Publishing CodeArtifact generic package fails with EOF occurred in violation of protocol error

[sorin-silaghi]

Describe the bug

Running the command aws codeartifact publish-package-version fails with SSL error: EOF occurred in violation of protocol. This only happens on Windows, same command runs fine on Linux.

Expected Behavior

The package version is published to the repository.

Current Behavior

code-artifact-publish.log

Reproduction Steps

This is the command I ran:
aws codeartifact publish-package-version --domain tools --repository tools --format generic --namespace test --package test --package-version 1.0 --asset-content C:\Users\sorin\Downloads\script\test.zip --asset-name test.zip --asset-sha256 391CF8941D007CF776D43AC281D4150828C559B7CCAE5B0F2997927C55BC3A52 --debug

Possible Solution

No response

Additional Information/Context

aws version: aws-cli/2.15.10 Python/3.11.6 Windows/10 exe/AMD64 prompt/off

CLI version used

aws-cli/2.15.10 Python/3.11.6 Windows/10 exe/AMD64 prompt/off

Environment details (OS name and version, etc.)

Windows 11 Pro

[cloudshiftchris]

Experiencing the same error on MacOS, when uploading a large (937mb) generic package; there are no network proxies or other intermediaries.

[jrakers]

adding the --no-verify-ssl tag results in the same issue on macos sonoma 14.4:

$ aws codeartifact publish-package-version --domain redacted --repository redacted --format generic --package redacted --package-version 1.0.0-SNAPSHOT --asset-content redacted.zip --asset-name redacted.zip --asset-sha256 $ASSET_SHA256 --no-verify-ssl
urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'codeartifact.us-west-2.amazonaws.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'codeartifact.us-west-2.amazonaws.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'codeartifact.us-west-2.amazonaws.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings

SSL validation failed for https://codeartifact.us-west-2.amazonaws.com/v1/package/version/publish?domain=redacted&repository=redacted&format=generic&package=redacted&version=1.0.0-SNAPSHOT&asset=redacted.zip EOF occurred in violation of protocol (_ssl.c:2427)

$ aws --version
aws-cli/2.15.31 Python/3.11.8 Darwin/23.4.0 exe/x86_64 prompt/off

[cloudshiftchris]

I have a case open with AWS on this - they've been digging into it for a few weeks, have been able to reproduce (it isn't just CLI - equivalent SDK calls in various language fail in similar ways).
Only workaround they've provided (awkward) is to use a curl command such as

curl --aws-sigv4 "aws:amz:${AWS_REGION}:codeartifact" --user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" "https://codeartifact.${aws_region}.amazonaws.com/v1/package/version/publish?asset={your-asset}&domain={your-domain}&format=generic&namespace={your-namespace}&package={your-packagename}&repository={your-repositoryname}&version=1.0.2" -H "x-amz-security-token: $AWS_SESSION_TOKEN" -H "x-amz-content-sha256: $ASSET_SHA256" -X POST -T large_file -v

[tim-finnigan]

Hi all - checking in, thanks for your patience here. If this is failing across SDKs then this would likely need to be escalated to the CodeArtifact team as a service API issue, as they own the underlying PublishPackageVersion API.

Does anyone have updates here as far as what they've tried and observed? The internal ticket I found referencing this issue was closed, and the person working on it noted that they couldn't reproduce the issue on version 2.13.5.

Here is the CLI troubleshooting guide on SSL validation errors: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed. They are often caused by issues with a proxy or certificate. But maybe there is something specific to this CodeArtifact API with payloads over a certain size.

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.