there's also no way for a website to tell the browser to override the security warning.)

Only if Adobe would also implement such security warning (in a future version of Flash) and let the user decide whether or not to proceed, the certificate could be issued to another domain name.

If you must use an IP address instead of the domain name you might consider buying a certificate issued to the IP address instead of the domain name: http://www.ssl247.com/ssl-certificates/type/ip-address

Its all about domain.
https://localhost and https://192.168.0.1 are not the same domain.
You would have to configure your crossdomain policy to accept localhost.

[EDIT]
Try this on the https server

> <?xml version="1.0"?> <!DOCTYPE
> cross-domain-policy SYSTEM
> "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
> <cross-domain-policy>
>     <allow-access-from domain="www.company.com"
> secure="false" />  
> </cross-domain-policy>

The_asMan is right you need a crossdomain policy if you're accessing a swf on another domain from within your main swf or a swf on your primary domain. But I think the issue here is that you're trying to establish a connection to the server through your router or gateway IP and that will not work in this case. If it were working properly within flash and it was just a security error, then you would expect to see a security sandbox violation error, not a stream error (unable to establish connection). Test with your local address and if you want to test on another server then upload it to a web server or something but trying to use your gateway address just doesn't make sense and probably doesn't work. If you're running a server like Xampp on your local machine and testing with the localhost address, you're doing this accurately and can expect your application to function the same deployed on a web server.

Here's some NFO on that error that is in line with what I'm saying:

http://www.judahfrangipane.com/blog/2007/02/15/error-2032-stream-error/