Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
evilmax17
Visitor
‎05-11-2011 06:20 PM

Anyone else having SSL cert problems lately? (code: -77) 


'Example pseudocode

http = CreateObject("roUrlTransfer")
http.SetUrl( "https://www.myurl.com" )
http.InitClientCertificates()
http.SetCertificatesFile( "pkg:/certs/mycert.crt" )
result = http.GetToString()

This code has been working correctly and reliably for months, but it's been giving me a little trouble lately. ~90% of the time it will correctly return what I'm expecting, but every now and then it will fail with the following response code:

-77     CURLE_SSL_CACERT_BADFILE     could not load CACERT file, missing or wrong format

error setting certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none

My cert file is stored locally in my package, and I'm not modifying it or anything. From the description of the error code, it doesn't sound like it has anything to do with the server I'm pinging.

I'm using the exact same URL, headers, and crt file every time.

Anyone else having similar problems lately?
My Roku Channels:
Viddler - viddler.com
Tested Fan - tested.com | Jamie & Adam
This is my next - theverge.com
1080p Showcase - RIP
Whiskey Media - RIP
======================
http://www.binarymoustache.com
0 Kudos
Reply
6 REPLIES 6
TheEndless
Channel Surfer
‎05-11-2011 06:29 PM

Re: Anyone else having SSL cert problems lately? (code: -77)

RyanMarquiste reported the same error yesterday. Don't know if it's the same cause or not, but... viewtopic.php?f=34&t=39683&p=264169
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
Reply
evilmax17
Visitor
‎05-11-2011 06:34 PM

Re: Anyone else having SSL cert problems lately? (code: -77)

"TheEndless" wrote:
RyanMarquiste reported the same error yesterday. Don't know if it's the same cause or not, but... viewtopic.php?f=34&t=39683&p=264169

Whoops, completely missed that thread. Good to see I'm not alone at least.
My Roku Channels:
Viddler - viddler.com
Tested Fan - tested.com | Jamie & Adam
This is my next - theverge.com
1080p Showcase - RIP
Whiskey Media - RIP
======================
http://www.binarymoustache.com
0 Kudos
Reply
RyanMarquiste
Visitor
‎05-11-2011 10:15 PM

Re: Anyone else having SSL cert problems lately? (code: -77)

To add some more confusion, I have a package that uses SSL and runs on the same box as the failing package without problems. So this doesn't seem to be specific to all SSL communications.

One thing I can suggest that may help is to swap the position of InitClientCertificates() and SetCertificatesFile(). I call SetCertificatesFile() in my working package before calling InitClientCertificates(). I don't know if this will fix your problem or not.

There's an article that covers some solutions here that may be useful to anyone looking to fix the issue in the firmware:
http://chrisschuld.com/2008/07/how-to-f ... locations/

My working package uses SSL mutual authentication (my failing package doesn't). Mutual authentication setup is detailed here:
viewtopic.php?f=34&t=27562&start=0

Of course this all could just be a problem with a build, and I'm running in circles. 🙂
0 Kudos
Reply
RokuKevin
Visitor
‎05-12-2011 11:56 AM

Re: Anyone else having SSL cert problems lately? (code: -77)

If you are using Apache, you can follow the setup steps for mutual authentication in this thread:

viewtopic.php?f=34&t=27562&start=0&hilit=SSL


--Kevin
0 Kudos
Reply
RyanMarquiste
Visitor
‎05-13-2011 09:49 AM

Re: Anyone else having SSL cert problems lately? (code: -77)

I was able to get the SSL working for my application using the following code segment.

    obj = CreateObject("roUrlTransfer")
    obj.SetPort(CreateObject("roMessagePort"))
    obj.SetUrl(url)
    obj.AddHeader("Content-Type", "application/x-www-form-urlencoded")
    obj.SetCertificatesFile("common:/certs/ca-bundle.crt")
    obj.InitClientCertificates()
    obj.EnableEncodings(true)
0 Kudos
Reply
mitesh_16sharma
Visitor
‎05-31-2012 03:05 AM

Re: Anyone else having SSL cert problems lately? (code: -77)

There seems to be a problem while configure my cert.
After running the following command I got this error:

openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'



# openssl s_client -showcerts -connect 'Rsi-Dev-Mitsh.india.rsystems.com:443'
CONNECTED(00000003)
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=IN/ST=UP/O=RSI/OU=Noida/CN=Rsi-Dev-Mitsh.india.rsystems.com/emailAddress=mitesh.sharma@rsystems.com
verify error:num=21:unable to verify the first certificate
verify return:1
12052:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
12052:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
#
0 Kudos
Reply