Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RequestPerform] hangs with successful response on docker/alpine #1518

Open
aamorozov opened this issue Jan 14, 2021 · 2 comments
Open

[RequestPerform] hangs with successful response on docker/alpine #1518

aamorozov opened this issue Jan 14, 2021 · 2 comments

Comments

@aamorozov
Copy link

aamorozov commented Jan 14, 2021
edited

Additional Information

The issue occurs with my setup on multiple versions of s3fs.

I tried using the password file option instead with the following command:

    s3fs -f -o curldbg -o nonempty -o allow_other -o dbglevel="dbg" -o passwd_file=${HOME}/.passwd-s3fs -o url="https://s3.us-east-1.amazonaws.com" -o endpoint="us-east-1" bucket-name ./mount-path

,but the credentials generated from converting with assume-role-with-web-identity did not seem to work with s3fs with the following error:

[CRT] s3fs_logger.cpp:LowSetLogLevel(201): change debug level from [CRT] to [DBG]
[INF]     s3fs.cpp:set_mountpoint_attribute(3988): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
[INF] s3fs_util.cpp:compare_sysname(358): system name is Linux
[WAN] curl.cpp:InitMimeType(406): Could not find mime.types files, you have to create file(/etc/mime.types) or specify mime option for existing mime.types file.
[WAN] s3fs.cpp:main(4882): Missing MIME types prevents setting Content-Type on uploaded objects.
[INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission.
[INF] s3fs.cpp:s3fs_init(3300): init v1.88(commit:a656321) with OpenSSL
[INF] s3fs.cpp:s3fs_check_service(3416): check services.
[INF]       curl.cpp:CheckBucket(3318): check a bucket.
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 31
[INF]       curl_util.cpp:prepare_url(250): URL is https://s3.us-east-1.amazonaws.com/hidden/
[INF]       curl_util.cpp:prepare_url(283): URL changed is https://hidden.s3.us-east-1.amazonaws.com/
[DBG] curl.cpp:RequestPerform(2234): connecting to URL https://hidden.s3.us-east-1.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2598): computing signature [GET] [/] [] []
[INF]       curl_util.cpp:url_to_host(327): url is https://s3.us-east-1.amazonaws.com
[CURL DBG] *   Trying 52.217.16.224:443...
[CURL DBG] * Connected to hidden.s3.us-east-1.amazonaws.com (52.217.16.224) port 443 (#0)
[CURL DBG] * successfully set certificate verify locations:
[CURL DBG] *   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
[CURL DBG] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[CURL DBG] * TLSv1.3 (IN), TLS handshake, Server hello (2):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Certificate (11):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server finished (14):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
[CURL DBG] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Finished (20):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Finished (20):
[CURL DBG] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
[CURL DBG] * Server certificate:
[CURL DBG] *  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=s3.amazonaws.com
[CURL DBG] *  start date: Aug  4 00:00:00 2020 GMT
[CURL DBG] *  expire date: Aug  9 12:00:00 2021 GMT
[CURL DBG] *  subjectAltName: host "hidden.s3.us-east-1.amazonaws.com" matched cert's "*.s3.us-east-1.amazonaws.com"
[CURL DBG] *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
[CURL DBG] *  SSL certificate verify ok.
[CURL DBG] > GET / HTTP/1.1
[CURL DBG] > Host: hidden.s3.us-east-1.amazonaws.com
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=hidden/20210114/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=hidden
[CURL DBG] > x-amz-content-sha256: hidden
[CURL DBG] > x-amz-date: 20210114T213952Z
[CURL DBG] >
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 403 Forbidden
[CURL DBG] < x-amz-bucket-region: us-east-1
[CURL DBG] < x-amz-request-id: hidden
[CURL DBG] < x-amz-id-2: hidden
[CURL DBG] < Content-Type: application/xml
[CURL DBG] < Transfer-Encoding: chunked
[CURL DBG] < Date: Thu, 14 Jan 2021 21:39:51 GMT
[CURL DBG] < Server: AmazonS3
[CURL DBG] <
[CURL DBG] * Connection #0 to host hidden.us-east-1.amazonaws.com left intact
[ERR] curl.cpp:RequestPerform(2287): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>hidden</AWSAccessKeyId><RequestId>hidden</RequestId><HostId>hidden=</HostId></Error>
[ERR] curl.cpp:CheckBucket(3344): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>hidden</AWSAccessKeyId><RequestId>hidden</RequestId><HostId>hidden</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3471): Failed to connect by sigv4, so retry to connect by signature version 2.
[DBG] curl_handlerpool.cpp:ReturnHandler(103): Return handler to pool
[INF] curl_handlerpool.cpp:ReturnHandler(110): Pool full: destroy the oldest handler
[INF]       curl.cpp:CheckBucket(3318): check a bucket.
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 30
[INF]       curl_util.cpp:prepare_url(250): URL is https://s3.us-east-1.amazonaws.com/hidden/
[INF]       curl_util.cpp:prepare_url(283): URL changed is https://hidden.s3.us-east-1.amazonaws.com/
[DBG] curl.cpp:RequestPerform(2234): connecting to URL https://hidden.s3.us-east-1.amazonaws.com/
[CURL DBG] * Found bundle for host hidden.s3.us-east-1.amazonaws.com: 0x55c7a8646100 [serially]
[CURL DBG] * Can not multiplex, even if we wanted to!
[CURL DBG] * Re-using existing connection! (#0) with host hidden.s3.us-east-1.amazonaws.com
[CURL DBG] * Connected to hidden.s3.us-east-1.amazonaws.com (52.217.16.224) port 443 (#0)
[CURL DBG] > GET / HTTP/1.1
[CURL DBG] > Host: hidden.s3.us-east-1.amazonaws.com
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > Authorization: AWS hidden
[CURL DBG] > Date: Thu, 14 Jan 2021 21:39:52 GMT
[CURL DBG] >
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 403 Forbidden
[CURL DBG] < x-amz-bucket-region: us-east-1
[CURL DBG] < x-amz-request-id: hidden
[CURL DBG] < x-amz-id-2: hidden
[CURL DBG] < Content-Type: application/xml
[CURL DBG] < Transfer-Encoding: chunked
[CURL DBG] < Date: Thu, 14 Jan 2021 21:39:51 GMT
[CURL DBG] < Server: AmazonS3
[CURL DBG] <
[CURL DBG] * Connection #0 to host hidden.s3.us-east-1.amazonaws.com left intact
[ERR] curl.cpp:RequestPerform(2287): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>hidden</AWSAccessKeyId><RequestId>hidden</RequestId><HostId>hidden</HostId></Error>
[ERR] curl.cpp:CheckBucket(3344): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>hidden</AWSAccessKeyId><RequestId>hidden</RequestId><HostId>hidden</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3486): invalid credentials(host=https://s3.us-east-1.amazonaws.com) - result of checking service.
[DBG] curl_handlerpool.cpp:ReturnHandler(103): Return handler to pool
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3290): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3358): destroy

I then switched to using the iam_role option, and it does seem to work but hangs midway and the entrypoint script never finishes executing.

Version of s3fs being used (s3fs --version)

Tested with 1.88, 1.87 and 1.86.

Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse)

2.9.9-r1

GNU/Linux Distribution, if applicable (cat /etc/os-release)

Docker image: node:14.14.0-alpine3.12

Packages installed to support s3fs in alpine

ARG S3FS_VERSION=v1.88
RUN apk --update --no-cache add fuse alpine-sdk automake autoconf libxml2-dev fuse-dev curl-dev git bash jq \   
    && git clone https://github.com/s3fs-fuse/s3fs-fuse.git \
    && cd s3fs-fuse \    
    && git checkout master \
    && ./autogen.sh \
    && ./configure --prefix=/usr \
    && make \
    && make install \
    && make clean \
    && rm -rf /var/cache/apk/* \
    && apk del git automake autoconf

s3fs command line used, if applicable

s3fs -f -o curldbg -o nonempty -o allow_other -o dbglevel="dbg" -o iam_role -o url="https://s3.us-east-1.amazonaws.com" -o endpoint="us-east-1" bucket-name ./mount-path

s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)

if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages

[CRT] s3fs_logger.cpp:LowSetLogLevel(201): change debug level from [CRT] to [DBG]
[INF]     s3fs.cpp:set_mountpoint_attribute(3988): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
[INF] s3fs_util.cpp:compare_sysname(358): system name is Linux
[WAN] curl.cpp:InitMimeType(406): Could not find mime.types files, you have to create file(/etc/mime.types) or specify mime option for existing mime.types file.
[WAN] s3fs.cpp:main(4882): Missing MIME types prevents setting Content-Type on uploaded objects.
[INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission.
[INF] s3fs.cpp:s3fs_init(3300): init v1.88(commit:a656321) with OpenSSL
[INF]       curl.cpp:LoadIAMRoleFromMetaData(2839): Get IAM Role name
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 31
[DBG] curl.cpp:RequestPerform(2234): connecting to URL http://169.254.169.254/latest/meta-data/iam/security-credentials/
[CURL DBG] *   Trying 169.254.169.254:80...
[CURL DBG] * Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
[CURL DBG] > GET /latest/meta-data/iam/security-credentials/ HTTP/1.1
[CURL DBG] > Host: 169.254.169.254
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] >
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 200 OK
[CURL DBG] < Content-Type: text/plain
[CURL DBG] < Accept-Ranges: none
[CURL DBG] < Last-Modified: Thu, 14 Jan 2021 21:27:13 GMT
[CURL DBG] < Content-Length: 22
[CURL DBG] < Date: Thu, 14 Jan 2021 21:29:01 GMT
[CURL DBG] < Server: EC2ws
[CURL DBG] < Connection: close
[CURL DBG] <
[CURL DBG] * Closing connection 0
[INF]       curl.cpp:RequestPerform(2267): HTTP response code 200
[INF]       curl.cpp:SetIAMRoleFromMetaData(1753): IAM role name response = "hidden"
[INF] s3fs.cpp:s3fs_init(3317): loaded IAM role name = hidden
[DBG] curl_handlerpool.cpp:ReturnHandler(103): Return handler to pool
[INF] curl_handlerpool.cpp:ReturnHandler(110): Pool full: destroy the oldest handler
[INF] s3fs.cpp:s3fs_check_service(3416): check services.
[INF] curl.cpp:CheckIAMCredentialUpdate(1721): IAM Access Token refreshing...
[INF]       curl.cpp:GetIAMCredentials(2742): [IAM role=hidden]
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 30
[DBG] curl.cpp:RequestPerform(2234): connecting to URL http://169.254.169.254/latest/api/token
[CURL DBG] * Hostname 169.254.169.254 was found in DNS cache
[CURL DBG] *   Trying 169.254.169.254:80...
[CURL DBG] * Connected to 169.254.169.254 (169.254.169.254) port 80 (#1)
[CURL DBG] > PUT /latest/api/token HTTP/1.1
[CURL DBG] > Host: 169.254.169.254
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > Transfer-Encoding: chunked
[CURL DBG] > X-aws-ec2-metadata-token-ttl-seconds: 21600
[CURL DBG] > Expect: 100-continue
[CURL DBG] >
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 100 Continue
[CURL DBG] * Signaling end of chunked upload via terminating chunk.
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 200 OK
[CURL DBG] < X-Aws-Ec2-Metadata-Token-Ttl-Seconds: 21600
[CURL DBG] < Content-Length: 56
[CURL DBG] < Date: Thu, 14 Jan 2021 21:29:01 GMT
[CURL DBG] < Server: EC2ws
[CURL DBG] < Connection: close
[CURL DBG] < Content-Type: text/plain
[CURL DBG] <
[CURL DBG] * Closing connection 1
[INF]       curl.cpp:RequestPerform(2267): HTTP response code 200
[INF]       curl.cpp:SetIAMv2APIToken(1678): Setting AWS IMDSv2 API token to hidden
[DBG] curl.cpp:RequestPerform(2234): connecting to URL http://169.254.169.254/latest/meta-data/iam/security-credentials/hidden
[CURL DBG] * Hostname 169.254.169.254 was found in DNS cache
[CURL DBG] *   Trying 169.254.169.254:80...
[CURL DBG] * Connected to 169.254.169.254 (169.254.169.254) port 80 (#2)
[CURL DBG] > GET /latest/meta-data/iam/security-credentials/hidden HTTP/1.1
[CURL DBG] > Host: 169.254.169.254
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > X-aws-ec2-metadata-token: AQAEAPOSVbmdlDafuV4DEQqPJ9kFE_O_bcjdLOFEUNvrO0FkFmy0tA==
[CURL DBG] >
[CURL DBG] * Mark bundle as not supporting multiuse
[CURL DBG] < HTTP/1.1 200 OK
[CURL DBG] < X-Aws-Ec2-Metadata-Token-Ttl-Seconds: 21600
[CURL DBG] < Content-Type: text/plain
[CURL DBG] < Accept-Ranges: none
[CURL DBG] < Last-Modified: Thu, 14 Jan 2021 21:27:13 GMT
[CURL DBG] < Content-Length: 1310
[CURL DBG] < Date: Thu, 14 Jan 2021 21:29:01 GMT
[CURL DBG] < Server: EC2ws
[CURL DBG] < Connection: close
[CURL DBG] <
[CURL DBG] * Closing connection 2
[INF]       curl.cpp:RequestPerform(2267): HTTP response code 200
[INF]       curl.cpp:SetIAMCredentials(1685): IAM credential response = "{
  "Code" : "Success",
  "LastUpdated" : "2021-01-14T21:27:37Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "hidden",
  "SecretAccessKey" : "hidden",
  "Token" : "hidden",
  "Expiration" : "2021-01-15T03:29:44Z"
}"
[INF] curl.cpp:CheckIAMCredentialUpdate(1728): IAM Access Token refreshed
[DBG] curl_handlerpool.cpp:ReturnHandler(103): Return handler to pool
[INF]       curl.cpp:CheckBucket(3318): check a bucket.
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 30
[INF]       curl_util.cpp:prepare_url(250): URL is https://s3.us-east-1.amazonaws.com/hidden/
[INF]       curl_util.cpp:prepare_url(283): URL changed is https://hidden.s3.us-east-1.amazonaws.com/
[DBG] curl.cpp:RequestPerform(2234): connecting to URL https://hidden.s3.us-east-1.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2598): computing signature [GET] [/] [] []
[INF]       curl_util.cpp:url_to_host(327): url is https://s3.us-east-1.amazonaws.com
[CURL DBG] *   Trying 52.217.89.56:443...
[CURL DBG] * Connected to hidden.s3.us-east-1.amazonaws.com (52.217.89.56) port 443 (#3)
[CURL DBG] * successfully set certificate verify locations:
[CURL DBG] *   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
[CURL DBG] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[CURL DBG] * TLSv1.3 (IN), TLS handshake, Server hello (2):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Certificate (11):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server finished (14):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
[CURL DBG] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Finished (20):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Finished (20):
[CURL DBG] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
[CURL DBG] * Server certificate:
[CURL DBG] *  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=s3.amazonaws.com
[CURL DBG] *  start date: Aug  4 00:00:00 2020 GMT
[CURL DBG] *  expire date: Aug  9 12:00:00 2021 GMT
[CURL DBG] *  subjectAltName: host "hidden.s3.us-east-1.amazonaws.com" matched cert's "*.s3.us-east-1.amazonaws.com"
[CURL DBG] *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
[CURL DBG] *  SSL certificate verify ok.
[CURL DBG] > GET / HTTP/1.1
[CURL DBG] > Host: hidden.s3.us-east-1.amazonaws.com
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=hidden/20210114/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=hidden
[CURL DBG] > x-amz-content-sha256: hidden
[CURL DBG] > x-amz-date: 20210114T212901Z```
@aamorozov aamorozov mentioned this issue Jan 14, 2021
Closed
@aamorozov aamorozov changed the title [SetIAMCredentials] hangs with successful response on docker/alpine [RequestPerform] hangs with successful response on docker/alpine Jan 14, 2021
@aamorozov
Copy link
Author

aamorozov commented Jan 15, 2021
edited

For context, this runs in a docker container within k8s.
The service has a service role with permissions to access that bucket assigned to it.
I'm converting the AWS_ROLE_ARN to regular credentials, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and writing them to .passwd-s3fs, which I use as an option arg to s3fs script.
It gives me a 403 error if used with the passwd_file option, and hangs if I use it with the role

@aamorozov
Copy link
Author

aamorozov commented Jan 15, 2021
edited

Update:
I've tried with the approach described here #1008 (comment) using s3fs friendly aws credentials, but it still hangs midway. The credentials are valid and do work with aws s3 cli's commands.

[CRT] s3fs_logger.cpp:LowSetLogLevel(201): change debug level from [CRT] to [DBG]
[INF]     s3fs.cpp:set_mountpoint_attribute(3988): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
[INF] s3fs_util.cpp:compare_sysname(358): system name is Linux
[WAN] curl.cpp:InitMimeType(406): Could not find mime.types files, you have to create file(/etc/mime.types) or specify mime option for existing mime.types file.
[WAN] s3fs.cpp:main(4882): Missing MIME types prevents setting Content-Type on uploaded objects.
[INF]     s3fs.cpp:get_access_keys(3899): access key from env variables
[INF]     s3fs.cpp:get_access_keys(3901): session token is available
[INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission.
[INF] s3fs.cpp:s3fs_init(3300): init v1.88(commit:a656321) with OpenSSL
[INF] s3fs.cpp:s3fs_check_service(3416): check services.
[INF]       curl.cpp:CheckBucket(3318): check a bucket.
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 31
[INF]       curl_util.cpp:prepare_url(250): URL is https://s3.us-east-1.amazonaws.com/hidden
[INF]       curl_util.cpp:prepare_url(283): URL changed is https://s3.us-east-1.amazonaws.com/hidden
[DBG] curl.cpp:RequestPerform(2234): connecting to URL https://s3.us-east-1.amazonaws.com/hidden
[INF]       curl.cpp:insertV4Headers(2598): computing signature [GET] [/] [] []
[INF]       curl_util.cpp:url_to_host(327): url is https://s3.us-east-1.amazonaws.com
[CURL DBG] *   Trying 52.216.88.61:443...
[CURL DBG] * Connected to s3.us-east-1.amazonaws.com (52.216.88.61) port 443 (#0)
[CURL DBG] * successfully set certificate verify locations:
[CURL DBG] *   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
[CURL DBG] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[CURL DBG] * TLSv1.3 (IN), TLS handshake, Server hello (2):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Certificate (11):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server finished (14):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
[CURL DBG] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Finished (20):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Finished (20):
[CURL DBG] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
[CURL DBG] * Server certificate:
[CURL DBG] *  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=s3.amazonaws.com
[CURL DBG] *  start date: Aug  4 00:00:00 2020 GMT
[CURL DBG] *  expire date: Aug  9 12:00:00 2021 GMT
[CURL DBG] *  subjectAltName: host "s3.us-east-1.amazonaws.com" matched cert's "s3.us-east-1.amazonaws.com"
[CURL DBG] *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
[CURL DBG] *  SSL certificate verify ok.
[CURL DBG] > GET /hidden/ HTTP/1.1
[CURL DBG] > Host: s3.us-east-1.amazonaws.com
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash a656321; OpenSSL)
[CURL DBG] > Accept: */*
[CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=hidden/20210115/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=hidden
[CURL DBG] > x-amz-content-sha256: hidden
[CURL DBG] > x-amz-date: hidden

@askol-lurie askol-lurie mentioned this issue Feb 16, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aamorozov