Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No failure message in case of a bad certificate #304

Open
pommi opened this issue Sep 25, 2020 · 0 comments
Open

No failure message in case of a bad certificate #304

pommi opened this issue Sep 25, 2020 · 0 comments

Comments

@pommi
Copy link

pommi commented Sep 25, 2020

Issue type

  • Bug report

I've wasted a lot of time debugging this issue, because there was no clear error. I put the cli53 binary in my git repository and try to run it from a GitLab pipeline in a Debian 10 docker container. When no TLS root certificates are present on the system (package ca-certificates), it seems like cli53 just hangs when running a command. But under the hood it's hitting a "TLS bad certificate" error all the time.

cli53 version (cli53 --version)

cli53 version 0.8.17

OS / Platform

Debian 10

Steps to reproduce

docker run -it debian:buster /bin/bash
apt-get update -qq && apt-get install -yqq wget  # which will install package ca-certificates as well
wget https://github.com/barnybug/cli53/releases/download/0.8.17/cli53-linux-amd64
chmod +x cli53-linux-amd64
apt-get purge -y ca-certificates
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
./cli53-linux-amd64 list -d

Expected behaviour

List the hosted zones

Actual behaviour

cli53 keeps retrying with no response:

DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------

Have you checked if the documentation has the information you require?

yes

Could you contribute a fix or help testing with this issue?

It would be nice if this was just mentioned in README.md as dependency.

apt-get install ca-certificates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pommi