[Freeswitch-users] Using mod_shout over ssl, curl issue with curl-ca-bundle.crt file location

Matt Stockton mstockton at harqen.com
Mon Mar 5 03:41:08 MSK 2012


I just rolled back to the 12/07 FS version and confirmed that mod_shout
with SSL is working for me in that version...no complaints about the cert
file

I'm speculating that the curl call in the 12/07 version is somehow
referencing the CA file at /etc/ssl/certs/ca-certificates.crt , but is no
longer referencing that file in the latest, and is trying to
reference: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt instead,
which doesn't exist.

I guess I could put a sym link in there during my deployment process, but
my question is: is this the appropriate way to handle the situation? Or
should I be doing something different during the make and install? Or is
there something I need to add to the FS configuration?

Thanks in advance!!
Matt

On Sat, Mar 3, 2012 at 11:53 AM, Matt Stockton <mstockton at harqen.com> wrote:

> Hi all,
>
> I just upgraded to the latest git, and I'm trying to dive into an issue
> I'm having. I am using mod_shout and in some instances am playing files
> that are hosted on web servers protected by https. This seemed to be
> working fine before I upgraded, but now I am getting the following issues,
> which is preventing the streaming of the files:
>
> 12-03-02 19:06:57.926919 [WARNING] mod_shout.c:468 CURL returned
> error:[77] problem with the SSL CA cert (path? access rights?) : error
> setting certificate verify locations:
>   CAfile: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt
>   CApath: none
>
> I looked at the code and the git history in mod_shout.c where it is
> setting all the curl options, nothing seems to have changed there since I
> last updated FS (12/07), however, the curl-ca-bundle file is certainly not
> located at /usr/local/freeswitch/share/curl/curl-ca-bundle.crt and never
> has been as far as I know.
>
> I also looked at other mods that are using curl and where they are
> calling switch_curl_easy_setopt (mod_xml_curl, mod_httapi), and noticed
> that those mods are setting options that might be related to what I
> need? CURLOPT_SSLCERT
>
> I am confused as to what is causing the breakage, since mod_shout hasn't
> changed since I last updated, yet none of the ssl curl options are set in
> mod_shout..and I never had any problems with the mod_shout curl usage
> finding the certificate verify locations by default. Is there some other
> default that used to be set in the freeswitch configuration that I need to
> set manually?
>
> Any help is appreciated!!! Thanks!
> Matt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120304/398eb39d/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list