-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-sigv4 generates extra X-Amz-Date header (possibly different) #11738
Comments
Is there a reason to support user supplied X-Amz-Date? /cc @outscale-mgo |
Reasons I can think of are
|
curl supports custom headers of any kind, outputting two like this is at least a bug. Not using the user provided date header seems like an oversight, as exactly like @apparentorder did, I would have expected curl to work with it. |
It's clearly a bug, I was pretty sure I was handling the case in the code, but I guess I didn't test this enough, sorry for the bug, I'll look at it asap. This is what AWS "standard" say about date:
and then:
|
fix curl#11738 When the user was providing the header X-XXX-Date, the header was re-added during signature computation, and we had it twice in the request. Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Thanks |
When the user was providing the header X-XXX-Date, the header was re-added during signature computation, and we had it twice in the request. Reported-by: apparentorder@users.noreply.github.com Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> Fixes: curl#11738 Closes: curl#11754
I did this
I expected the following
The provided
X-Amz-Date
is used for signature calculation and is emitted once.But actually it's emitted twice:
On some curl versions (tested: 7.81.0), the first
X-Amz-Date
is actually generated with a different date (the current date), and that current date is used for signature calculation instead of theX-Amz-Date
given on the command line.Other versions (tested: 8.1.2) emit the given
X-Amz-Date
twice as well, but both with the given value; in that case, the signature is calculated as expected.As this is a rare / weird use-case, maybe it should just be added to the list of known bugs (?)
curl/libcurl version
curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.14
curl 8.1.2 (x86_64-apple-darwin22.0) libcurl/8.1.2 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.51.0
operating system
curl 8.1.2 on macOS 13.5, or
Darwin xxx 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul 5 22:21:56 PDT 2023; root:xnu-8796.141.3~6/RELEASE_X86_64 x86_64
curl 7.81.0 on Ubuntu 22.04.2, or
Linux ip-10-0-0-148 5.19.0-1025-aws #26~22.04.1-Ubuntu SMP Mon Apr 24 01:58:15 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: