[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
Check here: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/4e6a8b0c7d73d85 On Nov 17, 2:36 pm, Tim Haines tmhai...@gmail.com wrote: Hi Marcel, Thanks for following up on this. The bad cert responses I got were inconsistent. Often it would work fine, so what you've outlined here is one theory that would explain it. I think I'll switch back to twitter.com for this app, and look at using api.twitter.com in a future update. Tim. On Wed, Nov 18, 2009 at 7:46 AM, Marcel Molina mar...@twitter.com wrote: Ops has been trying to track down this problem for a while. They confirmed that all servers have the correct cert. The current hypothesis is that there are some rogue servers that are being load balanced to that we don't expect to be accepting api.twitter.com traffic that do not have the correct cert. Sorry it's not fixed yet. We hope we can figure it out soon as it's a blocker for the transition of api traffic from twitter.com to api.twitter.com. On Tue, Nov 17, 2009 at 7:41 AM, Mageuzi mage...@gmail.com wrote: I've been having this same issue when connecting to https://api.twitter.com. I would have thought that if it is a problem with my code, I would always get this error. However, it is intermittent. Most times it works, but a few times an hour I will get the error. Also, I never have this problem withhttps://twitter.com. On Nov 15, 6:46 pm, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
I've been having this same issue when connecting to https://api.twitter.com. I would have thought that if it is a problem with my code, I would always get this error. However, it is intermittent. Most times it works, but a few times an hour I will get the error. Also, I never have this problem with https://twitter.com. On Nov 15, 6:46 pm, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
Ops has been trying to track down this problem for a while. They confirmed that all servers have the correct cert. The current hypothesis is that there are some rogue servers that are being load balanced to that we don't expect to be accepting api.twitter.com traffic that do not have the correct cert. Sorry it's not fixed yet. We hope we can figure it out soon as it's a blocker for the transition of api traffic from twitter.com to api.twitter.com. On Tue, Nov 17, 2009 at 7:41 AM, Mageuzi mage...@gmail.com wrote: I've been having this same issue when connecting to https://api.twitter.com. I would have thought that if it is a problem with my code, I would always get this error. However, it is intermittent. Most times it works, but a few times an hour I will get the error. Also, I never have this problem with https://twitter.com. On Nov 15, 6:46 pm, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
On Nov 17, 2009, at 10:50 AM, David Dellanave wrote: Could this be related to when an API request returns raw HTML like the over-loaded page? That would be my first guess. SSL/TLS negotiation happens much earlier in the transaction, so no, raw HTML is not a cause of this. -john
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
Hi Marcel, Thanks for following up on this. The bad cert responses I got were inconsistent. Often it would work fine, so what you've outlined here is one theory that would explain it. I think I'll switch back to twitter.com for this app, and look at using api.twitter.com in a future update. Tim. On Wed, Nov 18, 2009 at 7:46 AM, Marcel Molina mar...@twitter.com wrote: Ops has been trying to track down this problem for a while. They confirmed that all servers have the correct cert. The current hypothesis is that there are some rogue servers that are being load balanced to that we don't expect to be accepting api.twitter.com traffic that do not have the correct cert. Sorry it's not fixed yet. We hope we can figure it out soon as it's a blocker for the transition of api traffic from twitter.com to api.twitter.com. On Tue, Nov 17, 2009 at 7:41 AM, Mageuzi mage...@gmail.com wrote: I've been having this same issue when connecting to https://api.twitter.com. I would have thought that if it is a problem with my code, I would always get this error. However, it is intermittent. Most times it works, but a few times an hour I will get the error. Also, I never have this problem with https://twitter.com. On Nov 15, 6:46 pm, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
This could possibly be related, I recently switched from using https://twitter.com to https://api.twitter.com and found that the majority of my cURL calls (via php) to the api started failing, although no other parts of my function changed. Out of curiosity I changed it to http://api.twitter.com and haven't had the issue since. On Nov 16, 10:46 am, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john
[twitter-dev] Re: Bad ssl certs on some servers for api.twitter.com/1 ?
When you use HTTP over HTTPS you will never have trouble with (TLS) certs because they are never used for port 80 traffic. On Sun, Nov 15, 2009 at 19:56, dean.j.robinson dean.j.robin...@gmail.com wrote: This could possibly be related, I recently switched from using https://twitter.com to https://api.twitter.com and found that the majority of my cURL calls (via php) to the api started failing, although no other parts of my function changed. Out of curiosity I changed it to http://api.twitter.com and haven't had the issue since. On Nov 16, 10:46 am, John Adams j...@twitter.com wrote: On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: Hi there, I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create. Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong? All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates. Which program are you using to make requests against api.twitter.com? curl? Firefox? Twitter's SSL certs are issued by RapidSSL/Equifax. Make sure you have the proper root CA certs installed. If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed. Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed. The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here: http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt -john -- - Adam Shannon ( http://ashannon.us )
