Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug/check certificate #438

Merged
merged 2 commits into from
Dec 14, 2014
Merged

Bug/check certificate #438

merged 2 commits into from
Dec 14, 2014

Conversation

mdomsch
Copy link
Contributor

@mdomsch mdomsch commented Dec 14, 2014

Fixes #437

@mdomsch
fix --{no-}check-certificate and non-proxied https connections
f2d2e2d 
Amazon S3's wildcard certificate doesn't work with FQDN-style buckets
(any bucket with a '.' in its name).

We were calling ssl._create_unverified_context() when
--no-check-certificate was being used, but this doesn't actually stop
the host name checks from happening, which on python 2.7.9, then fail
the connection before doing any useful work.

I don't think we need _create_unverified_context() at all, certainly
not for talking to S3 directly, and with --ca-cert present, we
shouldn't need it for any S3-like services either.

This patch also fixes up a failed merge conflict, having us use
_https_connection() on the non-proxied path like we intended.
@mdomsch
Automatically disable ssl certificate hostname checking against AWS S3
91c0bf9 
http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html

  "When using virtual hosted–style buckets with SSL, the SSL wild card
   certificate only matches buckets that do not contain periods. To work
   around this, use HTTP or write your own certificate verification
   logic."

Therefore, when we detect we are sending a request to
*.s3.amazonaws.com and are using SSL, we must disable hostname
checking. This seems to only impact python 2.7.9 and newer, as that's
where the new SSL context and checking exist.
mdomsch added a commit that referenced this pull request Dec 14, 2014
@mdomsch
Merge pull request #438 from mdomsch/bug/check-certificate
8b6e54c 
Bug/check certificate
@mdomsch mdomsch merged commit 8b6e54c into s3tools:master Dec 14, 2014
@mdomsch mdomsch deleted the bug/check-certificate branch April 23, 2015 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSL cert failure on buckets with a dot (.)
1 participant
@mdomsch