I checked some of those https links and they all used a self-signed certificate.
Unless things have changed since last I looked, since ServicePointManager is not available on Windows Phone, certificate policy is limited to checking that a server's cert has been the result of someone sending a few bucks to one of the recognized certificate
authorities. (That may of course be a Ukrainian hacker "borrowing" a Japanese farmer's bank account and identity, through a server he cracked in China, while sitting in his mother's basement. It may not offer much grounds for confidence in the server's
identity, but at least the CAs get some revenue.)
You might want to take a look at this UserVoice idea:
Self Signed Certification SSL HTTPS
If one can't get ServicePointManager, I would think an option to include a cert policy in the app's manifest would solve most of these problems (one would need to be able to say things like, "the cert for mail.myenterprise.com must have fingerprint XYZ,
but the signature doesn't matter" or "the cert for corp.myenterprise.com must be signed by certificate X"). That would be local to the app, so other things on the phone wouldn't suddenly start trusting stuff it shouldn't and it would still let
Microsoft's app approval gunk review the app's cert policy without trying to automatically reverse engineer the app's code (assuming that is the reason for the absence ServicePointManager).
You could try typing in one of those .m3u8 URLs into the phone's Internet Explorer. It may bring up a prompt asking if the phone should trust it. If it does and you install the cert, the app should be able to download those playlists. (I haven't tried.)
Other ideas would be to port another
, forking over to a CA (if you have some influence over the server, that is), or getting a CDN or other service that can deal with self-signed certs upstream to act as a reverse proxy (that's just evil, at least assuming that there is
already a CDN of some kind for serving the media).