Forum Discussion

evilmax17's avatar
evilmax17
Visitor
15 years ago

Anyone else having SSL cert problems lately? (code: -77)


'Example pseudocode

http = CreateObject("roUrlTransfer")
http.SetUrl( "https://www.myurl.com" )
http.InitClientCertificates()
http.SetCertificatesFile( "pkg:/certs/mycert.crt" )
result = http.GetToString()

This code has been working correctly and reliably for months, but it's been giving me a little trouble lately. ~90% of the time it will correctly return what I'm expecting, but every now and then it will fail with the following response code:

-77     CURLE_SSL_CACERT_BADFILE     could not load CACERT file, missing or wrong format

error setting certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none

My cert file is stored locally in my package, and I'm not modifying it or anything. From the description of the error code, it doesn't sound like it has anything to do with the server I'm pinging.

I'm using the exact same URL, headers, and crt file every time.

Anyone else having similar problems lately?
Roku Developer Program

6 Replies

  • RyanMarquiste's avatar
    RyanMarquiste
    Visitor
    15 years ago
    To add some more confusion, I have a package that uses SSL and runs on the same box as the failing package without problems. So this doesn't seem to be specific to all SSL communications.

    One thing I can suggest that may help is to swap the position of InitClientCertificates() and SetCertificatesFile(). I call SetCertificatesFile() in my working package before calling InitClientCertificates(). I don't know if this will fix your problem or not.

    There's an article that covers some solutions here that may be useful to anyone looking to fix the issue in the firmware:
    http://chrisschuld.com/2008/07/how-to-f ... locations/

    My working package uses SSL mutual authentication (my failing package doesn't). Mutual authentication setup is detailed here:
    viewtopic.php?f=34&t=27562&start=0

    Of course this all could just be a problem with a build, and I'm running in circles. 🙂
  • RyanMarquiste's avatar
    RyanMarquiste
    Visitor
    15 years ago
    I was able to get the SSL working for my application using the following code segment.

        obj = CreateObject("roUrlTransfer")
        obj.SetPort(CreateObject("roMessagePort"))
        obj.SetUrl(url)
        obj.AddHeader("Content-Type", "application/x-www-form-urlencoded")
        obj.SetCertificatesFile("common:/certs/ca-bundle.crt")
        obj.InitClientCertificates()
        obj.EnableEncodings(true)
  • mitesh_16sharma's avatar
    mitesh_16sharma
    Visitor
    14 years ago
    There seems to be a problem while configure my cert.
    After running the following command I got this error:

    openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'



    # openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'
    CONNECTED(00000003)
    depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    12052:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
    12052:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
    #