SSL issue #8
Comments
|
Update The problem occurred because sennierer's openssel did not accept the cipher used by Twitter. To fix this problem do the following:
Original comment Hi Sennierer, this seems to be an error with CURL. According to http://curl.haxx.se/libcurl/c/libcurl-errors.html error 35 means that a "problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others." Would you mind sending me your config.php and the full track.error.log via email? Also, please do the following Best, Erik |
|
hi Erik, Best, |
|
Hi Stephan, maybe you could try the following:
Best, Erik |
|
Hi Erik,
curl --get 'https://stream.twitter.com/1.1/statuses/filter.json' --data 'test=track' --header 'Authorization: OAuth oauth_consumer_key="XXX", oauth_nonce="XXX", oauth_signature="XXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1394528407", oauth_token="XXX", oauth_version="1.0"' --verbose
Hostname was NOT found in DNS cache
* Trying 199.16.156.20...
* Connected to stream.twitter.com (199.16.156.20) port 443 (#0)
* successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
2014-03-11 10:24:01 connecting to API socket
2014-03-11 10:24:01 connecting - query array (
'track' => 'minimum alcohol pricing,minimum pricing alcohol,harmful drinking,minimum unit pricing,global warming,globalwarming,climate,climatechange',
)
2014-03-11 10:24:01 stream stopped - error tmhOAuth::__set_state(array(
'response' =>
array (
'raw' => '',
'content-length' => 0,
'code' => 0,
'response' => false,
'info' =>
array (
'url' => 'https://stream.twitter.com/1.1/statuses/filter.json',
'content_type' => NULL,
'http_code' => 0,
'header_size' => 0,
'request_size' => 0,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.270964,
'namelookup_time' => 0.028419,
'connect_time' => 0.143359,
'pretransfer_time' => 0,
'size_upload' => 0,
'size_download' => 0,
'speed_download' => 0,
'speed_upload' => 0,
'download_content_length' => -1,
'upload_content_length' => -1,
'starttransfer_time' => 0,
'redirect_time' => 0,
'redirect_url' => '',
'primary_ip' => '199.16.156.110',
'certinfo' =>
array (
),
'primary_port' => 443,
'local_ip' => '158.255.212.46',
'local_port' => 52148,
),
'error' => 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure',
'errno' => 35,
),
'buffer' => NULL,
'config' =>
array (
'user_agent' => 'tmhOAuth 0.8.3+SSL - //github.com/themattharris/tmhOAuth',
'host' => 'stream.twitter.com',
'consumer_key' => 'XXX',
'consumer_secret' => 'XXX',
'token' => 'XXX',
'secret' => '',
'bearer' => '',
'oauth_version' => '1.0',
'oauth_signature_method' => 'HMAC-SHA1',
'curl_http_version' => 2,
'curl_connecttimeout' => 30,
'curl_timeout' => 10,
'curl_ssl_verifyhost' => 2,
'curl_ssl_verifypeer' => true,
'use_ssl' => true,
'curl_cainfo' => '/home/supersambo/www/dmi-tcat/capture/common/tmhOAuth/cacert.pem',
'curl_capath' => '/home/supersambo/www/dmi-tcat/capture/common/tmhOAuth',
'curl_followlocation' => false,
'curl_proxy' => false,
'curl_proxyuserpwd' => false,
'curl_encoding' => '',
'is_streaming' => true,
'streaming_eol' => '
',
'streaming_metrics_interval' => 10,
'as_header' => true,
'force_nonce' => false,
'force_timestamp' => false,
'streaming_callback' => 'streamCallback',
),
'request_settings' =>
array (
'params' =>
array (
'track' => 'minimum alcohol pricing,minimum pricing alcohol,harmful drinking,minimum unit pricing,global warming,globalwarming,climate,climatechange',
),
'headers' =>
array (
'Host' => 'stream.twitter.com',
'Authorization' => 'OAuth oauth_consumer_key="XXX", oauth_nonce="XXX", oauth_signature="XXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1394533441", oauth_token="XXX", oauth_version="1.0"',
),
'with_user' => true,
'multipart' => false,
'method' => 'POST',
'without_bearer' => false,
'url' => 'https://stream.twitter.com/1.1/statuses/filter.json',
'oauth1_params' =>
array (
'oauth_consumer_key' => 'XXX',
'oauth_nonce' => 'XXX',
'oauth_signature' => 'XXX%2BwrApk%3D',
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => '1394533441',
'oauth_token' => 'XXX',
'oauth_version' => '1.0',
),
'prepared_params' =>
array (
'track' => 'minimum%20alcohol%20pricing%2Cminimum%20pricing%20alcohol%2Charmful%20drinking%2Cminimum%20unit%20pricing%2Cglobal%20warming%2Cglobalwarming%2Cclimate%2Cclimatechange',
),
'basestring_params' => 'oauth_consumer_key=XXX&oauth_nonce=2c9e492e6fdddb9d2bf022acb04d30b7&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1394533441&oauth_token=XXX&oauth_version=1.0&track=minimum%20alcohol%20pricing%2Cminimum%20pricing%20alcohol%2Charmful%20drinking%2Cminimum%20unit%20pricing%2Cglobal%20warming%2Cglobalwarming%2Cclimate%2Cclimatechange',
'postfields' => 'track=minimum%20alcohol%20pricing%2Cminimum%20pricing%20alcohol%2Charmful%20drinking%2Cminimum%20unit%20pricing%2Cglobal%20warming%2Cglobalwarming%2Cclimate%2Cclimatechange',
'basestring' => 'POST&https%3A%2F%2Fstream.twitter.com%2F1.1%2Fstatuses%2Ffilter.json&oauth_consumer_key%3DXXXoauth_nonce%XXX%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1394533441%26oauth_token%3DXXXoauth_version%3D1.0%26track%3Dminimum%2520alcohol%2520pricing%252Cminimum%2520pricing%2520alcohol%252Charmful%2520drinking%252Cminimum%2520unit%2520pricing%252Cglobal%2520warming%252Cglobalwarming%252Cclimate%252Cclimatechange',
'signing_key' => 'XXX',
),
'metrics' =>
array (
'start' => 1394533441,
'interval_start' => 1394533441,
'messages' => 0,
'last_messages' => 0,
'bytes' => 0,
'last_bytes' => 0,
),
))
2014-03-11 10:24:01 processing buffer before exit
2014-03-11 10:24:01 automatically restarting ...
Best, |
|
Hi Stephan, It seams the curl command is failing early in the SSL connection, even before receiving the server certificate. That is strange. But at least we know now it is not php/oauth related. Can you do a test on the command line (to reproduce outside php, and enforce TLSv1) with this command: And produce the output (hopefully this will get further, to where you see: * SSL certificate verify ok.) Also, can you send the output of the following commands from the console: This might give more clues. Do you run other (ssl related) webapps on the machine? Does the following command on the console get you passed the handshake? curl --get 'https://tools.digitalmethods.net/' -1 --verbose Cheers, Emile |
|
Hi Emile, Best regards, |
|
At this point I am guessing that the cipher the Twitter server uses is not accepted by your client due to updates on either side. But the curl output doesn't show this. The following console command tests openssl connection to Twitter specifically. It might reveal more information. openssl s_client -state -nbio -connect stream.twitter.com:443 Can you post the output of this command? You have an up-to-date openssl library, but it might have been compiled to not allow the specific cipher (RC4-SHA) which Twitter currently likes. openssl ciphers -v RC4-SHA should be among them. Let's also try a lenient curl connect by adding a flag. curl --ciphers ALL --get 'https://stream.twitter.com/1.1/statuses/filter.json' -1 --verbose You can you give the output of these commands? |
|
Hi Emile, Concerning the ticket on dev.twitter.com: I'm afraid this issue is getting beyond my understanding. Honestly I do not know how to describe the problem properly and what exactly to post there. Best, |
|
Hi Stephan, It is indeed a cipher issue! That new flag for curl makes your connection work. I hope I have a fix for your application now ;-) Can you edit the file capture/common/tmhOAuth/tmhOAuth.php CURLOPT_SSL_CIPHER_LIST => 'ALL', I haven't tested this myself yet. I hope this resumes your capture, let me know if you still get something in the error log. Cheers, Emile |
|
Hi Emile, Unfortunatley I noticed afterwards that my dmi-tcat version was not up-to-date. I pulled today and and newly ran into problems (not sure if I should open a new issue for this?). There seems to be no mysql table for the query manager. The error message is Can/should I create the mising table manually? best, |
|
Hi Stephan, we have integrated a query manager in the newest source code. It assumes that there are a couple of database tables containing the query bin definitions - instead of querybins.php and followbins.php. I am in the process of writing a migration guide (which should be finished tonight) for alpha users like you. I will close the ssl issue and have opened a new issue for the query tables here. I will keep you posted. Best, Erik |
|
Hi Stephan, unfortunately I won't be able to finish the migration guide before Friday. Since you did not track any tweets last month, you might consider doing a clean install following the install guide. This should not take more than 15 minutes. Make sure to pull the latest code, as I fixed the unfortunate problem you mentioned of multiple track scripts running simultaneously. Best, Erik |
|
Hi Erik, Best, |
|
Hi Stephan, I have implemented a migration script. (Pardon the delay, I have been sick). Please pull the latest source and run the following: Best, Erik |
ghost
mentioned this issue
Hi,
we had your great too already running, but since a month or so it won't start anymore.
In the track.error.log I found an error message regarding SSL:
'error' => 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure',
'errno' => 35,
Does anybody have an idea why this is occurring and how we can solve the problem?
Thanks very much!
The text was updated successfully, but these errors were encountered: