Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7

Anyone else having SSL cert problems lately? (code: -77)


'Example pseudocode

http = CreateObject("roUrlTransfer")
http.SetUrl( "https://www.myurl.com" )
http.InitClientCertificates()
http.SetCertificatesFile( "pkg:/certs/mycert.crt" )
result = http.GetToString()

This code has been working correctly and reliably for months, but it's been giving me a little trouble lately. ~90% of the time it will correctly return what I'm expecting, but every now and then it will fail with the following response code:

-77     CURLE_SSL_CACERT_BADFILE     could not load CACERT file, missing or wrong format

error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none

My cert file is stored locally in my package, and I'm not modifying it or anything. From the description of the error code, it doesn't sound like it has anything to do with the server I'm pinging.

I'm using the exact same URL, headers, and crt file every time.

Anyone else having similar problems lately?
My Roku Channels:
Viddler - viddler.com
Tested Fan - tested.com | Jamie & Adam
This is my next - theverge.com
1080p Showcase - RIP
Whiskey Media - RIP
======================
http://www.binarymoustache.com
0 Kudos
6 Replies
Highlighted
Level 7

Re: Anyone else having SSL cert problems lately? (code: -77)

RyanMarquiste reported the same error yesterday. Don't know if it's the same cause or not, but... viewtopic.php?f=34&t=39683&p=264169
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
Highlighted
Level 7

Re: Anyone else having SSL cert problems lately? (code: -77)

"TheEndless" wrote:
RyanMarquiste reported the same error yesterday. Don't know if it's the same cause or not, but... viewtopic.php?f=34&t=39683&p=264169

Whoops, completely missed that thread. Good to see I'm not alone at least.
My Roku Channels:
Viddler - viddler.com
Tested Fan - tested.com | Jamie & Adam
This is my next - theverge.com
1080p Showcase - RIP
Whiskey Media - RIP
======================
http://www.binarymoustache.com
0 Kudos
Highlighted

Re: Anyone else having SSL cert problems lately? (code: -77)

To add some more confusion, I have a package that uses SSL and runs on the same box as the failing package without problems. So this doesn't seem to be specific to all SSL communications.

One thing I can suggest that may help is to swap the position of InitClientCertificates() and SetCertificatesFile(). I call SetCertificatesFile() in my working package before calling InitClientCertificates(). I don't know if this will fix your problem or not.

There's an article that covers some solutions here that may be useful to anyone looking to fix the issue in the firmware:
http://chrisschuld.com/2008/07/how-to-f ... locations/

My working package uses SSL mutual authentication (my failing package doesn't). Mutual authentication setup is detailed here:
viewtopic.php?f=34&t=27562&start=0

Of course this all could just be a problem with a build, and I'm running in circles. Smiley Happy
0 Kudos
Highlighted
Level 9

Re: Anyone else having SSL cert problems lately? (code: -77)

If you are using Apache, you can follow the setup steps for mutual authentication in this thread:

viewtopic.php?f=34&t=27562&start=0&hilit=SSL


--Kevin
0 Kudos
Highlighted

Re: Anyone else having SSL cert problems lately? (code: -77)

I was able to get the SSL working for my application using the following code segment.

    obj = CreateObject("roUrlTransfer")
obj.SetPort(CreateObject("roMessagePort"))
obj.SetUrl(url)
obj.AddHeader("Content-Type", "application/x-www-form-urlencoded")
obj.SetCertificatesFile("common:/certs/ca-bundle.crt")
obj.InitClientCertificates()
obj.EnableEncodings(true)
0 Kudos
Highlighted

Re: Anyone else having SSL cert problems lately? (code: -77)

There seems to be a problem while configure my cert.
After running the following command I got this error:

openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'



# openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'
CONNECTED(00000003)
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=21:unable to verify the first certificate
verify return:1
12052:error:14094410Smiley FrustratedSL routinesSmiley FrustratedSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086Smiley FrustratedSL alert number 40
12052:error:140790E5Smiley FrustratedSL routinesSmiley FrustratedSL23_WRITE:ssl handshake failure:s23_lib.c:188:
#
0 Kudos