http: improve AWS HTTP v4 Signature #6524
Conversation
- Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests.
lib/http_aws_sigv4.c
Outdated
| curl_msnprintf(date_str, sizeof(date_str), "X-%s-Date: %s", | ||
| mid_provider, date_iso); | ||
| data->set.headers = curl_slist_append(data->set.headers, date_str); | ||
| data->set.headers = curl_slist_append(data->set.headers, auth_header); |
There was a problem hiding this comment.
I realize you didn't actually add this, but the code must not assign data->set.headers. That's the set of custom headers passed to libcurl from the application and it should not be interfered with by internals. It will make repeated transfers and handle duplications misbehave.
There was a problem hiding this comment.
I'll try to fix it tomorrow.
There was a problem hiding this comment.
if(!curl_slist_append(data->set.headers, timestamp)) {
ret = CURLE_FAILED_INIT;
goto fail;
}
if(!curl_slist_append(data->set.headers, date_header)) {
ret = CURLE_FAILED_INIT;
goto fail;
}
would this work ?
Note: if I ask you to split your commit, it's partially because this would enable @bagder to merge bug fix rapidly (like this one) and give us more time to review other improvement .
Edit: dwagin fix seems to be the good thing to do, and work on my machine
There was a problem hiding this comment.
I realize you didn't actually add this, but the code must not assign
data->set.headers. That's the set of custom headers passed to libcurl from the application and it should not be interfered with by internals. It will make repeated transfers and handle duplications misbehave.
@bagder, see my fix
|
@outscale-mgo, you might want to give this a review/comment too |
added providing credentials via url
|
Overall I like the changes, thanks for improving this code :) |
|
@bagder, strndup() implementation turned out to be a big deal :). |
convert strndup() -> malloc() + memcpy()
You mean strndup?
I don't know what you want from me on this. Maybe you can survive with using |
Yes.
I did everything without strndup() |
There was a problem hiding this comment.
Once that fix, I don't think I will have any more comment.
But please note that having only one patch that contain all your change, make it really hard to read, as we have only one big diff, understand what change between to the old version and your version take extra effort.
Especially as you move some code (and it was the right move), but because of that the diff really don't understand what's going on and give you unrelated visual.
|
After this refactoring, this authentication method became fully usable. Thank you all for your help! Hello, world ) |
|
Thanks! |
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.