enforce only HTTPS for content delivery

[yegor256]

Let's enforce SSL connections only for content delivery

---

• 8-5eb4ae33/HttpFacadeTest.java:515-518: For some reason this test... #191
• 191-7e266bd1/HttpFacadeTest.java:523-526: The test fails to retrieve... #290 (by )

[davvd]

@carlosmiranda please pick this up, and keep in mind these instructions. Any technical questions - ask right here

[davvd]

@carlosmiranda 30 mins is the budget of the task. This is exactly how much will be paid when the problem is solved (no matter how much time you will actually spend). See this for more information

[carlosmiranda]

What mechanism can we use to store the SSL keys?

[yegor256]

aha, right, we can't "enforce" SSL for all domains, because some of them won't have SSL keys. So, let's add an option to upload an SSL key for any domain. We'll store them in Dynamo. Makes sense?

[jwal]

Option 1 (here): Users can upload their own SSL key for their domain
Option 2 (#181): Default subdomain {bucket}.buckets.s3auth.com with wildcard certificate

[yegor256]

Actually I like the second option... Let's try to implement it first and then will continue thinking about the first one :) @jwal thanks for contribution!

[jwal]

You are most welcome :)

[carlosmiranda]

@yegor256 I am having trouble with this ticket, especially with the creation of unit tests for SSL connections (always getting some SSL error or another). Could you give me some time? Also, do you have something like this implemented before in another project that I can take a look at?

[yegor256]

@davvd we need more time here

[yegor256]

@carlosmiranda look at this plugin I created some time ago: https://github.com/jcabi/jcabi-ssl-maven-plugin

[carlosmiranda]

Thanks! I incorporated that plugin and it's saving me a lot of headaches from managing the keystore, especially unit testing with Maven. Please see my pull request at #184.

[yegor256]

Yeah, good plugin. Maybe we should try to promote it a bit :)

[davvd]

@davvd we need more time here

@yegor256 yes, take your time, thanks for letting me know

[carlosmiranda]

@yegor256 , #184 has been merged, is all in order?

[yegor256]

yes, thanks!

[davvd]

@carlosmiranda Thanks so much! Your account was topped up for 30 mins (transaction ID is 41305115)

[tjperovich]

From the comments on this issue it looks complete, but I don't see any documentation for implementing https. I attempted to access my bucket via https and it did not work (ERR_CONNECTION_TIMED_OUT in chrome).

Also attempting to access https://s3auth.com fails. Am I missing something?

[davvd]

these puzzles are in progress: 8-5eb4ae33/#191 (once finished this ticket is done)

[davvd]

@yegor256 last puzzled solved 191-7e266bd1/#290