Stupid MyPlusFaceSpaceGoogleBook, part ][

The error I was getting [1] from libcurl [2] (which I use to inform MyPlusFaceSpaceGoogleBook I've updated this blog [3]) was:

>

```

curl_easy_perform(AUTH) = problem with the SSL CA cert (path? access rights?)

```

Okay, so there is some certificate authority that OpenSSL (Open (like, totally) Secure Socket Layer) [4] doesn't like now (probably because of the heartbleed bug [5] which didn't affect my server since I'm running a pre-heartbleed-bug-enabled version of OpenSSL). Curious as to where this information was stashed, I ran strace [6] on mod_blog and found a list of certificate authories in /usr/share/ssl/certs/ca-bundle.crt (you can tell I'm well versed in this stuff if I'm resorting to debugging tools to locate this information).

So it looked like it was time to update that file. Well, seeing how OpenSSL was written by monkeys (Yes, there is a security warning on that page. Think about it for a second) [7] (no, really [8]), the current format for ca-bundle.crt is now vastly different from the format I'm using for ca-bundle.crt, enough to cause this:

>

```

CRASH(20409/000): pid=20409 signal='Segmentation fault'

CRASH(20409/001): reason='Address not mapped for object'

CRASH(20409/002): address=0x9

CRASH(20409/003): CS=0073 DS=007B ES=007B FS=0000 GS=0033

CRASH(20409/004): EIP=00BE42BC EFL=00010246 ESP=BFEE7608 EBP=BFEE7628 ESI=08430EB8 EDI=00000000

CRASH(20409/005): EAX=B7F006C0 EBX=00CBBFF4 ECX=00000068 EDX=00000001

CRASH(20409/006): UESP=BFEE7608 TRAPNO=0000000E ERR=00000004

CRASH(20409/007): STACK DUMP

CRASH(20409/008): BFEE7608: 00 00 00 00 00 00 00 00

CRASH(20409/009): BFEE7610: B8 6A 46 08 C0 06 F0 B7 68 00 00 00 F4 B2 19 00

CRASH(20409/010): BFEE7620: C8 6A 42 08 68 00 00 00 58 76 EE BF BC B6 17 00

CRASH(20409/011): BFEE7630: 65 6F 42 08 01 00 00 00 68 00 00 00 B8 0E 43 08

CRASH(20409/012): BFEE7640: B7 6A 46 08 00 00 00 00 57 B6 17 00 F4 B2 19 00

CRASH(20409/013): BFEE7650: C8 6A 42 08 68 F1 42 08 F8 76 EE BF 0D DC 18 00

CRASH(20409/014): BFEE7660: C8 6A 42 08 01 00 00 00 65 6F 42 08 68 00 00 00

CRASH(20409/015): BFEE7670: 14 F3 42 08 00 00 00 00 68 00 00 00 00 00 00 00

CRASH(20409/016): BFEE7680: C8 6A 42 08 C8 6A 42 08 00 00 00 00 00 00 00 00

CRASH(20409/017): BFEE7690: 67 43 57 53 A9 6A 46 08 63 6F 42 08 E4 76 EE BF

CRASH(20409/018): BFEE76A0: A8 76 EE BF 00 00 00 00 2D 21 C5 00 1F 00 00 00

CRASH(20409/019): BFEE76B0: 63 6F 42 08 02 00 00 00 02 00 00 00 D9 47 19 00

CRASH(20409/020): BFEE76C0: 01 00 00 00 01 00 00 00 00 00 00 00 C8 6A 42 08

CRASH(20409/021): BFEE76D0: C4 F2 42 08 01 00 01 00 F8 76 EE BF 28 E1 18 00

CRASH(20409/022): BFEE76E0: 01 00 00 00 68 00 00 00 18 C3 18 00 F4 B2 19 00

CRASH(20409/023): BFEE76F0: 68 F1 42 08 C4 F2 42 08 38 77 EE BF AF ED 18 00

CRASH(20409/024): BFEE7700: 68 F1 42 08 27 77 EE BF

CRASH(20409/025): STACK TRACE

CRASH(20409/026): ./build/boston[0x805d7b8]

CRASH(20409/027): ./build/boston[0x805df94]

CRASH(20409/028): /lib/tls/libc.so.6[0xbb79b0]

CRASH(20409/029): /usr/lib/libcurl.so.3(Curl_client_write+0x70)[0x17b6bc]

CRASH(20409/030): /usr/lib/libcurl.so.3(Curl_readwrite+0x1905)[0x18dc0d]

CRASH(20409/031): /usr/lib/libcurl.so.3(Curl_perform+0x2b3)[0x18edaf]

CRASH(20409/032): /usr/lib/libcurl.so.3(curl_easy_perform+0x3d)[0x18f242]

CRASH(20409/033): ./build/boston(notify_facebook+0x39c)[0x805a000]

CRASH(20409/034): ./build/boston[0x8050745]

CRASH(20409/035): ./build/boston(main_cli+0x1cc)[0x80505f4]

CRASH(20409/036): ./build/boston(main+0x147)[0x805243f]

CRASH(20409/037): /lib/tls/libc.so.6(__libc_start_main+0xd3)[0xba4e93]

CRASH(20409/038): ./build/boston[0x804ce15]

CRASH(20409/039): COMMAND LINE

CRASH(20409/040): ./build/boston

CRASH(20409/041): --config

CRASH(20409/042): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

CRASH(20409/043): --cmd

CRASH(20409/044): NEW

CRASH(20409/045): --update

CRASH(20409/046): NEW

CRASH(20409/047): --file

CRASH(20409/048): /tmp/e

CRASH(20409/049): ENVIRONMENT

CRASH(20409/050): [redacted]

```

Woot! Way to go, OpenSSL!

So updating ca-bundle.crt is a “No go!”

The next option?

>

```

curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0); /* in other words, no validation */

```

It's not like what I post on the Internet is private. And there are no errors nor crashes. Hopefully, this is enough to fix the issue.

Update a few seconds later

Nope. No error. But no MyPlusFaceSpaceGoogleBook update. Grrrrrr …

Update at 2:06 AM, Wednesday, April 23^rd, 2014

Okay, I stupidly removed the code that sent the authenticated token from MyPlusFaceSpaceGoogleBook back to MyPlusFaceSpaceGoodBook. All is right with the world now.

[1] https://boston.conman.org/2014/04/22.2

[2] http://curl.haxx.se/libcurl/

[3] https://boston.conman.org/

[4] https://www.openssl.org/

[5] http://heartbleed.com/

[6] http://en.wikipedia.org/wiki/Strace

[7] https://www.peereboom.us/assl/assl/html/openssl.html

[8] http://opensslrampage.org/

Gemini Mention this post

Contact the author