                                        
                                   * * * * *
                                        
                   Stupid MyPlusFaceSpaceGoogleBook, part ][
                                        
The error I was getting [1] from libcurl [2] (which I use to inform
MyPlusFaceSpaceGoogleBook I've updated this blog [3]) was:

> curl_easy_perform(AUTH) = problem with the SSL CA cert (path? access rights?)
> 

Okay, so there is some certificate authority that OpenSSL (Open (like,
totally) Secure Socket Layer) [4] doesn't like now (probably because of the
heartbleed bug [5] which didn't affect my server since I'm running a pre-
heartbleed-bug-enabled version of OpenSSL). Curious as to where this
information was stashed, I ran strace [6] on mod_blog and found a list of
certificate authories in /usr/share/ssl/certs/ca-bundle.crt (you can tell I'm
well versed in this stuff if I'm resorting to debugging tools to locate this
information).

So it looked like it was time to update that file. Well, seeing how OpenSSL
was written by monkeys (Yes, there is a security warning on that page. Think
about it for a second) [7] (no, really [8]), the current format for ca-
bundle.crt is now vastly different from the format I'm using for ca-
bundle.crt, enough to cause this:

> CRASH(20409/000): pid=20409 signal='Segmentation fault'
> CRASH(20409/001): reason='Address not mapped for object'
> CRASH(20409/002): address=0x9
> CRASH(20409/003): CS=0073 DS=007B ES=007B FS=0000 GS=0033
> CRASH(20409/004): EIP=00BE42BC EFL=00010246 ESP=BFEE7608 EBP=BFEE7628 ESI=08430EB8 EDI=00000000
> CRASH(20409/005): EAX=B7F006C0 EBX=00CBBFF4 ECX=00000068 EDX=00000001
> CRASH(20409/006): UESP=BFEE7608 TRAPNO=0000000E ERR=00000004
> CRASH(20409/007): STACK DUMP
> CRASH(20409/008):        BFEE7608:                         00 00 00 00 00 00 00 00 
> CRASH(20409/009):        BFEE7610: B8 6A 46 08 C0 06 F0 B7 68 00 00 00 F4 B2 19 00 
> CRASH(20409/010):        BFEE7620: C8 6A 42 08 68 00 00 00 58 76 EE BF BC B6 17 00 
> CRASH(20409/011):        BFEE7630: 65 6F 42 08 01 00 00 00 68 00 00 00 B8 0E 43 08 
> CRASH(20409/012):        BFEE7640: B7 6A 46 08 00 00 00 00 57 B6 17 00 F4 B2 19 00 
> CRASH(20409/013):        BFEE7650: C8 6A 42 08 68 F1 42 08 F8 76 EE BF 0D DC 18 00 
> CRASH(20409/014):        BFEE7660: C8 6A 42 08 01 00 00 00 65 6F 42 08 68 00 00 00 
> CRASH(20409/015):        BFEE7670: 14 F3 42 08 00 00 00 00 68 00 00 00 00 00 00 00 
> CRASH(20409/016):        BFEE7680: C8 6A 42 08 C8 6A 42 08 00 00 00 00 00 00 00 00 
> CRASH(20409/017):        BFEE7690: 67 43 57 53 A9 6A 46 08 63 6F 42 08 E4 76 EE BF 
> CRASH(20409/018):        BFEE76A0: A8 76 EE BF 00 00 00 00 2D 21 C5 00 1F 00 00 00 
> CRASH(20409/019):        BFEE76B0: 63 6F 42 08 02 00 00 00 02 00 00 00 D9 47 19 00 
> CRASH(20409/020):        BFEE76C0: 01 00 00 00 01 00 00 00 00 00 00 00 C8 6A 42 08 
> CRASH(20409/021):        BFEE76D0: C4 F2 42 08 01 00 01 00 F8 76 EE BF 28 E1 18 00 
> CRASH(20409/022):        BFEE76E0: 01 00 00 00 68 00 00 00 18 C3 18 00 F4 B2 19 00 
> CRASH(20409/023):        BFEE76F0: 68 F1 42 08 C4 F2 42 08 38 77 EE BF AF ED 18 00 
> CRASH(20409/024):        BFEE7700: 68 F1 42 08 27 77 EE BF                         
> CRASH(20409/025): STACK TRACE
> CRASH(20409/026):        ./build/boston[0x805d7b8]
> CRASH(20409/027):        ./build/boston[0x805df94]
> CRASH(20409/028):        /lib/tls/libc.so.6[0xbb79b0]
> CRASH(20409/029):        /usr/lib/libcurl.so.3(Curl_client_write+0x70)[0x17b6bc]
> CRASH(20409/030):        /usr/lib/libcurl.so.3(Curl_readwrite+0x1905)[0x18dc0d]
> CRASH(20409/031):        /usr/lib/libcurl.so.3(Curl_perform+0x2b3)[0x18edaf]
> CRASH(20409/032):        /usr/lib/libcurl.so.3(curl_easy_perform+0x3d)[0x18f242]
> CRASH(20409/033):        ./build/boston(notify_facebook+0x39c)[0x805a000]
> CRASH(20409/034):        ./build/boston[0x8050745]
> CRASH(20409/035):        ./build/boston(main_cli+0x1cc)[0x80505f4]
> CRASH(20409/036):        ./build/boston(main+0x147)[0x805243f]
> CRASH(20409/037):        /lib/tls/libc.so.6(__libc_start_main+0xd3)[0xba4e93]
> CRASH(20409/038):        ./build/boston[0x804ce15]
> CRASH(20409/039): COMMAND LINE
> CRASH(20409/040):        ./build/boston
> CRASH(20409/041):        --config
> CRASH(20409/042):        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> CRASH(20409/043):        --cmd
> CRASH(20409/044):        NEW
> CRASH(20409/045):        --update
> CRASH(20409/046):        NEW
> CRASH(20409/047):        --file
> CRASH(20409/048):        /tmp/e
> CRASH(20409/049): ENVIRONMENT
> CRASH(20409/050):        [redacted]
> 

Woot! Way to go, OpenSSL!

So updating ca-bundle.crt is a “No go!”

The next option?

> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0); /* in other words, no validation */
> 

It's not like what I post on the Internet is private. And there are no errors
nor crashes. Hopefully, this is enough to fix the issue.

Update a few seconds later

Nope. No error. But no MyPlusFaceSpaceGoogleBook update. Grrrrrr …


Update at 2:06 AM, Wednesday, April 23^rd, 2014

Okay, I stupidly removed the code that sent the authenticated token from
MyPlusFaceSpaceGoogleBook back to MyPlusFaceSpaceGoodBook. All is right with
the world now.


[1] https://boston.conman.org/2014/04/22.2
[2] http://curl.haxx.se/libcurl/
[3] https://boston.conman.org/
[4] https://www.openssl.org/
[5] http://heartbleed.com/
[6] http://en.wikipedia.org/wiki/Strace
[7] https://www.peereboom.us/assl/assl/html/openssl.html
[8] http://opensslrampage.org/

Email author at sean@conman.org

.