Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bucket name is being set twice in the endpoint URL #4570

Closed
3 tasks done
eamon0989 opened this issue Mar 23, 2023 · 4 comments
Closed
3 tasks done

Bucket name is being set twice in the endpoint URL #4570

eamon0989 opened this issue Mar 23, 2023 · 4 comments
Assignees
@RanVaknin
Labels
bug This issue is a bug. response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days.

Comments

@eamon0989
Copy link

eamon0989 commented Mar 23, 2023
edited
Loading

Checkboxes for prior research

Describe the bug

When calling await new Upload({ client: s3, params: { Bucket: 'schema-service-test-local', Key: 'test', Body: "" } }).done();, I get the following error:

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: schema-service-test-local.schema-service-test-local.s3.eu-central-1.amazonaws.com. is not in the cert's altnames: DNS:*.s3.eu-central-1.amazonaws.com, DNS:*.s3-eu-central-1.amazonaws.com, DNS:s3-eu-central-1.amazonaws.com, DNS:s3.eu-central-1.amazonaws.com, DNS:s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.amazonaws.com, DNS:*.s3-control.eu-central-1.amazonaws.com, DNS:s3-control.eu-central-1.amazonaws.com, DNS:*.s3-control.dualstack.eu-central-1.amazonaws.com, DNS:s3-control.dualstack.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.dualstack.eu-central-1.amazonaws.com

It appears the host is being set twice:
host: 'schema-service-test-local.schema-service-test-local.s3.eu-central-1.amazonaws.com',

Note: I have changed the bucket name in the example.

SDK version number

@aws-sdk/[email protected], @aws-sdk/[email protected],

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v16.14.0

Reproduction Steps

import { S3 } from "@aws-sdk/client-s3";
import { Upload } from "@aws-sdk/lib-storage";

(async () => {
	const s3 = new S3({
		endpoint: 'https://schema-service-test-local.s3.eu-central-1.amazonaws.com/',
		credentials: { accessKeyId: '<accessKeyId>', secretAccessKey: '<secretAccessKey>' },
	});
	await new Upload({ client: s3, params: { Bucket: 'schema-service-test-local', Key: 'test', Body: "" } }).done();
})();

Observed Behavior

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: schema-service-test-local.schema-service-test-local.s3.eu-central-1.amazonaws.com. is not in the cert's altnames: DNS:*.s3.eu-central-1.amazonaws.com, DNS:*.s3-eu-central-1.amazonaws.com, DNS:s3-eu-central-1.amazonaws.com, DNS:s3.eu-central-1.amazonaws.com, DNS:s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.amazonaws.com, DNS:*.s3-control.eu-central-1.amazonaws.com, DNS:s3-control.eu-central-1.amazonaws.com, DNS:*.s3-control.dualstack.eu-central-1.amazonaws.com, DNS:s3-control.dualstack.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.dualstack.eu-central-1.amazonaws.com
    at new NodeError (node:internal/errors:371:5)
    at Object.checkServerIdentity (node:tls:346:12)
    at TLSSocket.onConnectSecure (node:_tls_wrap:1540:27)
    at TLSSocket.emit (node:events:520:28)
    at TLSSocket.emit (node:domain:475:12)
    at TLSSocket._finishInit (node:_tls_wrap:944:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
  reason: "Host: schema-service-test-local.schema-service-test-local.s3.eu-central-1.amazonaws.com. is not in the cert's altnames: DNS:*.s3.eu-central-1.amazonaws.com, DNS:*.s3-eu-central-1.amazonaws.com, DNS:s3-eu-central-1.amazonaws.com, DNS:s3.eu-central-1.amazonaws.com, DNS:s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.amazonaws.com, DNS:*.s3-control.eu-central-1.amazonaws.com, DNS:s3-control.eu-central-1.amazonaws.com, DNS:*.s3-control.dualstack.eu-central-1.amazonaws.com, DNS:s3-control.dualstack.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.dualstack.eu-central-1.amazonaws.com",
  host: 'schema-service-test-local.schema-service-test-local.s3.eu-central-1.amazonaws.com',
  cert: {
    subject: [Object: null prototype] { CN: '*.s3.eu-central-1.amazonaws.com' },
    issuer: [Object: null prototype] {
      C: 'US',
      O: 'Amazon',
      OU: 'Server CA 1B',
      CN: 'Amazon'
    },
    subjectaltname: 'DNS:*.s3.eu-central-1.amazonaws.com, DNS:*.s3-eu-central-1.amazonaws.com, DNS:s3-eu-central-1.amazonaws.com, DNS:s3.eu-central-1.amazonaws.com, DNS:s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.dualstack.eu-central-1.amazonaws.com, DNS:*.s3.amazonaws.com, DNS:*.s3-control.eu-central-1.amazonaws.com, DNS:s3-control.eu-central-1.amazonaws.com, DNS:*.s3-control.dualstack.eu-central-1.amazonaws.com, DNS:s3-control.dualstack.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.eu-central-1.amazonaws.com, DNS:*.s3-accesspoint.dualstack.eu-central-1.amazonaws.com',
    infoAccess: [Object: null prototype] {
      'OCSP - URI': [Array],
      'CA Issuers - URI': [Array]
    },
    modulus: 'CE8AB306FC12721D6D2D9A30B4D71DC3B07FEFFDD7DF08CE0B9CD968FAB9C038F294A024854789C8508D0B5CA7FE64D51BD8BE0F7C0AE2FDFBC2E9C1B9A3A74F775C4C810618E7473A26E3235AEC19386EEB98F25E82F7A7B7BF0AB494FF8B326B7F9B8CCB1F8B97B9143629D91270C273E678CA5C1F6EC297C280D16D654E1FD66591924C8A974AA02DC0D459B02E0DF118C3C3D747675CD1723F49B44305A568460831B1069E9B497EBEB1733F97E16DB3660AD8132A8863EB1325126412125B16C626B0C6474AF13E92CAE31E506827AFBAF847621E513F4CA496F7A76F844463BF7A276741E32920D78D2986C48C172AC8582043C0574B3C3A6B24208B99',
    bits: 2048,
    exponent: '0x10001',
    pubkey: Buffer(294) [Uint8Array] [
       48, 130,   1,  34,  48,  13,   6,   9,  42, 134,  72, 134,
      247,  13,   1,   1,   1,   5,   0,   3, 130,   1,  15,   0,
       48, 130,   1,  10,   2, 130,   1,   1,   0, 206, 138, 179,
        6, 252,  18, 114,  29, 109,  45, 154,  48, 180, 215,  29,
      195, 176, 127, 239, 253, 215, 223,   8, 206,  11, 156, 217,
      104, 250, 185, 192,  56, 242, 148, 160,  36, 133,  71, 137,
      200,  80, 141,  11,  92, 167, 254, 100, 213,  27, 216, 190,
       15, 124,  10, 226, 253, 251, 194, 233, 193, 185, 163, 167,
       79, 119,  92,  76,
      ... 194 more items
    ],
    valid_from: 'Sep 21 00:00:00 2022 GMT',
    valid_to: 'Sep  9 23:59:59 2023 GMT',
    fingerprint: 'BC:92:6B:62:48:5F:C5:08:60:03:A9:1E:BC:29:58:79:D7:4B:94:FB',
    fingerprint256: '09:BD:0B:14:CE:A6:2A:C4:5A:DA:89:87:92:69:0B:D3:EC:F0:5D:C8:4C:81:A9:13:B7:70:16:37:77:DD:4D:7D',
    fingerprint512: 'AB:B9:DC:6A:3F:FF:C3:D5:4D:BB:B0:6F:F5:E1:5F:A4:CA:E1:18:6E:22:61:DE:8A:1F:7F:DE:E7:8F:0B:92:44:55:BD:A7:E9:36:33:F3:CB:D8:2E:F8:6B:75:8E:AF:07:E0:52:8B:D0:E6:00:F1:81:29:06:52:39:CF:65:20:4C',
    ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
    serialNumber: '0BFA8BA1C13A1C046047B8D91859AE81',
    raw: Buffer(2015) [Uint8Array] [
       48, 130,   7, 219,  48, 130,   6, 195, 160,   3,   2,  1,
        2,   2,  16,  11, 250, 139, 161, 193,  58,  28,   4, 96,
       71, 184, 217,  24,  89, 174, 129,  48,  13,   6,   9, 42,
      134,  72, 134, 247,  13,   1,   1,  11,   5,   0,  48, 70,
       49,  11,  48,   9,   6,   3,  85,   4,   6,  19,   2, 85,
       83,  49,  15,  48,  13,   6,   3,  85,   4,  10,  19,  6,
       65, 109,  97, 122, 111, 110,  49,  21,  48,  19,   6,  3,
       85,   4,  11,  19,  12,  83, 101, 114, 118, 101, 114, 32,
       67,  65,  32,  49,
      ... 1915 more items
    ],
    issuerCertificate: {
      subject: [Object: null prototype],
      issuer: [Object: null prototype],
      infoAccess: [Object: null prototype],
      modulus: 'C24E1667DDCEBC6AC8375AEC3A30B01DE6D112E8122848CCE829C1B96E53D5A3EB03391ACC7787F601B9D970CCCF6B8DE3E3037186996DCBA6942A4E13D6A7BD04EC0A163C0AEB39B1C4B558A3B6C75625EC3E527AA8E3291607B96E50CFFB5F31F81DBA034A628903AE3E47F20F2791E3142085F8FAE98A35F55F9E994DE76B37EFA4503E44ECFA5A8566079C7E176A55F3178A351EEEE9ACC3754E58557D536B0A6B9B1442D7E5AC0189B3EAA3FECFC02B0C84C2D85315CB67F0D088CA3AD11773F55F9AD4C5721E7E01F19830632AAAF27A2DC5E2021A86E5323E0EBD11B4CF3C93EF1750109E43C2062AE00D68BED3888B4A658C4AD4C32E4C9B55F486E5',
      bits: 2048,
      exponent: '0x10001',
      pubkey: [Buffer [Uint8Array]],
      valid_from: 'Oct 22 00:00:00 2015 GMT',
      valid_to: 'Oct 19 00:00:00 2025 GMT',
      fingerprint: '91:7E:73:2D:33:0F:9A:12:40:4F:73:D8:BE:A3:69:48:B9:29:DF:FC',
      fingerprint256: 'F5:5F:9F:FC:B8:3C:73:45:32:61:60:1C:7E:04:4D:B1:5A:0F:03:4B:93:C0:58:30:F2:86:35:EF:88:9C:F6:70',
      fingerprint512: 'E0:14:A5:F5:F3:75:FC:E4:9E:F2:34:C4:55:86:32:CE:8B:22:EE:3F:C6:EB:D3:FF:53:20:5A:45:6D:A0:AA:93:3F:50:AB:A0:79:5A:66:2F:2A:0C:8F:ED:83:6D:AD:81:83:AB:7E:EA:28:63:80:2F:45:CC:AE:F8:53:A9:35:0A',
      serialNumber: '067F94578587E8AC77DEB253325BBC998B560D',
      raw: [Buffer [Uint8Array]],
      issuerCertificate: [Object]
    }
  },
  code: 'ERR_TLS_CERT_ALTNAME_INVALID',
  '$metadata': { attempts: 1, totalRetryDelay: 0 }
}

Expected Behavior

I expected the host to be schema-service-test-local.s3.eu-central-1.amazonaws.com and for the request to succeed.

Possible Solution

No response

Additional Information/Context

A possibly related issue was posted here (not by me): https://stackoverflow.com/questions/74545781/bucket-name-duplicated-in-aws-s3-file-location
And here: anacronw/multer-s3#192
@eamon0989 eamon0989 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 23, 2023
@RanVaknin RanVaknin self-assigned this Mar 23, 2023
@RanVaknin
Copy link
Contributor

Hi @eamon0989 ,

Can you tell me what you are trying to do while supplying the endpoint field?
Unless you are trying to route to a specific service endpoint, or run your own custom endpoint with something like LocalStack, you don't need to supply that field.
The SDK client will use the service name and region provided in the config to route to the appropriate AWS partition and resolve the endpoint appropriately.

Thanks,
Ran~

@RanVaknin RanVaknin added response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Mar 23, 2023
@eamon0989
Copy link
Author

Hi @RanVaknin,

Thanks for your reply.
I was refactoring some old code that used v2 of the aws-sdk to interact with an S3 bucket (not local), and for some reason I thought that I had to pass the whole URL as the endpoint. I tried your suggestion and just passed the region instead, and it worked as expected.

Thanks very much for your help,
Eamon

@RanVaknin
Copy link
Contributor

Hi Eamon,

Glad to hear it worked.

All the best,
Ran~

@github-actions
Copy link

github-actions bot commented Apr 8, 2023

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@RanVaknin RanVaknin

Labels
bug This issue is a bug. response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eamon0989 @RanVaknin