BLOG - BOOK REVIEWS & MUSINGS ABOUT LIFE

Calling SSL secured sites via curl in an Apache chroot

August 23, 2013 | In Linux, Web Development

Recently, I’ve had to troubleshoot an issue where we were running an Apache chroot environment and trying to use the Facebook PHP SDK in one of the hosted sites. We consistantly ran into the error message

curl: (77) Problem with the SSL CA cert (path? access rights?)

in our error_log, which threw us a curveball as it wasn’t happening in our local development environment.

After serveral hours of troubleshooting, we used strace to diagnose why this was failing. Using

strace curl -I -v https://api.facebook.com

while chroot’ed in the environment allowed us to see which libraries were failing to load.

We ended up needing to copy the following libaries into the appropriate location within the chroot environment (we’re using CentOS 6, x64 – so your paths may differ). They don’t appear to be linked under our default PHP5 installation.

  • /usr/lib64/libnsspem.so
  • /usr/lib64/libsoftokn3.so
  • /usr/lib64/libsqlite3.so.0

In addition to these libraries, we copied the following, also into the chroot:

  • /etc/nsswitch.conf
  • /etc/pki/nssdb/
  • /etc/pki/tls/

Hopefully this helps save someone some time and frustration in the future!

Tagged with: Tags: , ,

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>