From 9c3c784248ecdc8b26fb67f2a6a42733395487bd Mon Sep 17 00:00:00 2001
From: Alex Woods <alexwoo@amazon.com>
Date: Thu, 15 Aug 2024 08:09:03 -0700
Subject: [PATCH] Consider sigv4a supported without crt check (#3089)

---
 gems/aws-sdk-core/CHANGELOG.md                     | 3 +++
 gems/aws-sdk-core/aws-sdk-core.gemspec             | 2 +-
 gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb | 5 ++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md
index dacef83d581..08b46430174 100644
--- a/gems/aws-sdk-core/CHANGELOG.md
+++ b/gems/aws-sdk-core/CHANGELOG.md
@@ -1,6 +1,9 @@
 Unreleased Changes
 ------------------
 
+* Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+* Issue - Consider sigv4a supported without crt check.
+
 3.201.4 (2024-08-08)
 ------------------
 
diff --git a/gems/aws-sdk-core/aws-sdk-core.gemspec b/gems/aws-sdk-core/aws-sdk-core.gemspec
index 12f78a41c66..6b393f4bfd3 100644
--- a/gems/aws-sdk-core/aws-sdk-core.gemspec
+++ b/gems/aws-sdk-core/aws-sdk-core.gemspec
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency('jmespath', '~> 1', '>= 1.6.1') # necessary for secure jmespath JSON parsing
   spec.add_dependency('aws-partitions', '~> 1', '>= 1.651.0') # necessary for new endpoint resolution
-  spec.add_dependency('aws-sigv4', '~> 1.8') # necessary for s3 express auth
+  spec.add_dependency('aws-sigv4', '~> 1.9') # necessary for s3 express auth/native sigv4a support
   spec.add_dependency('aws-eventstream', '~> 1', '>= 1.3.0') # necessary for binary eventstream
 
   spec.metadata = {
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb b/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
index 2c069bb9e2a..5a447707222 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
@@ -13,8 +13,7 @@ class Sign < Seahorse::Client::Plugin
       option(:sigv4_region)
       option(:unsigned_operations, default: [])
 
-      supported_auth_types = %w[sigv4 bearer sigv4-s3express none]
-      supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
+      supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
       SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
 
       def add_handlers(handlers, cfg)
@@ -107,7 +106,7 @@ def initialize(auth_scheme, config, sigv4_overrides = {})
                      auth_scheme['signingRegion']
                    end
           begin
-            @signer = Aws::Sigv4::Signer.new(
+            @signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
               service: config.sigv4_name || auth_scheme['signingName'],
               region: sigv4_overrides[:region] || config.sigv4_region || region,
               credentials_provider: sigv4_overrides[:credentials] || config.credentials,