On Nov 15, 2009, at 1:16 PM, Tim Haines wrote:
Hi there,
I'm doing some dev work and I'm getting occasional ssl errors when
making calls against api.twitter.com/1. The most recent was posting
to favorites/create.
Is it possible some of the servers have bad certificates? Or is it
likely I'm doing something very wrong?
All of our servers have the same certificates; We have had some people
report a similar issue before and we verified all of the certificates
at that time. I do know of people having validation issues when they
don't have current versions of OpenSSL, a current Root CA bundle, or
their code has problems processing chained SSL certificates.
Which program are you using to make requests against api.twitter.com?
curl? Firefox?
Twitter's SSL certs are issued by RapidSSL/Equifax.
Make sure you have the proper root CA certs installed.
If you're using OpenSSL libraries directly, remember that OpenSSL
ships without any Root CA certs installed.
Curl users will have similar problems as well -- you'll want to run mk-
ca-bundle to get the proper ca-bundle installed.
The TTYtter developers have a script that pulls the current CA bundle
from Mozilla, here:
http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt
-john
