[Freeswitch-users] Using mod_shout over ssl, curl issue with curl-ca-bundle.crt file location

Matt Stockton mstockton at harqen.com
Mon Mar 5 05:52:00 MSK 2012


I'm not doing anything special during the installation process, (e.g. just
doing bootstrap, configure, make, and make install), so I'm assuming I'm
using the in tree libcurl? Is there an easy way to tell?

What was the recent fix? Would it affect where it looks for the cert file?

On Sun, Mar 4, 2012 at 7:39 PM, Ken Rice <krice at freeswitch.org> wrote:

>  Are you using System Libcurl or in tree libcurl? We did recently fix a
> problem with linkink syste, libcurl....
>
>
>
>
>
> On 3/4/12 6:41 PM, "Matt Stockton" <mstockton at harqen.com> wrote:
>
> I just rolled back to the 12/07 FS version and confirmed that mod_shout
> with SSL is working for me in that version...no complaints about the cert
> file
>
> I'm speculating that the curl call in the 12/07 version is somehow
> referencing the CA file at /etc/ssl/certs/ca-certificates.crt , but is no
> longer referencing that file in the latest, and is trying to
> reference: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt instead,
> which doesn't exist.
>
> I guess I could put a sym link in there during my deployment process, but
> my question is: is this the appropriate way to handle the situation? Or
> should I be doing something different during the make and install? Or is
> there something I need to add to the FS configuration?
>
> Thanks in advance!!
> Matt
>
> On Sat, Mar 3, 2012 at 11:53 AM, Matt Stockton <mstockton at harqen.com>
> wrote:
>
> Hi all,
>
> I just upgraded to the latest git, and I'm trying to dive into an issue
> I'm having. I am using mod_shout and in some instances am playing files
> that are hosted on web servers protected by https. This seemed to be
> working fine before I upgraded, but now I am getting the following issues,
> which is preventing the streaming of the files:
>
> 12-03-02 19:06:57.926919 [WARNING] mod_shout.c:468 CURL returned
> error:[77] problem with the SSL CA cert (path? access rights?) : error
> setting certificate verify locations:
>   CAfile: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt
>   CApath: none
>
> I looked at the code and the git history in mod_shout.c where it is
> setting all the curl options, nothing seems to have changed there since I
> last updated FS (12/07), however, the curl-ca-bundle file is certainly not
> located at /usr/local/freeswitch/share/curl/curl-ca-bundle.crt and never
> has been as far as I know.
>
> I also looked at other mods that are using curl and where they are
> calling switch_curl_easy_setopt (mod_xml_curl, mod_httapi), and noticed
> that those mods are setting options that might be related to what I
> need? CURLOPT_SSLCERT
>
> I am confused as to what is causing the breakage, since mod_shout hasn't
> changed since I last updated, yet none of the ssl curl options are set in
> mod_shout..and I never had any problems with the mod_shout curl usage
> finding the certificate verify locations by default. Is there some other
> default that used to be set in the freeswitch configuration that I need to
> set manually?
>
> Any help is appreciated!!! Thanks!
> Matt
>
>
>
> ------------------------------
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120304/e77935c0/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list