Fix SSL timeouts with the Facebook PHP-SDK

I ran into SSL timeouts on in local development setup when I was re-factoring some integration code with facebook and using their SDK. It was tricky to diagnose, I was sure that my changes couldn’t be the cause, and I finally confirmed it by running our production codebase. Since it was having the same timeout error, I knew the bug had to be in an underlying layer.

For the record, I’m running this version of curl on my Archlinux box:

<code>curl 7.25.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0<br /> OpenSSL/1.0.1 zlib/1.2.6 libssh2/1.4.0
</code>

I also got the error from the command line with

<code>curl "https://graph.facebook.com/oauth/access_token"
</code>

But it is fixed with

<code>curl --sslv3 "https://graph.facebook.com/oauth/access_token"
</code>

Debian Server

On a debian squeeze server, with the latest (4/3/2011) version of curl:

<code>curl 7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0<br /> OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
</code>

The timeout does not happen with either of the following commands:

<code>curl "https://graph.facebook.com/oauth/access_token"
curl --sslv3 "https://graph.facebook.com/oauth/access_token"
</code>

OS X

The time out does not happen on OS X which runs curl 7.21.4

Thoughts

So, this timeout only seems to affect users with very new version of curl. Fixing it requires adding a line to the Facebook PHP SDK, which while minor, you have to remember if you ever upgrade it. At the same time, this bug could come back and bite you down the road if your operating system sneaks in a newer version of curl. You can see a fork of the PHP SDK with this fix on github.

Other references:

  1. Facebook bug ticket
  2. Maybe related PHP bug

Fixing IE8 mystery error KB927917

While testing some updates to one of our Facebook applications today, I ran into an odd error message on IE8.  The error message mentioned KB927917, and is caused by trying to modify the DOM before it is built.  At first, I was confused, because the app is not modifying the DOM at all, its a redirect that is part of the authentication step.  The culprit code was something like:

{syntaxhighlighter brush:js;}<script type=”text/javascript”>
top.location.href = ‘http://example.com/foo/’;
</script>

This was working, without warnings, in Chrome, Firefox, and IE7.  To prevent IE8 from complaining, the redirect should happen after the page is done loading.

{syntaxhighlighter brush:js;}<script type=”text/javascript”>
window.onload = function() {
top.location.href = ‘http://example.com/foo/’;
};

</script>

LAUNCH002: What I Learned from Zuckerberg’s┬áMistakes – Blog – LAUNCH

Interesting persepective, is this another way of saying “Release early, release often”?  

This stands to reason: our nontechnical people are having discussions and debates while Zuckerberg is coding his next feature. This is why no one has been able to keep up with Facebook!

LAUNCH002: What I Learned from Zuckerberg’s Mistakes – Blog – LAUNCH