New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S3 putObject fails on Elastic Beanstalk with SSL/cURL error #1110

Closed
cpinto opened this Issue Oct 21, 2016 · 5 comments

Comments

Projects
None yet
4 participants
@cpinto
Copy link

cpinto commented Oct 21, 2016

Hi,

My app is deployed on Elastic Beanstalk v2.1.7. When it tries to upload an object into S3, I'm seeing this error:

>>> $result = $s3->putObject(['Bucket' => 'my.bucket.com','Key'    => 'public/test.txt','Body'   => 'this is the body!','ContentType' => 'text/plain','ACL' => 'public-read']);

Aws\S3\Exception\S3Exception with message 'Error executing "PutObject" on "https://s3-eu-west-1.amazonaws.com/my.bucket.com/public/test.txt"; AWS HTTP error: cURL error 35: A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)'

It'd appear that updating a system package through yum would fix this, however I'm not very comfortable with this as the changes would be lost whenever a new EC2 instance goes up.

Is there a workaround?

@cpinto cpinto changed the title S3 putObject fails on Elastic Beanstalk S3 putObject fails on Elastic Beanstalk with SSL/cURL error Oct 21, 2016

@cjyclaire

This comment has been minimized.

Copy link
Member

cjyclaire commented Oct 21, 2016

@cpinto It appears related to SSL or cURL issue that needs to be fixed from OS side instead of SDK side, so for workaround, here is verify option that you could change in client configuration.

If this still happens in regardless of upgrade solution etc, it would be helpful if you could provide a wire log information with debug option.

@cpinto

This comment has been minimized.

Copy link

cpinto commented Oct 25, 2016

Thanks for sharing the debug option @cjyclaire. As I turned it on, it revealed a trace of the HTTP connection.

Searching for one of the errors yielded some guidance on disabling a fork verification for NSS, as per https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables.

The relevant command is: export NSS_STRICT_NOFORK=DISABLED which can be set up as an environment variable for EB easily.

Once this is done, no more errors occur. That said, Mozilla clearly states it's an error to do this but I couldn't find an explanation as to why, which makes me a bit uneasy. However, given that this is the best way forward (I couldn't find an updated libcurl that works with Amazon Linux AMI and compiling the source code to build a custom package feels as it could break at any time) I'll be using it.

Thanks again for sharing the instructions to turn on the HTTP debug.

@cjyclaire

This comment has been minimized.

Copy link
Member

cjyclaire commented Oct 25, 2016

@cpinto Glad to know that you figured this out, and thank you for sharing this with others. Closing the issue right now, feel free to reopen with further comments or questions :)

@cjyclaire cjyclaire closed this Oct 25, 2016

@SamuelNorbury

This comment has been minimized.

Copy link

SamuelNorbury commented Apr 10, 2017

@cpinto I recently had a similar problem, specifically querying an S3 bucket twice in succession from a Laravel application, and your fix seems to work, though I'm not feeling overly confident about it.

@cwhittl

This comment has been minimized.

Copy link

cwhittl commented May 4, 2017

I just used to, scary fix but it works... Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment