<HTML>
<HEAD>
<TITLE>Re: [Freeswitch-users] Using mod_shout over ssl, curl issue with curl-ca-bundle.crt file location</TITLE>
</HEAD>
<BODY>
<FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>Are you using System Libcurl or in tree libcurl? We did recently fix a problem with linkink syste, libcurl....<BR>
<BR>
<BR>
<BR>
<BR>
On 3/4/12 6:41 PM, "Matt Stockton" <<a href="mstockton@harqen.com">mstockton@harqen.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>I just rolled back to the 12/07 FS version and confirmed that mod_shout with SSL is working for me in that version...no complaints about the cert file<BR>
<BR>
I'm speculating that the curl call in the 12/07 version is somehow referencing the CA file at /etc/ssl/certs/ca-certificates.crt , but is no longer referencing that file in the latest, and is trying to reference: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt instead, which doesn't exist. <BR>
<BR>
I guess I could put a sym link in there during my deployment process, but my question is: is this the appropriate way to handle the situation? Or should I be doing something different during the make and install? Or is there something I need to add to the FS configuration?<BR>
<BR>
Thanks in advance!!<BR>
Matt<BR>
<BR>
On Sat, Mar 3, 2012 at 11:53 AM, Matt Stockton <<a href="mstockton@harqen.com">mstockton@harqen.com</a>> wrote:<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>Hi all,<BR>
<BR>
I just upgraded to the latest git, and I'm trying to dive into an issue I'm having. I am using mod_shout and in some instances am playing files that are hosted on web servers protected by https. This seemed to be working fine before I upgraded, but now I am getting the following issues, which is preventing the streaming of the files:<BR>
<BR>
12-03-02 19:06:57.926919 [WARNING] mod_shout.c:468 CURL returned error:[77] problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations:<BR>
CAfile: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt<BR>
CApath: none<BR>
<BR>
I looked at the code and the git history in mod_shout.c where it is setting all the curl options, nothing seems to have changed there since I last updated FS (12/07), however, the curl-ca-bundle file is certainly not located at /usr/local/freeswitch/share/curl/curl-ca-bundle.crt and never has been as far as I know.<BR>
<BR>
I also looked at other mods that are using curl and where they are calling switch_curl_easy_setopt (mod_xml_curl, mod_httapi), and noticed that those mods are setting options that might be related to what I need? CURLOPT_SSLCERT<BR>
<BR>
I am confused as to what is causing the breakage, since mod_shout hasn't changed since I last updated, yet none of the ssl curl options are set in mod_shout..and I never had any problems with the mod_shout curl usage finding the certificate verify locations by default. Is there some other default that used to be set in the freeswitch configuration that I need to set manually?<BR>
<BR>
Any help is appreciated!!! Thanks!<BR>
<FONT COLOR="#888888">Matt<BR>
</FONT></SPAN></FONT></BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'><BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'>_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></FONT></BLOCKQUOTE>
</BODY>
</HTML>