-
Notifications
You must be signed in to change notification settings - Fork 57
Cannot issue requests #93
Comments
I have another script taking a dependency on rc10, and that works. |
Prior to rc11, the SDK shipped with a SSL CA bundle. This was used when making HTTPS requests to verify the peer SSL certificates. The SDK now relies on the OpenSSL installation on the system to have the correct cert configured. My guess is your Windows Ruby installation does not have a cert available. There are two ways to resolve this issue:
Disabling the peer verification will work, but I strongly recommend against this for security reasons. The SDK feature for disabling this check is primarily for internal testing. # I strongly recommend never doing this
Aws.config[:ssl_verify_peer] = false The better solution requires correctly configuring a SSL CA bundle for your system. Most of the time, this happens when you install Ruby. I imagine the Ruby installer is possibly not doing this correctly, or at all. The default behavior for Net::HTTP is to not verify certificates. :( The following should work:
Aws.config[:ssl_ca_bundle] = '/path/to/ca-bundle.crt' I found instructions on StackOverflow for how to configure the path to a CA bundle via ENV on windows: http://stackoverflow.com/questions/5720484/how-to-solve-certificate-verify-failed-on-windows#answer-16134586 I'm guessing this would eliminate the need to configure the SDK, and should make it available to |
I should also add, that we stopped including a ca bundle for security reasons. Downstream consumers, like linux distro maintainers, that create packages from the SDK prefer for the system cert to be used. Hopefully environments without a default configured cert are un-common. If this is a common problem, we may need to revisit the ensure a good default experience. |
@trevorrowe thanks for the detailed response. I went with option 2 - download the bundle, stick it somewhere useful, define an environment variable, and configure the SDK to use the path stored in the env-var. |
It's only a 'non issue' once one finds this discussion and how to fix it. So maybe at least some kind of check that produced a more helpful error message would significantly improve the 'default experience' |
I'm using
Windows 8.1
,ruby 2.0.0-p451
x86
,rubygems 2.3.0
, andaws-sdk-core.rc14
(I think the last working version I've used was .rc8, but there are breaking changes between then and 14, so I haven't gone back and tried that to confirm).I have code like
My credentials are valid and allow me permission to list roles.
Instead, I get the stack trace (further below).
Googling turned up https://forums.aws.amazon.com/thread.jspa?threadID=85553 - is there a similar option I should be setting in v2? I have never needed to before (apparently an option was added in 1.3.3), and need a bit of help to get past this.
I also found this suggestion for a related monkey patch but haven't tried it.
The text was updated successfully, but these errors were encountered: