Tuesday, April 22, 2014
Stupid MyPlusFaceSpaceGoogleBook, part ][
The error I was getting from
libcurl
(which I use to
inform MyPlusFaceSpaceGoogleBook I've updated this
blog) was:
curl_easy_perform(AUTH) = problem with the SSL CA cert (path? access rights?)
Okay, so there is some certificate authority that OpenSSL doesn't like now (probably because of the heartbleed bug which didn't affect my
server since I'm running a pre-heartbleed-bug-enabled version of OpenSSL).
Curious as to where this information was stashed, I ran strace
on
mod_blog
and found a list of certificate authories in
/usr/share/ssl/certs/ca-bundle.crt
(you can tell I'm well
versed in this stuff if I'm resorting to debugging tools to locate this
information).
So it looked like it was time to update that file. Well, seeing how OpenSSL
was written by monkeys (no, really), the current format for
ca-bundle.crt
is now vastly different from the format I'm using
for ca-bundle.crt
, enough to cause this:
CRASH(20409/000): pid=20409 signal='Segmentation fault'
CRASH(20409/001): reason='Address not mapped for object'
CRASH(20409/002): address=0x9
CRASH(20409/003): CS=0073 DS=007B ES=007B FS=0000 GS=0033
CRASH(20409/004): EIP=00BE42BC EFL=00010246 ESP=BFEE7608 EBP=BFEE7628 ESI=08430EB8 EDI=00000000
CRASH(20409/005): EAX=B7F006C0 EBX=00CBBFF4 ECX=00000068 EDX=00000001
CRASH(20409/006): UESP=BFEE7608 TRAPNO=0000000E ERR=00000004
CRASH(20409/007): STACK DUMP
CRASH(20409/008): BFEE7608: 00 00 00 00 00 00 00 00
CRASH(20409/009): BFEE7610: B8 6A 46 08 C0 06 F0 B7 68 00 00 00 F4 B2 19 00
CRASH(20409/010): BFEE7620: C8 6A 42 08 68 00 00 00 58 76 EE BF BC B6 17 00
CRASH(20409/011): BFEE7630: 65 6F 42 08 01 00 00 00 68 00 00 00 B8 0E 43 08
CRASH(20409/012): BFEE7640: B7 6A 46 08 00 00 00 00 57 B6 17 00 F4 B2 19 00
CRASH(20409/013): BFEE7650: C8 6A 42 08 68 F1 42 08 F8 76 EE BF 0D DC 18 00
CRASH(20409/014): BFEE7660: C8 6A 42 08 01 00 00 00 65 6F 42 08 68 00 00 00
CRASH(20409/015): BFEE7670: 14 F3 42 08 00 00 00 00 68 00 00 00 00 00 00 00
CRASH(20409/016): BFEE7680: C8 6A 42 08 C8 6A 42 08 00 00 00 00 00 00 00 00
CRASH(20409/017): BFEE7690: 67 43 57 53 A9 6A 46 08 63 6F 42 08 E4 76 EE BF
CRASH(20409/018): BFEE76A0: A8 76 EE BF 00 00 00 00 2D 21 C5 00 1F 00 00 00
CRASH(20409/019): BFEE76B0: 63 6F 42 08 02 00 00 00 02 00 00 00 D9 47 19 00
CRASH(20409/020): BFEE76C0: 01 00 00 00 01 00 00 00 00 00 00 00 C8 6A 42 08
CRASH(20409/021): BFEE76D0: C4 F2 42 08 01 00 01 00 F8 76 EE BF 28 E1 18 00
CRASH(20409/022): BFEE76E0: 01 00 00 00 68 00 00 00 18 C3 18 00 F4 B2 19 00
CRASH(20409/023): BFEE76F0: 68 F1 42 08 C4 F2 42 08 38 77 EE BF AF ED 18 00
CRASH(20409/024): BFEE7700: 68 F1 42 08 27 77 EE BF
CRASH(20409/025): STACK TRACE
CRASH(20409/026): ./build/boston[0x805d7b8]
CRASH(20409/027): ./build/boston[0x805df94]
CRASH(20409/028): /lib/tls/libc.so.6[0xbb79b0]
CRASH(20409/029): /usr/lib/libcurl.so.3(Curl_client_write+0x70)[0x17b6bc]
CRASH(20409/030): /usr/lib/libcurl.so.3(Curl_readwrite+0x1905)[0x18dc0d]
CRASH(20409/031): /usr/lib/libcurl.so.3(Curl_perform+0x2b3)[0x18edaf]
CRASH(20409/032): /usr/lib/libcurl.so.3(curl_easy_perform+0x3d)[0x18f242]
CRASH(20409/033): ./build/boston(notify_facebook+0x39c)[0x805a000]
CRASH(20409/034): ./build/boston[0x8050745]
CRASH(20409/035): ./build/boston(main_cli+0x1cc)[0x80505f4]
CRASH(20409/036): ./build/boston(main+0x147)[0x805243f]
CRASH(20409/037): /lib/tls/libc.so.6(__libc_start_main+0xd3)[0xba4e93]
CRASH(20409/038): ./build/boston[0x804ce15]
CRASH(20409/039): COMMAND LINE
CRASH(20409/040): ./build/boston
CRASH(20409/041): --config
CRASH(20409/042): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CRASH(20409/043): --cmd
CRASH(20409/044): NEW
CRASH(20409/045): --update
CRASH(20409/046): NEW
CRASH(20409/047): --file
CRASH(20409/048): /tmp/e
CRASH(20409/049): ENVIRONMENT
CRASH(20409/050): [redacted]
Woot! Way to go, OpenSSL!
So updating ca-bundle.crt
is a “No go!”
The next option?
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0); /* in other words, no validation */
It's not like what I post on the Internet is private. And there are no errors nor crashes. Hopefully, this is enough to fix the issue.
Update a few seconds later
Nope. No error. But no MyPlusFaceSpaceGoogleBook update. Grrrrrr …
Update at 2:06 AM, Wednesday, April 23rd, 2014
Okay, I stupidly removed the code that sent the authenticated token from MyPlusFaceSpaceGoogleBook back to MyPlusFaceSpaceGoodBook. All is right with the world now.