Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Net-Amazon-S3 CPAN distribution.

Report information
The Basics
Id: 66644
Status: open
Priority: 0/
Queue: Net-Amazon-S3
People
Owner: me+pause [...] pedrofigueiredo.org
Requestors: dwheeler [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Mar 15 16:52:00 2011 dwheeler [...] cpan.org - Ticket created
Subject: Certificate Failure with LWP 6.0
Date: Tue, 15 Mar 2011 13:51:49 -0700
To: bug-net-amazon-s3 [...] rt.cpan.org
From: "David E. Wheeler" <dwheeler [...] cpan.org>
Howdy, LWP 6.0, released last week, now requires that any https protocol request needs to verify the certificate associated with it. As a result, I'm now getting errors such as this from Net::Amazon::S3: Can't connect to feeds.lunar-theory.com.s3.amazonaws.com:443 (certificate verify failed) LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/lib/perl5/site_perl/5.12.2/LWP/Protocol/http.pm line 51. The error, it seems, is related to how domain names are constructed for S3. Details here: http://shlomoswidler.com/2009/08/amazon-s3-gotcha-using-virtual-host.html As you can see from the error message, my bucket name has a dot in it. So would it be possible to modify Net::Amazon::S3 to use this URL instead? https://s3.amazonaws.com:443/feeds.lunar-theory.com That is, put the bucket name in the path component of the URL, rather than in the domain name. Thanks, David
  Thu Jul 14 14:29:11 2011 me+pause [...] pedrofigueiredo.org - Correspondence added
Hi David, Thanks for all the info, I'll add it to the 0.55 queue. Cheers, Pedro
  Thu Jul 14 14:29:12 2011 The RT System itself - Status changed from 'new' to 'open'
  Thu Jul 14 14:30:02 2011 me+pause [...] pedrofigueiredo.org - Given to pfig
  Thu Jul 14 14:30:02 2011 me+pause [...] pedrofigueiredo.org - Severity Critical added
  Mon Jul 18 22:48:49 2011 https://www.google.com/accounts/o8/id?id=AItOawlsej5FMbEfzr4NH7EOx4n4DvU09kDaFPk - Correspondence added
On Tue Mar 15 16:52:00 2011, DWHEELER wrote: Show quoted text
> The error, it seems, is related to how domain names are constructed > for S3. Details here: > > http://shlomoswidler.com/2009/08/amazon-s3-gotcha-using-virtual- > host.html > > As you can see from the error message, my bucket name has a dot in it. > So would it be possible to modify Net::Amazon::S3 to use this URL > instead? > > https://s3.amazonaws.com:443/feeds.lunar-theory.com > > That is, put the bucket name in the path component of the URL, rather > than in the domain name. >
Just like to add a +1 to this. We're actually overriding Net::Amazon::S3::HTTPRequest to always return false for _is_dns_bucket, so that we know any urls generated are of the https://s3.amazonaws.com/ format
  Sat Dec 10 05:29:14 2011 me+pause [...] pedrofigueiredo.org - Correspondence added
Hi, Currently buckets are created using CreateBucketConfiguration and that means it's not possible to access a bucket using the path approach, only the host one works. The other issue to tackle might not be an issue: istr reading a long time ago that to use paths you needed to have created the bucket in the default region (US-WEST), I don't know if this is still true, will need to check. I will probably have some time to look at it this Sunday. Cheers, Pedro
  Sat Dec 10 13:59:34 2011 dwheeler [...] cpan.org - Correspondence added
Subject: Re: [rt.cpan.org #66644] Certificate Failure with LWP 6.0
Date: Sat, 10 Dec 2011 10:59:18 -0800
To: "bug-Net-Amazon-S3 [...] rt.cpan.org" <bug-Net-Amazon-S3 [...] rt.cpan.org>
From: "David E. Wheeler" <dwheeler [...] cpan.org>
On Dec 10, 2011, at 2:29, "Pedro Figueiredo via RT" <bug-Net-Amazon-S3@rt.cpan.org> wrote: Show quoted text
> I will probably have some time to look at it this Sunday
Great, thanks! David
  Fri Dec 16 16:06:00 2011 me+pause [...] pedrofigueiredo.org - Correspondence added
Hi, I had a look at it last weekend and made a couple of notes about it ( https://github.com/pfig/net-amazon-s3/wiki/Buckets ), unfortunately I did not have time to actually fix it, which should happen this weekend. Thank you for your patience :)
  Sat Dec 24 12:04:35 2011 me+pause [...] pedrofigueiredo.org - Correspondence added
This gets hairier outside the default region, as the certificate for Ireland (for example) is for the hostname '*.s3-eu-west-1.amazonaws.com' so even requesting https://s3-eu-west- 1.amazonaws.com/path/to/object throws an error :(