Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ca_bundle ignored for some profiles #36

Closed
bondsb opened this issue Oct 15, 2020 · 4 comments
Closed

ca_bundle ignored for some profiles #36

bondsb opened this issue Oct 15, 2020 · 4 comments
Assignees
@victorskl
Labels
feature New feature
Milestone
0.6.0

Comments

@bondsb
Copy link
Contributor

bondsb commented Oct 15, 2020
edited
Loading

At work we have TLS inspection, and I set ca_bundle in the ~/.aws/config file to an appropriate certificate.

Running yawsso only picks up the certificate for my default profile. For other profiles, ca_bundle seems to be ignored. I receive an error:

Error executing command: 'aws sts get-caller-identity'. Exception: SSL validation failed for https://portal.sso.us-east-1.amazonaws.com/federation/credentials?role_name=redacted&account_id=redacted [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)

A workaround is to set the environment variable AWS_CA_BUNDLE. This is picked up each time.
@bondsb
Copy link
Contributor Author

bondsb commented Oct 15, 2020
edited
Loading

I edited the post. Turns out the behavior is the same in Windows and macOS. I didn't realize I had set AWS_CA_BUNDLE as a permanent environment variable in Windows.

@victorskl victorskl added the feature New feature label Oct 18, 2020
@victorskl victorskl added this to the 0.6.0 milestone Oct 18, 2020
victorskl added a commit that referenced this issue Oct 18, 2020
@victorskl
Release 0.6.0rc3
a959e46 
* Added support for stale role #28
* Added support for ca_bundle #36
* Removed sts get caller identity check
* Warn and continue instead of halt
* Improved log message
* Added smoke test
@victorskl victorskl mentioned this issue Oct 18, 2020
Merged
@victorskl victorskl self-assigned this Oct 18, 2020
@victorskl
Copy link
Owner

Fixed since pip install -U yawsso==0.6.0rc3

@bondsb
Copy link
Contributor Author

bondsb commented Oct 19, 2020

Thanks for the very quick fix!

I sent a minor PR (#38) that quotes the option to allow for whitespace.

@bondsb bondsb closed this as completed Oct 19, 2020
@victorskl
Copy link
Owner

@bondsb Thanks. It will come with 0.6.0 scheduled release this Friday if all good. Cheers!

victorskl added a commit that referenced this issue Jun 26, 2022
@victorskl
Release 0.6.0rc3
e3b33e9 
* Added support for stale role #28
* Added support for ca_bundle #36
* Removed sts get caller identity check
* Warn and continue instead of halt
* Improved log message
* Added smoke test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@victorskl victorskl

Labels
feature New feature
Projects
None yet
Milestone
0.6.0
Development

No branches or pull requests
2 participants
@victorskl @bondsb