net-http icon indicating copy to clipboard operation
net-http copied to clipboard
verified publisher icon ruby

Net::OpenTimeout (Net::OpenTimeout) while accessing any https url from an EC2 instance.

Open sakula-target opened this issue 1 year ago • 0 comments

Environment:

sh-5.2$ ruby --version
ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux]
sh-5.2$ gem info net-http

*** LOCAL GEMS ***

net-http (0.3.2)
    Author: NARUSE, Yui
    Homepage: https://github.com/ruby/net-http
    Licenses: Ruby, BSD-2-Clause
    Installed at (default): /usr/share/ruby3.2-gems

    HTTP client api for Ruby.

I have this script that is running on an EC2 instance that tries to connect to EC2 endpoint.

require "net/https"
require "uri"

http = Net::HTTP.new("ec2.ap-southeast-2.amazonaws.com", 443)
http.use_ssl=true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.set_debug_output($stdout)
response = http.request(Net::HTTP::Get.new("/"))
puts response

Below is the error stacktrace that I get

/usr/share/ruby3.2/net/protocol.rb:43:in `ssl_socket_connect': Net::OpenTimeout (Net::OpenTimeout)
        from /usr/share/ruby3.2/net/http.rb:1342:in `connect'
        from /usr/share/ruby3.2/net/http.rb:1248:in `do_start'
        from /usr/share/ruby3.2/net/http.rb:1237:in `start'
        from /usr/share/ruby3.2/net/http.rb:1817:in `request'
        from http_call.rb:8:in `<main>'

However cURL does not have any issues in connecting to the same URL on the same EC2 instance

sh-5.2$ curl -v https://ec2.ap-southeast-2.amazonaws.com
*   Trying 99.83.82.21:443...
* Connected to ec2.ap-southeast-2.amazonaws.com (99.83.82.21) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=ec2.ap-southeast-2.amazonaws.com
*  start date: Nov 23 00:00:00 2023 GMT
*  expire date: Nov  5 23:59:59 2024 GMT
*  subjectAltName: host "ec2.ap-southeast-2.amazonaws.com" matched cert's "ec2.ap-southeast-2.amazonaws.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
*  SSL certificate verify ok.
* using HTTP/1.1
> GET / HTTP/1.1
> Host: ec2.ap-southeast-2.amazonaws.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://aws.amazon.com/ec2
< x-amzn-RequestId: d38f96b0-6ed6-4088-8605-cf228a09022e
< Cache-Control: no-cache, no-store
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Content-Type: text/xml;charset=UTF-8
< Content-Length: 0
< Date: Sun, 25 Feb 2024 22:23:16 GMT
< Server: AmazonEC2
<
* Connection #0 to host ec2.ap-southeast-2.amazonaws.com left intact

Would really appreciate any help in understanding this issue or debugging it further.

sakula-target avatar Feb 25 '24 02:02 sakula-target