Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s3cmd v2.0.0 with Python 2.7.9 using SSL behind Squid Proxy, getting "ERROR: S3 error: 400 (Bad Request)" #905

Closed
dannyk81 opened this issue Jul 28, 2017 · 13 comments
Closed

s3cmd v2.0.0 with Python 2.7.9 using SSL behind Squid Proxy, getting "ERROR: S3 error: 400 (Bad Request)" #905

dannyk81 opened this issue Jul 28, 2017 · 13 comments

Comments

@dannyk81
Copy link

dannyk81 commented Jul 28, 2017
edited
Loading

Hey guys,

I'm running s3cmd v2.0.0 on Debian Jessie (8.7) with Python 2.7.9.

We have a Squid proxy in place and when setting up s3cmd with SSL (use_https = True) s3cmd fails with ERROR: S3 error: 400 (Bad Request) error. With use_https = False everything works perfectly.

UPDATE: I performed two tests
UPDATE 2: test 3 - 5

  1. I installed aws-cli (v1.11.127) on the same node and it works just fine (I verified it uses our proxy and HTTPS):
$ aws s3 ls
2017-07-20 21:04:20 *****-backups-***
2017-07-26 01:22:42 *****-backups-***

  1. I configured the server to not use a Proxy and it works too

  2. Tried with Python 3 (3.4.2) -> doesn't work

  3. Tried with Buckets in different regions (Ireland, Oregen) -> doesn't work

  4. Upgraded Squid from 3.4.8 to 3.5.25 -> didn't help

Based on above, it seems like some kind of combination between s3cmd and Squid that just doesn't work. However, we have many other HTTPS connections going through this Proxy using the CONNECT method without any issues...

Here is a debug snippet:

$ s3cmd ls --debug
DEBUG: s3cmd version 2.0.0
DEBUG: ConfigParser: Reading file '/home/backup/.s3cfg'
DEBUG: ConfigParser: access_key->AK...17_chars...A
DEBUG: ConfigParser: access_token->
DEBUG: ConfigParser: add_encoding_exts->
DEBUG: ConfigParser: add_headers->
DEBUG: ConfigParser: bucket_location->US
DEBUG: ConfigParser: ca_certs_file->
DEBUG: ConfigParser: cache_file->
DEBUG: ConfigParser: check_ssl_certificate->True
DEBUG: ConfigParser: check_ssl_hostname->True
DEBUG: ConfigParser: cloudfront_host->cloudfront.amazonaws.com
DEBUG: ConfigParser: default_mime_type->binary/octet-stream
DEBUG: ConfigParser: delay_updates->False
DEBUG: ConfigParser: delete_after->False
DEBUG: ConfigParser: delete_after_fetch->False
DEBUG: ConfigParser: delete_removed->False
DEBUG: ConfigParser: dry_run->False
DEBUG: ConfigParser: enable_multipart->True
DEBUG: ConfigParser: encoding->UTF-8
DEBUG: ConfigParser: encrypt->False
DEBUG: ConfigParser: expiry_date->
DEBUG: ConfigParser: expiry_days->
DEBUG: ConfigParser: expiry_prefix->
DEBUG: ConfigParser: follow_symlinks->False
DEBUG: ConfigParser: force->False
DEBUG: ConfigParser: get_continue->False
DEBUG: ConfigParser: gpg_command->/usr/bin/gpg
DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_passphrase->f0...3_chars...R
DEBUG: ConfigParser: guess_mime_type->True
DEBUG: ConfigParser: host_base->s3.amazonaws.com
DEBUG: ConfigParser: host_bucket->%(bucket)s.s3.amazonaws.com
DEBUG: ConfigParser: human_readable_sizes->False
DEBUG: ConfigParser: invalidate_default_index_on_cf->False
DEBUG: ConfigParser: invalidate_default_index_root_on_cf->True
DEBUG: ConfigParser: invalidate_on_cf->False
DEBUG: ConfigParser: kms_key->
DEBUG: ConfigParser: limit->-1
DEBUG: ConfigParser: limitrate->0
DEBUG: ConfigParser: list_md5->False
DEBUG: ConfigParser: log_target_prefix->
DEBUG: ConfigParser: long_listing->False
DEBUG: ConfigParser: max_delete->-1
DEBUG: ConfigParser: mime_type->
DEBUG: ConfigParser: multipart_chunk_size_mb->15
DEBUG: ConfigParser: multipart_max_chunks->10000
DEBUG: ConfigParser: preserve_attrs->True
DEBUG: ConfigParser: progress_meter->True
DEBUG: ConfigParser: proxy_host->fpx.prd.mia.novumproject.com
DEBUG: ConfigParser: proxy_port->8080
DEBUG: ConfigParser: put_continue->False
DEBUG: ConfigParser: recursive->False
DEBUG: ConfigParser: recv_chunk->65536
DEBUG: ConfigParser: reduced_redundancy->False
DEBUG: ConfigParser: requester_pays->False
DEBUG: ConfigParser: restore_days->1
DEBUG: ConfigParser: restore_priority->Standard
DEBUG: ConfigParser: secret_key->9U...37_chars...A
DEBUG: ConfigParser: send_chunk->65536
DEBUG: ConfigParser: server_side_encryption->False
DEBUG: ConfigParser: signature_v2->False
DEBUG: ConfigParser: simpledb_host->sdb.amazonaws.com
DEBUG: ConfigParser: skip_existing->False
DEBUG: ConfigParser: socket_timeout->300
DEBUG: ConfigParser: stats->False
DEBUG: ConfigParser: stop_on_error->False
DEBUG: ConfigParser: storage_class->
DEBUG: ConfigParser: urlencoding_mode->normal
DEBUG: ConfigParser: use_http_expect->False
DEBUG: ConfigParser: use_https->True
DEBUG: ConfigParser: use_mime_magic->True
DEBUG: ConfigParser: verbosity->WARNING
DEBUG: ConfigParser: website_endpoint->http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
DEBUG: ConfigParser: website_error->
DEBUG: ConfigParser: website_index->index.html
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'ls' using UTF-8
DEBUG: Command: ls
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v2
DEBUG: SignHeaders: u'GET\n\n\n\nx-amz-date:Fri, 28 Jul 2017 01:12:54 +0000\n/'
DEBUG: Processing request, please wait...
DEBUG: get_hostname(None): s3.amazonaws.com
DEBUG: ConnMan.get(): creating new connection: proxy://fpx.prd.mia.novumproject.com:8080
DEBUG: Using ca_certs_file None
DEBUG: httplib.HTTPSConnection() has only context
DEBUG: proxied HTTPSConnection(fpx.prd.mia.novumproject.com, 8080)
DEBUG: tunnel to s3.amazonaws.com, None
DEBUG: format_uri(): /
DEBUG: Sending request method_string='GET', uri=u'/', headers={'Authorization': u'AWS AKIAJC6JE7KDKR2N4WKA:7e0JA1RN3bcDPMUlFyekxjUcllk=', 'x-amz-date': 'Fri, 28 Jul 2017 01:12:54 +0000'}, body=(0 bytes)
DEBUG: ConnMan.put(): closing proxy connection (keep-alive not yet supported)
DEBUG: Response:
{'data': '',
 'headers': {'connection': 'close',
             'date': 'Fri, 28 Jul 2017 01:12:53 GMT',
             'server': 'AmazonS3',
             'transfer-encoding': 'chunked'},
 'reason': 'Bad Request',
 'status': 400}
DEBUG: S3Error: 400 (Bad Request)
DEBUG: HttpHeader: transfer-encoding: chunked
DEBUG: HttpHeader: date: Fri, 28 Jul 2017 01:12:53 GMT
DEBUG: HttpHeader: connection: close
DEBUG: HttpHeader: server: AmazonS3
ERROR: S3 error: 400 (Bad Request)

This seems like an issue with our Proxy, however I can't seem to figure out what.
@dannyk81
Copy link
Author

dannyk81 commented Aug 1, 2017

After several tries and tests, I figured I would try an older version and downgraded to v1.6.1 - to my surprise, it works!

Seems like there's regression from v1.6.1 -> v2.0.0 with regard to proxied SSL connections.

here's a debug output using v1.6.1:

$ ./s3cmd ls --debug
DEBUG: s3cmd version 1.6.1
DEBUG: ConfigParser: Reading file '/root/.s3cfg'
DEBUG: ConfigParser: access_key->AK...17_chars...A
DEBUG: ConfigParser: access_token->
DEBUG: ConfigParser: add_encoding_exts->
DEBUG: ConfigParser: add_headers->
DEBUG: ConfigParser: bucket_location->US
DEBUG: ConfigParser: ca_certs_file->
DEBUG: ConfigParser: cache_file->
DEBUG: ConfigParser: check_ssl_certificate->True
DEBUG: ConfigParser: check_ssl_hostname->True
DEBUG: ConfigParser: cloudfront_host->cloudfront.amazonaws.com
DEBUG: ConfigParser: default_mime_type->binary/octet-stream
DEBUG: ConfigParser: delay_updates->False
DEBUG: ConfigParser: delete_after->False
DEBUG: ConfigParser: delete_after_fetch->False
DEBUG: ConfigParser: delete_removed->False
DEBUG: ConfigParser: dry_run->False
DEBUG: ConfigParser: enable_multipart->True
DEBUG: ConfigParser: encoding->UTF-8
DEBUG: ConfigParser: encrypt->False
DEBUG: ConfigParser: expiry_date->
DEBUG: ConfigParser: expiry_days->
DEBUG: ConfigParser: expiry_prefix->
DEBUG: ConfigParser: follow_symlinks->False
DEBUG: ConfigParser: force->False
DEBUG: ConfigParser: get_continue->False
DEBUG: ConfigParser: gpg_command->/usr/bin/gpg
DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_passphrase->...-3_chars...
DEBUG: ConfigParser: guess_mime_type->True
DEBUG: ConfigParser: host_base->s3.amazonaws.com
DEBUG: ConfigParser: host_bucket->%(bucket)s.s3.amazonaws.com
DEBUG: ConfigParser: human_readable_sizes->False
DEBUG: ConfigParser: invalidate_default_index_on_cf->False
DEBUG: ConfigParser: invalidate_default_index_root_on_cf->True
DEBUG: ConfigParser: invalidate_on_cf->False
DEBUG: ConfigParser: kms_key->46e5d2e4-1037-4c76-b0da-fdf1253dc08e
DEBUG: ConfigParser: limit->-1
DEBUG: ConfigParser: limitrate->15m
DEBUG: ConfigParser: list_md5->False
DEBUG: ConfigParser: log_target_prefix->
DEBUG: ConfigParser: long_listing->False
DEBUG: ConfigParser: max_delete->-1
DEBUG: ConfigParser: mime_type->
DEBUG: ConfigParser: multipart_chunk_size_mb->15
DEBUG: ConfigParser: multipart_max_chunks->10000
DEBUG: ConfigParser: preserve_attrs->True
DEBUG: ConfigParser: progress_meter->False
DEBUG: ConfigParser: proxy_host->fpx.prd.mia.novumproject.com
DEBUG: ConfigParser: proxy_port->8080
DEBUG: ConfigParser: put_continue->False
DEBUG: ConfigParser: recursive->False
DEBUG: ConfigParser: recv_chunk->65536
DEBUG: ConfigParser: reduced_redundancy->False
DEBUG: ConfigParser: requester_pays->False
DEBUG: ConfigParser: restore_days->1
DEBUG: ConfigParser: restore_priority->Standard
DEBUG: ConfigParser: secret_key->9U...37_chars...A
DEBUG: ConfigParser: send_chunk->65536
DEBUG: ConfigParser: server_side_encryption->False
DEBUG: ConfigParser: signature_v2->False
DEBUG: ConfigParser: simpledb_host->sdb.amazonaws.com
DEBUG: ConfigParser: skip_existing->False
DEBUG: ConfigParser: socket_timeout->300
DEBUG: ConfigParser: stats->False
DEBUG: ConfigParser: stop_on_error->False
DEBUG: ConfigParser: storage_class->
DEBUG: ConfigParser: urlencoding_mode->normal
DEBUG: ConfigParser: use_http_expect->False
DEBUG: ConfigParser: use_https->True
DEBUG: ConfigParser: use_mime_magic->True
DEBUG: ConfigParser: verbosity->WARNING
DEBUG: ConfigParser: website_endpoint->http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
DEBUG: ConfigParser: website_error->
DEBUG: ConfigParser: website_index->index.html
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'ls' using UTF-8
DEBUG: Command: ls
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v2
DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Tue, 01 Aug 2017 15:28:15 +0000\n/'
DEBUG: Processing request, please wait...
DEBUG: get_hostname(None): s3.amazonaws.com
DEBUG: ConnMan.get(): creating new connection: proxy://fpx.prd.mia.novumproject.com:8080
DEBUG: Using ca_certs_file None
DEBUG: httplib.HTTPSConnection() has only context
DEBUG: proxied HTTPSConnection(fpx.prd.mia.novumproject.com, 3128)
DEBUG: tunnel to s3.amazonaws.com
DEBUG: get_hostname(None): s3.amazonaws.com
DEBUG: format_uri(): http://s3.amazonaws.com/
DEBUG: Sending request method_string='GET', uri='http://s3.amazonaws.com/', headers={'Authorization': 'AWS AKIAJC6JE7KDKR2N4WKA:aEp3QZhcOSk1NMO66HK/bIHN+qY=', 'x-amz-date': 'Tue, 01 Aug 2017 15:28:15 +0000'}, body=(0 bytes)
DEBUG: Response: {'status': 200, 'headers': {'x-amz-id-2': 'AlhLSSkgNYSuTlgbnPQg/cP9NFEut3E/KkOvSWGouPX1W0+eru/GBcgCWG8VxMj1r4v3cTtN6q8=', 'server': 'AmazonS3', 'transfer-encoding': 'chunked', 'x-amz-request-id': '874A191EB16052BE', 'date': 'Tue, 01 Aug 2017 15:28:17 GMT', 'content-type': 'application/xml'}, 'reason': 'OK', 'data': '<?xml version="1.0" encoding="UTF-8"?>\n<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>08e79931a21c187af661a77556469a1e4f00df06101b1975c04f38926376daf2</ID><DisplayName>sre+awsnovum</DisplayName></Owner><Buckets><Bucket><Name>bucket-1</Name><CreationDate>2017-07-20T21:04:20.000Z</CreationDate></Bucket><Bucket><Name>bucket-2</Name><CreationDate>2017-07-26T01:22:42.000Z</CreationDate></Bucket><Bucket><Name>bucket-3</Name><CreationDate>2017-07-28T14:12:11.000Z</CreationDate></Bucket></Buckets></ListAllMyBucketsResult>'}
DEBUG: ConnMan.put(): closing proxy connection (keep-alive not yet supported)
2017-07-20 21:04  s3://<bucket-1>
2017-07-26 01:22  s3://<bucket-2>
2017-07-28 14:12  s3://<bucket-3>

@dannyk81
Copy link
Author

dannyk81 commented Aug 1, 2017

Some further testing revealed that although with v1.6.1 the commands ls & put are working, the get command fails :-( this is really frustrating...

Debug output:

$ s3cmd get s3://<bucket>/test.txt --debug
DEBUG: s3cmd version 1.6.1
DEBUG: ConfigParser: Reading file '/home/backup/.s3cfg'
DEBUG: ConfigParser: access_key->AK...17_chars...A
DEBUG: ConfigParser: access_token->
DEBUG: ConfigParser: add_encoding_exts->
DEBUG: ConfigParser: add_headers->
DEBUG: ConfigParser: bucket_location->US
DEBUG: ConfigParser: ca_certs_file->
DEBUG: ConfigParser: cache_file->
DEBUG: ConfigParser: check_ssl_certificate->True
DEBUG: ConfigParser: check_ssl_hostname->True
DEBUG: ConfigParser: cloudfront_host->cloudfront.amazonaws.com
DEBUG: ConfigParser: default_mime_type->binary/octet-stream
DEBUG: ConfigParser: delay_updates->False
DEBUG: ConfigParser: delete_after->False
DEBUG: ConfigParser: delete_after_fetch->False
DEBUG: ConfigParser: delete_removed->False
DEBUG: ConfigParser: dry_run->False
DEBUG: ConfigParser: enable_multipart->True
DEBUG: ConfigParser: encoding->UTF-8
DEBUG: ConfigParser: encrypt->False
DEBUG: ConfigParser: expiry_date->
DEBUG: ConfigParser: expiry_days->
DEBUG: ConfigParser: expiry_prefix->
DEBUG: ConfigParser: follow_symlinks->False
DEBUG: ConfigParser: force->False
DEBUG: ConfigParser: get_continue->False
DEBUG: ConfigParser: gpg_command->/usr/bin/gpg
DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_passphrase->...-3_chars...
DEBUG: ConfigParser: guess_mime_type->True
DEBUG: ConfigParser: host_base->s3.amazonaws.com
DEBUG: ConfigParser: host_bucket->%(bucket)s.s3.amazonaws.com
DEBUG: ConfigParser: human_readable_sizes->False
DEBUG: ConfigParser: invalidate_default_index_on_cf->False
DEBUG: ConfigParser: invalidate_default_index_root_on_cf->True
DEBUG: ConfigParser: invalidate_on_cf->False
DEBUG: ConfigParser: kms_key->adeec8b5-35ef-4c1d-9251-64ee159b68e0
DEBUG: ConfigParser: limit->-1
DEBUG: ConfigParser: limitrate->30m
DEBUG: ConfigParser: list_md5->False
DEBUG: ConfigParser: log_target_prefix->
DEBUG: ConfigParser: long_listing->False
DEBUG: ConfigParser: max_delete->-1
DEBUG: ConfigParser: mime_type->
DEBUG: ConfigParser: multipart_chunk_size_mb->15
DEBUG: ConfigParser: multipart_max_chunks->10000
DEBUG: ConfigParser: preserve_attrs->True
DEBUG: ConfigParser: progress_meter->False
DEBUG: ConfigParser: proxy_host->fpx.prd.mia.novumproject.com
DEBUG: ConfigParser: proxy_port->8080
DEBUG: ConfigParser: put_continue->False
DEBUG: ConfigParser: recursive->False
DEBUG: ConfigParser: recv_chunk->65536
DEBUG: ConfigParser: reduced_redundancy->False
DEBUG: ConfigParser: requester_pays->False
DEBUG: ConfigParser: restore_days->1
DEBUG: ConfigParser: restore_priority->Standard
DEBUG: ConfigParser: secret_key->9U...37_chars...A
DEBUG: ConfigParser: send_chunk->65536
DEBUG: ConfigParser: server_side_encryption->False
DEBUG: ConfigParser: signature_v2->False
DEBUG: ConfigParser: simpledb_host->sdb.amazonaws.com
DEBUG: ConfigParser: skip_existing->False
DEBUG: ConfigParser: socket_timeout->300
DEBUG: ConfigParser: stats->False
DEBUG: ConfigParser: stop_on_error->False
DEBUG: ConfigParser: storage_class->
DEBUG: ConfigParser: urlencoding_mode->normal
DEBUG: ConfigParser: use_http_expect->False
DEBUG: ConfigParser: use_https->True
DEBUG: ConfigParser: use_mime_magic->True
DEBUG: ConfigParser: verbosity->WARNING
DEBUG: ConfigParser: website_endpoint->http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
DEBUG: ConfigParser: website_error->
DEBUG: ConfigParser: website_index->index.html
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'get' using UTF-8
DEBUG: Unicodising 's3://<bucket>/test.txt' using UTF-8
DEBUG: Command: get
DEBUG: DeUnicodising u'test.txt' using UTF-8
DEBUG: Unicodising 'test.txt' using UTF-8
DEBUG: Applying --exclude/--include
DEBUG: CHECK: test.txt
DEBUG: PASS: u'test.txt'
INFO: Summary: 1 remote files to download
DEBUG: DeUnicodising u'./test.txt' using UTF-8
DEBUG: Unicodising './test.txt' using UTF-8
DEBUG: DeUnicodising u'./test.txt' using UTF-8
DEBUG: DeUnicodising u'./test.txt' using UTF-8
DEBUG: String 'test.txt' encoded to 'test.txt'
DEBUG: CreateRequest: resource[uri]=/test.txt
DEBUG: Using signature v4
DEBUG: get_hostname(<bucket>): <bucket>.s3.amazonaws.com
DEBUG: canonical_headers = host:<bucket>.s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170801T225835Z

DEBUG: Canonical Request:
GET
/test.txt

host:<bucket>.s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170801T225835Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
----------------------
DEBUG: signature-v4 headers: {'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': 'AWS4-HMAC-SHA256 Credential=AKIAJC6JE7KDKR2N4WKA/20170801/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=478c8f266f5fc388d927e53bdc826eea012ecaf85fda7285fd9b1efc7b3084e2', 'x-amz-date': '20170801T225835Z'}
DEBUG: Unicodising './test.txt' using UTF-8
INFO: Receiving file './test.txt', please wait...
DEBUG: get_hostname(<bucket>): <bucket>.s3.amazonaws.com
DEBUG: ConnMan.get(): creating new connection: proxy://fpx.prd.mia.novumproject.com:8080
DEBUG: Using ca_certs_file None
DEBUG: httplib.HTTPSConnection() has only context
DEBUG: proxied HTTPSConnection(fpx.prd.mia.novumproject.com, 8080)
DEBUG: tunnel to <bucket>.s3.amazonaws.com
DEBUG: get_hostname(<bucket>): <bucket>.s3.amazonaws.com
DEBUG: format_uri(): http://<bucket>.s3.amazonaws.com/test.txt
DEBUG: Response: {'status': 400, 'headers': {'x-amz-id-2': 'ri2UdNfNjQBdiRr+t/eFErjkekjr03nzRTwUwQOoTZcPWzFJcLuVUQswfEuu3L3edkh8KbTotZ4=', 'server': 'AmazonS3', 'transfer-encoding': 'chunked', 'connection': 'close', 'x-amz-request-id': 'E0A02CACAC726579', 'date': 'Tue, 01 Aug 2017 22:58:35 GMT', 'content-type': 'application/xml'}, 'reason': 'Bad Request'}
DEBUG: Falling back to signature v2
DEBUG: Using signature v2
DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-amz-date:Tue, 01 Aug 2017 22:58:35 +0000\n/<bucket>/test.txt'
DEBUG: Unicodising './test.txt' using UTF-8
INFO: Receiving file './test.txt', please wait...
DEBUG: get_hostname(<bucket>): <bucket>.s3.amazonaws.com
DEBUG: ConnMan.get(): creating new connection: proxy://fpx.prd.mia.novumproject.com:8080
DEBUG: httplib.HTTPSConnection() has only context
DEBUG: proxied HTTPSConnection(fpx.prd.mia.novumproject.com, 8080)
DEBUG: tunnel to <bucket>.s3.amazonaws.com
DEBUG: get_hostname(<bucket>): <bucket>.s3.amazonaws.com
DEBUG: format_uri(): http://<bucket>.s3.amazonaws.com/test.txt
DEBUG: Response: {'status': 400, 'headers': {'x-amz-region': 'us-east-1', 'x-amz-id-2': '30gjCVw0WTi3ZAWRplPq9DuTyHZtLCS5REQBqBtZX1yezNk1Gq8h+iepc9FZQ3n++yV9F794vkQ=', 'server': 'AmazonS3', 'transfer-encoding': 'chunked', 'connection': 'close', 'x-amz-request-id': '0942AFE1FECEC04D', 'date': 'Tue, 01 Aug 2017 22:58:35 GMT', 'content-type': 'application/xml'}, 'reason': 'Bad Request'}
DEBUG: S3Error: 400 (Bad Request)
DEBUG: HttpHeader: x-amz-region: us-east-1
DEBUG: HttpHeader: x-amz-id-2: 30gjCVw0WTi3ZAWRplPq9DuTyHZtLCS5REQBqBtZX1yezNk1Gq8h+iepc9FZQ3n++yV9F794vkQ=
DEBUG: HttpHeader: server: AmazonS3
DEBUG: HttpHeader: transfer-encoding: chunked
DEBUG: HttpHeader: connection: close
DEBUG: HttpHeader: x-amz-request-id: 0942AFE1FECEC04D
DEBUG: HttpHeader: date: Tue, 01 Aug 2017 22:58:35 GMT
DEBUG: HttpHeader: content-type: application/xml
DEBUG: object_get failed for './test.txt', deleting...
DEBUG: DeUnicodising u'./test.txt' using UTF-8
ERROR: S3 error: 400 (Bad Request)

@dannyk81
Copy link
Author

dannyk81 commented Aug 9, 2017

Ping :-)

Any ideas?

@fviard
Copy link
Contributor

fviard commented Aug 9, 2017 via email

@dannyk81
Copy link
Author

dannyk81 commented Aug 9, 2017

@fviard thank you!

@fviard
Copy link
Contributor

fviard commented Aug 12, 2017

Thank you for the detailed log.

I have an idea, is it possible for you to try a small change to see if it solves your issue?
1 line to add and 2 to slightly modify:

diff --git a/S3/ConnMan.py b/S3/ConnMan.py
index c1497bc..2a882df 100644
--- a/S3/ConnMan.py
+++ b/S3/ConnMan.py
@@ -209,8 +209,9 @@ class http_connection(object):
if ssl:
self.c = http_connection._https_connection(cfg.proxy_host, cfg.proxy_port)
debug(u'proxied HTTPSConnection(%s, %s)', cfg.proxy_host, cfg.proxy_port)

  •            self.c.set_tunnel(self.hostname, self.port)

  •            debug(u'tunnel to %s, %s', self.hostname, self.port)

  •            port = self.port and self.port or 443

  •            self.c.set_tunnel(self.hostname, port)

  •            debug(u'tunnel to %s, %s', self.hostname, port)
       else:
           self.c = httplib.HTTPConnection(cfg.proxy_host, cfg.proxy_port)
           debug(u'proxied HTTPConnection(%s, %s)', cfg.proxy_host, cfg.proxy_port)

I think that in the default case when no custom port set, then we create the tunnel with connect without specify the destination port. Thinking that the proxy will guess alone.
That may not be the case, and the proxy connecting to the port 80 instead of 443 (ssl) for example.

@dannyk81
Copy link
Author

Thanks for this!

Could you please post again the diff as above is not very clear.

@dannyk81
Copy link
Author

dannyk81 commented Aug 12, 2017
edited
Loading

Okay, so I figured out what had to be changed (I think), this is the updated block:

            if ssl:
                self.c = http_connection._https_connection(cfg.proxy_host, cfg.proxy_port)
                debug(u'proxied HTTPSConnection(%s, %s)', cfg.proxy_host, cfg.proxy_port)
                port = self.port and self.port or 443
                self.c.set_tunnel(self.hostname, port)
                debug(u'tunnel to %s, %s', self.hostname, port)

And the good news! it works 👍 tested ls, put and get commands, all three work great!

@dannyk81
Copy link
Author

Here's my actual diff, just in case :)

diff --git a/S3/ConnMan.py b/S3/ConnMan.py
index c1497bc..2a882df 100644
--- a/S3/ConnMan.py
+++ b/S3/ConnMan.py
@@ -209,8 +209,9 @@ class http_connection(object):
             if ssl:
                 self.c = http_connection._https_connection(cfg.proxy_host, cfg.proxy_port)
                 debug(u'proxied HTTPSConnection(%s, %s)', cfg.proxy_host, cfg.proxy_port)
-                self.c.set_tunnel(self.hostname, self.port)
-                debug(u'tunnel to %s, %s', self.hostname, self.port)
+                port = self.port and self.port or 443
+                self.c.set_tunnel(self.hostname, port)
+                debug(u'tunnel to %s, %s', self.hostname, port)
             else:
                 self.c = httplib.HTTPConnection(cfg.proxy_host, cfg.proxy_port)
                 debug(u'proxied HTTPConnection(%s, %s)', cfg.proxy_host, cfg.proxy_port)

@fviard fviard closed this as completed in 11d56a9 Aug 14, 2017
@dannyk81
Copy link
Author

Great! any plans to have a release anytime soon with this (and other) fixes?

We use Puppet + pip to deploy s3cmd, so would prefer an official release (instead of pulling from Git).

@fviard
Copy link
Contributor

fviard commented Aug 19, 2017

Yes, I hope to be able to do a new version in a few days.
A lot of issues have been found and fixed since the last release and the initial support of python 3.

@dannyk81
Copy link
Author

dannyk81 commented Aug 19, 2017 via email

@dannyk81
Copy link
Author

Any update about the next release 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fviard @dannyk81