Ops has been trying to track down this problem for a while. They confirmed that all servers have the correct cert. The current hypothesis is that there are some rogue servers that are being load balanced to that we don't expect to be accepting api.twitter.com traffic that do not have the correct cert. Sorry it's not fixed yet. We hope we can figure it out soon as it's a blocker for the transition of api traffic from twitter.com to api.twitter.com.
On Tue, Nov 17, 2009 at 7:41 AM, Mageuzi <mage...@gmail.com> wrote: > > I've been having this same issue when connecting to https://api.twitter.com. > I would have thought that if it is a problem with my code, I would > always get this error. However, it is intermittent. Most times it > works, but a few times an hour I will get the error. Also, I never > have this problem with https://twitter.com. > > > On Nov 15, 6:46 pm, John Adams <j...@twitter.com> wrote: >> On Nov 15, 2009, at 1:16 PM, Tim Haines wrote: >> >> > Hi there, >> >> > I'm doing some dev work and I'm getting occasional ssl errors when >> > making calls against api.twitter.com/1. The most recent was posting >> > to favorites/create. >> >> > Is it possible some of the servers have bad certificates? Or is it >> > likely I'm doing something very wrong? >> >> All of our servers have the same certificates; We have had some people >> report a similar issue before and we verified all of the certificates >> at that time. I do know of people having validation issues when they >> don't have current versions of OpenSSL, a current Root CA bundle, or >> their code has problems processing chained SSL certificates. >> >> Which program are you using to make requests against api.twitter.com? >> curl? Firefox? >> >> Twitter's SSL certs are issued by RapidSSL/Equifax. >> Make sure you have the proper root CA certs installed. >> >> If you're using OpenSSL libraries directly, remember that OpenSSL >> ships without any Root CA certs installed. >> >> Curl users will have similar problems as well -- you'll want to run mk- >> ca-bundle to get the proper ca-bundle installed. >> >> The TTYtter developers have a script that pulls the current CA bundle >> from Mozilla, here: >> >> http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt >> >> -john > -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
