s3motion icon indicating copy to clipboard operation
s3motion copied to clipboard
verified publisher icon kacole2

No option to ignore self-signed certs

Open lwade opened this issue 10 years ago • 5 comments

Hi, I'm using this against s3compatible storage (Eucalyptus) and have a cloud configured with SSL for the endpoints but I'm using a self-signed cert. I get this error:

# s3motion -b --client emeacloud Could not retrieve buckets. Error: NetworkingError: DEPTH_ZERO_SELF_SIGNED_CERT

Looking at the options list it seems there is no way to tell the tool to ignore a self-signed cert (or accept it regardless).

lwade avatar Mar 04 '15 13:03 lwade

I never tested this with a self-signed cert. Let me dig around and see what I can come up with

kacole2 avatar Mar 04 '15 13:03 kacole2

Thanks @kacole2. I'm not much of a node.js person but it doesn't look too promising: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#constructor-property

Which would suggest for testing purposes either (a) use a valid signed cert or (b) have a mechanism which allows for the option of SSL or not ala:

sslEnabled: awsClientArgs.ssl

lwade avatar Mar 04 '15 14:03 lwade

p.s. I'm in favour of adding (b) :D

lwade avatar Mar 04 '15 14:03 lwade

i'll have to get access to a self-signed cert environment to test it out and see if i can pipe in the sslEnabled ⇒ Boolean (readwrite) variable.

In the mean time, does Eucalyptus have a non-SSL endpoint? you can try using http://my-eucalyptus.endpoint:80 and that will make the transfers go through an unsecured transfer

kacole2 avatar Mar 04 '15 14:03 kacole2

Yup, that works just fine, thanks for the pointer there.

Ref self-signed: aws.NodeHttpClient.sslAgent.options.rejectUnauthorized = false

lwade avatar Mar 04 '15 14:03 lwade