[Freeswitch-users] Using mod_shout over ssl, curl issue with curl-ca-bundle.crt file location

Ken Rice krice at freeswitch.org
Mon Mar 5 05:56:46 MSK 2012 

What Platform are you using and do you have libcurl installed on the system?

K


On 3/4/12 8:52 PM, "Matt Stockton" <mstockton at harqen.com> wrote:

> I'm not doing anything special during the installation process, (e.g. just
> doing bootstrap, configure, make, and make install), so I'm assuming I'm using
> the in tree libcurl? Is there an easy way to tell?
> 
> What was the recent fix? Would it affect where it looks for the cert file?
> 
> On Sun, Mar 4, 2012 at 7:39 PM, Ken Rice <krice at freeswitch.org> wrote:
>> Are you using System Libcurl or in tree libcurl? We did recently fix a
>> problem with linkink syste, libcurl....
>> 
>> 
>> 
>> 
>> 
>> On 3/4/12 6:41 PM, "Matt Stockton" <mstockton at harqen.com
>> <http://mstockton@harqen.com> > wrote:
>> 
>>> I just rolled back to the 12/07 FS version and confirmed that mod_shout with
>>> SSL is working for me in that version...no complaints about the cert file
>>> 
>>> I'm speculating that the curl call in the 12/07 version is somehow
>>> referencing the CA file at /etc/ssl/certs/ca-certificates.crt , but is no
>>> longer referencing that file in the latest, and is trying to
>>> reference: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt instead,
>>> which doesn't exist. 
>>> 
>>> I guess I could put a sym link in there during my deployment process, but my
>>> question is: is this the appropriate way to handle the situation? Or should
>>> I be doing something different during the make and install? Or is there
>>> something I need to add to the FS configuration?
>>> 
>>> Thanks in advance!!
>>> Matt
>>> 
>>> On Sat, Mar 3, 2012 at 11:53 AM, Matt Stockton <mstockton at harqen.com
>>> <http://mstockton@harqen.com> > wrote:
>>>> Hi all,
>>>> 
>>>> I just upgraded to the latest git, and I'm trying to dive into an issue I'm
>>>> having. I am using mod_shout and in some instances am playing files that
>>>> are hosted on web servers protected by https. This seemed to be working
>>>> fine before I upgraded, but now I am getting the following issues, which is
>>>> preventing the streaming of the files:
>>>> 
>>>> 12-03-02 19:06:57.926919 [WARNING] mod_shout.c:468 CURL returned error:[77]
>>>> problem with the SSL CA cert (path? access rights?) : error setting
>>>> certificate verify locations:
>>>>   CAfile: /usr/local/freeswitch/share/curl/curl-ca-bundle.crt
>>>>   CApath: none
>>>> 
>>>> I looked at the code and the git history in mod_shout.c where it is setting
>>>> all the curl options, nothing seems to have changed there since I last
>>>> updated FS (12/07), however, the curl-ca-bundle file is certainly not
>>>> located at /usr/local/freeswitch/share/curl/curl-ca-bundle.crt and never
>>>> has been as far as I know.
>>>> 
>>>> I also looked at other mods that are using curl and where they are
>>>> calling switch_curl_easy_setopt (mod_xml_curl, mod_httapi), and noticed
>>>> that those mods are setting options that might be related to what I
>>>> need? CURLOPT_SSLCERT
>>>> 
>>>> I am confused as to what is causing the breakage, since mod_shout hasn't
>>>> changed since I last updated, yet none of the ssl curl options are set in
>>>> mod_shout..and I never had any problems with the mod_shout curl usage
>>>> finding the certificate verify locations by default. Is there some other
>>>> default that used to be set in the freeswitch configuration that I need to
>>>> set manually?
>>>> 
>>>> Any help is appreciated!!! Thanks!
>>>> Matt
>>> 
>>> 
>>> 
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <http://consulting@freeswitch.org>
>>> http://www.freeswitchsolutions.com
>>> 
>>> 
>>> 
>>> 
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> <http://FreeSWITCH-users@lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120304/a15a7a5c/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list