[Freeswitch-users] Using mod_shout over ssl, curl issue with curl-ca-bundle.crt file location

Ken Rice krice at freeswitch.org
Mon Mar 5 04:39:11 MSK 2012


Are you using System Libcurl or in tree libcurl? We did recently fix a
problem with linkink syste, libcurl....




On 3/4/12 6:41 PM, "Matt Stockton" <mstockton at harqen.com> wrote:

> I just rolled back to the 12/07 FS version and confirmed that mod_shout with
> SSL is working for me in that version...no complaints about the cert file
> 
> I'm speculating that the curl call in the 12/07 version is somehow referencing
> the CA file at /etc/ssl/certs/ca-certificates.crt , but is no longer
> referencing that file in the latest, and is trying to
> reference: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt instead, which
> doesn't exist. 
> 
> I guess I could put a sym link in there during my deployment process, but my
> question is: is this the appropriate way to handle the situation? Or should I
> be doing something different during the make and install? Or is there
> something I need to add to the FS configuration?
> 
> Thanks in advance!!
> Matt
> 
> On Sat, Mar 3, 2012 at 11:53 AM, Matt Stockton <mstockton at harqen.com> wrote:
>> Hi all,
>> 
>> I just upgraded to the latest git, and I'm trying to dive into an issue I'm
>> having. I am using mod_shout and in some instances am playing files that are
>> hosted on web servers protected by https. This seemed to be working fine
>> before I upgraded, but now I am getting the following issues, which is
>> preventing the streaming of the files:
>> 
>> 12-03-02 19:06:57.926919 [WARNING] mod_shout.c:468 CURL returned error:[77]
>> problem with the SSL CA cert (path? access rights?) : error setting
>> certificate verify locations:
>>   CAfile: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt
>>   CApath: none
>> 
>> I looked at the code and the git history in mod_shout.c where it is setting
>> all the curl options, nothing seems to have changed there since I last
>> updated FS (12/07), however, the curl-ca-bundle file is certainly not located
>> at /usr/local/freeswitch/share/curl/curl-ca-bundle.crt and never has been as
>> far as I know.
>> 
>> I also looked at other mods that are using curl and where they are
>> calling switch_curl_easy_setopt (mod_xml_curl, mod_httapi), and noticed that
>> those mods are setting options that might be related to what I
>> need? CURLOPT_SSLCERT
>> 
>> I am confused as to what is causing the breakage, since mod_shout hasn't
>> changed since I last updated, yet none of the ssl curl options are set in
>> mod_shout..and I never had any problems with the mod_shout curl usage finding
>> the certificate verify locations by default. Is there some other default that
>> used to be set in the freeswitch configuration that I need to set manually?
>> 
>> Any help is appreciated!!! Thanks!
>> Matt
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120304/9dc4cf48/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list