On Nov 15, 2009, at 1:16 PM, Tim Haines wrote:

Hi there,

I'm doing some dev work and I'm getting occasional ssl errors when making calls against api.twitter.com/1. The most recent was posting to favorites/create.

Is it possible some of the servers have bad certificates? Or is it likely I'm doing something very wrong?


All of our servers have the same certificates; We have had some people report a similar issue before and we verified all of the certificates at that time. I do know of people having validation issues when they don't have current versions of OpenSSL, a current Root CA bundle, or their code has problems processing chained SSL certificates.

Which program are you using to make requests against api.twitter.com? curl? Firefox?

Twitter's SSL certs are issued by RapidSSL/Equifax.
Make sure you have the proper root CA certs installed.

If you're using OpenSSL libraries directly, remember that OpenSSL ships without any Root CA certs installed.

Curl users will have similar problems as well -- you'll want to run mk- ca-bundle to get the proper ca-bundle installed.

The TTYtter developers have a script that pulls the current CA bundle from Mozilla, here:

http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt

-john
 

Reply via email to