Calling SSL secured sites via curl in an Apache chroot
August 23, 2013 | In Linux, Web DevelopmentRecently, I’ve had to troubleshoot an issue where we were running an Apache chroot environment and trying to use the Facebook PHP SDK in one of the hosted sites. We consistantly ran into the error message
curl: (77) Problem with the SSL CA cert (path? access rights?)
in our error_log, which threw us a curveball as it wasn’t happening in our local development environment.
After serveral hours of troubleshooting, we used strace to diagnose why this was failing. Using
strace curl -I -v https://api.facebook.com
while chroot’ed in the environment allowed us to see which libraries were failing to load.
We ended up needing to copy the following libaries into the appropriate location within the chroot environment (we’re using CentOS 6, x64 – so your paths may differ). They don’t appear to be linked under our default PHP5 installation.
- /usr/lib64/libnsspem.so
- /usr/lib64/libsoftokn3.so
- /usr/lib64/libsqlite3.so.0
In addition to these libraries, we copied the following, also into the chroot:
- /etc/nsswitch.conf
- /etc/pki/nssdb/
- /etc/pki/tls/
Hopefully this helps save someone some time and frustration in the future!
Tagged with: Tags: apache, curl, php