c++ - Unable to connect to Cloudfront from MacOSX client -


my multi-platform client, written in c++ , built on curl, should download file cloudfront. on windows, download works fine libcurl 7.40.0 , openssl 1.0.2c. on macosx:

  • the file served via "direct" amazon aws link correctly downloaded;
  • the file served via cloudfront link cannot downloaded: curl error after call set curle_ssl_connect_error, , debug informations show protocol breaks during ssl handshake.

the file correctly downloaded via curl command macosx bash (version 7.54.0).

i linking against curl version installed on imac (version 7.54.0 security layer provided zlib version 1.2.8). version supports ssl , tlsv1.2 (as can seen when performing aws download).

i @ wit's end: tlsv1.2 supported , should enabled during communication cloudfront. there else forgot?

thank in advance help. mwe , responses both servers follow.


minimum working example (urls faked):

#include "curl/curl.h"  #define urldownload "https://x.cloudfront.net/file.file?expires=123&signature=456&key-pair-id=789" #define awsurldownload "https://x.amazonaws.net/file.file?expires=123&signature=456&key-pair-id=789"  int main(int argc, const char * argv[]) {      curl_global_init(curl_global_all);      curl* curl = curl_easy_init();      curl_easy_setopt(curl, curlopt_followlocation, 1);     curl_easy_setopt(curl, curlopt_ssl_verifypeer, false);     curl_easy_setopt(curl, curlopt_ssl_verifyhost, false);     curl_easy_setopt(curl, curlopt_nosignal, 1);      curl_easy_setopt(curl, curlopt_tcp_keepalive, true);     curl_easy_setopt(curl, curlopt_tcp_keepidle, 30);     curl_easy_setopt(curl, curlopt_tcp_keepintvl, 5);      curl_easy_setopt(curl, curlopt_verbose, 1);     curl_easy_setopt(curl, curlopt_range, "0-");     curl_easy_setopt(curl, curlopt_sslversion, curl_sslversion_tlsv1_2);      curl_easy_setopt(curl, curlopt_tcp_keepintvl, 2);      // urldownload call fails. awsurldownload call successful.     curl_easy_setopt(curl, curlopt_url, urldownload);      curlcode error = curl_easy_perform(curl);      curl_easy_reset(curl);      return 0; } 

the debug informations when downloading aws:

*   trying ip... * tcp_nodelay set * connected x.amazonaws.com (ip) port 443 (#0) * tls 1.2 connection using tls_ecdhe_rsa_with_aes_128_gcm_sha256 * server certificate: *.x.amazonaws.com * server certificate: digicert baltimore ca-2 g2 * server certificate: baltimore cybertrust root > /file?x-amz-expires=431861&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=aq/20170814/aws4_request&x-amz-date=20170814t090903z&x-amz-signedheaders=host&x-amz-signature=0eb http/1.1 host: x.amazonaws.com range: bytes=0-100 accept: */*  < http/1.1 206 partial content < x-amz-id-2: q/0/xjrh4tnkcju= < x-amz-request-id: 92cea7a5e6ab < date: mon, 14 aug 2017 14:32:46 gmt < last-modified: tue, 16 may 2017 22:15:57 gmt < etag: "9d57e32d88c89a-55" < x-amz-meta-cb-modifiedtime: tue, 16 may 2017 22:13:27 gmt < accept-ranges: bytes < content-range: bytes 0-100/566567658 < content-type: application/octet-stream < content-length: 101 < server: amazons3 < \246ՙ\30\363\360т.c\375\205\211\327\327\343\204\320\224\3404\327dͩ\3362\\306\354%%\214}"\3171\216\362}la\245u\304}\260\223\205\332\335 ]\314\330\300 * curl_http_done: called premature == 0 * connection #0 host x.amazonaws.com left intact 

the debug informations when downloading cloudfront:

*   trying ip... * tcp_nodelay set * connected x.cloudfront.net (ip) port 443 (#0) * ssl peer handshake failed, server requires client certificate connect * curl_http_done: called premature == 1 * closing connection 0 

the 2 calls made exact same linked library


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -