Restricting api.twitter.com to SSL/TLS traffic

corrego · 2014-01-15T17:36:11.000Z

how did your fix it?

i am trying to use configuration builder but it is not working

Bladeblaster39 · 2014-01-15T17:42:48.000Z

oh

MaxTryk · 2014-01-15T19:46:00.000Z

All urls have been updated to “https”. Now getting this error: “Failed to validate oauth signature and token”. Tried with and without CURLOPT_SSL_VERIFYPEER - same result.

njtuser · 2014-01-15T21:00:00.000Z

I had below issue from yesterday and I got it fixed by upgrading my java libarary from 3.0.3 to 3.0.5 (twitter4j-core-3.0.5).

Server returned HTTP response code: 403 for URL: http://api.twitter.com/1.1/statuses/update.json
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=b2b52c28 or
http://www.google.co.jp/search?q=10981ac7

pcorpsapportal · 2014-01-16T01:44:44.000Z

I was also receiving the 403 message and switched to using 3.0.5 (twitter4j). 3.0.5 appears to ensure SSL is set by default and also uses the correct https urls for accessing the api and oauth. Oddly enough, I am able to get the code to work properly on my workstation running within eclipse, but not within our app server. I looked into updating the certificates as others have stated, but this did not resolve my issue. Were you required to make any other changes, such as certificate updates? I have read a posting indicating you need the VeriSign Class 3 Public Primary CA - G3 certificate, but this may not actually cover it all and you need to create your own. Any help would be appreciated. I don’t really know what I am looking for when debuggin the twitter4j in eclipse and all I get back now is a 400 error message bad authentication data code 215.

chcibelli · 2014-01-16T01:45:00.000Z

Hi i download and added crt file but im still getting 401 error when i call request_token endpoint.

These are my curl options

	curl_setopt($this -> _ch, CURLOPT_SSL_VERIFYPEER, True);
	curl_setopt($this -> _ch, CURLOPT_SSL_VERIFYHOST, 2);
	curl_setopt($this -> _ch, CURLOPT_CAINFO,
              dirname(__FILE__) . '/ca-bundle.crt');
			  		
	curl_setopt($this -> _ch, CURLOPT_RETURNTRANSFER, TRUE);
	curl_setopt($this -> _ch, CURLOPT_VERBOSE, TRUE);
	curl_setopt($this -> _ch, CURLOPT_HEADER, TRUE);

Im using PHP

Any idea?

Thanks,

Estevecomm · 2014-01-16T07:28:18.000Z

Hi,

on our website the tweet module DISTRISCOPIE is down for 2 days. http://www.ifls.net
Is this issue related to your ssl change ?
If yes, who can solve that ? the Joomla developer module or ourselve in Joomla back end ?

thank you
pierre

aldnet · 2014-01-16T08:30:15.000Z

Ok, but for example if you are not a regular user of the forum or you are subscribed to api 1.1 forum we does not realize about the anouncement. I’m subscribed in anouncement section here in the forum, but not in all sections.

We start to control @twitterapi actively in the company and I even know the Calendar section here en Twitter.

Tank your for your reply.

jvv · 2014-01-16T09:01:00.000Z

Is there any other way to get notices for changes like these besides following @twitterapi ? I already follow twitterapi, but I rarely read everything. Perhaps make the dev calendar https://dev.twitter.com/calendar in a shareable formar (iCal?)

lfcipriani · 2014-01-16T12:22:23.000Z

Josep, completely agree that we need a more guaranteed way to let all developers and companies know about changes. I assure you that we are working on more effective ways to do that. For now, keep looking for @twitterapi updates. Thanks for the feedback

lfcipriani · 2014-01-16T12:24:18.000Z

You don’t need to install SSL certificate on your server, you just need to connect to api.twitter.com using SSL. Please, check: https://dev.twitter.com/docs/security/using-ssl

lfcipriani · 2014-01-16T12:27:32.000Z

For now the recommendation is to keep attention to @twitterapi account. We are working to provide an ensured way to notify everybody about changes.

lfcipriani · 2014-01-16T12:29:39.000Z

You will need to investigate if your website is doing requests to api.twitter.com with HTTP plaintext connections. If so, this can be the problem with your website. Please, also publish a question in Joomla forums to look for related issues.

lfcipriani · 2014-01-16T12:30:26.000Z

Please, can you check if your certificate path is pointing to the right file?

MacsandMoreDH · 2014-01-16T12:32:25.000Z

You know this is failing big time in wordpress.
The “fix” didn’t work. No CURL redirect.
Better get this fixed before ya starting getting some really really bad press.

chcibelli · 2014-01-16T12:35:08.000Z

Yes, i checked this, my crt file is in the same directory that twitter php class and file is readable.

Maybe i have wrong certificate? where i can download another?

Im getting “401 request failed” as response

Thanks,

RafaelAlbany · 2014-01-16T13:36:00.000Z

Hi @chcibelli, i had to install VeriSign Class 3 Primary CA - G5 for my app works, we already install the VeriSign Class 3 Public Primary CA - G3 that is recommended in the twitter docs about ssl here: https://dev.twitter.com/docs/security/using-ssl.

But the application still does not work, after install the G5 version of the certificate all works well for me.

Hope it helps you

MartyRayKraft · 2014-01-16T16:42:10.000Z

I’m getting a lot of Connection reset by peer - SSL_connect errors. Has anyone else experienced this? Thanks.

kjstrasser · 2014-01-16T19:20:08.000Z

Switched to https…but still having Oauth issues here.

ygary · 2014-01-16T20:09:45.000Z

two ways: upgrade to twitter4j 3.0.5, or, add following line to your twitter4j.properties:
http.useSSL=true