Option to allow public_url to be HTTPS

[drcraig]

The protocol for the URL returned from s3cmd info <object> appears to be hardcoded to HTTP in https://github.com/s3tools/s3cmd/blob/master/S3/S3Uri.py#L82. Could it be configurable to use HTTPS instead? I'm not sure if it would be safe to extend the meaning of use_https to cover this or not, so perhaps it should be its own standalone config. Our use case is an internal corporate Riak CS system.

[mdomsch]

No. Most buckets are DNS-named, and thus https generally fails certificate
validation. If a user knows that the link should be https, they're free to
change the returned value to say https.

On Mon, May 18, 2015 at 3:41 PM, Dan Craig [email protected] wrote:

The protocol for the URL returned from s3cmd info appears to be
hardcoded to HTTP in
https://github.com/s3tools/s3cmd/blob/master/S3/S3Uri.py#L82. Could it be
configurable to use HTTPS instead? I'm not sure if it would be safe to
extend the meaning of use_https to cover this or not, so perhaps it
should be its own standalone config. Our use case is an internal corporate
Riak CS system.

—
Reply to this email directly or view it on GitHub
#551.

[drcraig]

Thanks, I figured it wasn't workable across the board but wasn't sure why. But a separate option, say something like public_url_use_https, could be useful for those who do serve under *.s3.amazonaws.com, right? You're right, the user can change the return value, but that's a little annoying to have to have everyone pipe their output through sed. My solution for now will be an http->https redirect, but the option to get the https URL directly would be appreciated.

[mdomsch]

*.s3.amazonaws.com (where * is a single word, no dots) is only meaningful
for buckets in us-east-1 I believe. All other regions require DNS formats.
mybucket.example.com.s3.amazonaws.com won't match *.s3.amazonaws.com for
HTTPS validation. So it's a pretty limited use case anymore
unfortunately.

On Mon, May 18, 2015 at 4:57 PM, Dan Craig [email protected] wrote:

Thanks, I figured it wasn't workable across the board but wasn't sure why.
But a separate option, say something like public_url_use_https, could be
useful for those who do serve under *.s3.amazonaws.com, right? You're
right, the user can change the return value, but that's a little annoying
to have to have everyone pipe their output through sed. My solution for now
will be an http->https redirect, but the option to get the https URL
directly would be appreciated.

—
Reply to this email directly or view it on GitHub
#551 (comment).

[drcraig]

Looks like the preferred way to do HTTPS with Amazon S3 is through CloudFront. I suppose that could be outside the scope of s3cmd. So perhaps it is a limited use case for Amazon S3, which I'm sure is the bulk of your user base. Just remember that there are at least a few of us who use s3cmd to talk to S3-compatible APIs for tools like Riak CS. s3cmd a great tool for that and we've gotten a ton of use from it.

[thelan]

Hello,
It's quite an old issue but i thkink we can close this. I've added an option to the configuration file to manage this case:
In case you want to see the PR #917