c++ - Unable to connect to Cloudfront from MacOSX client -
my multi-platform client, written in c++
, built on curl
, should download file cloudfront. on windows, download works fine libcurl 7.40.0
, openssl 1.0.2c
. on macosx:
- the file served via "direct" amazon aws link correctly downloaded;
- the file served via cloudfront link cannot downloaded: curl error after call set
curle_ssl_connect_error
, , debug informations show protocol breaks during ssl handshake.
the file correctly downloaded via curl
command macosx bash (version 7.54.0).
i linking against curl
version installed on imac (version 7.54.0
security layer provided zlib
version 1.2.8
). version supports ssl , tlsv1.2
(as can seen when performing aws download).
i @ wit's end: tlsv1.2
supported , should enabled during communication cloudfront. there else forgot?
thank in advance help. mwe , responses both servers follow.
minimum working example (urls faked):
#include "curl/curl.h" #define urldownload "https://x.cloudfront.net/file.file?expires=123&signature=456&key-pair-id=789" #define awsurldownload "https://x.amazonaws.net/file.file?expires=123&signature=456&key-pair-id=789" int main(int argc, const char * argv[]) { curl_global_init(curl_global_all); curl* curl = curl_easy_init(); curl_easy_setopt(curl, curlopt_followlocation, 1); curl_easy_setopt(curl, curlopt_ssl_verifypeer, false); curl_easy_setopt(curl, curlopt_ssl_verifyhost, false); curl_easy_setopt(curl, curlopt_nosignal, 1); curl_easy_setopt(curl, curlopt_tcp_keepalive, true); curl_easy_setopt(curl, curlopt_tcp_keepidle, 30); curl_easy_setopt(curl, curlopt_tcp_keepintvl, 5); curl_easy_setopt(curl, curlopt_verbose, 1); curl_easy_setopt(curl, curlopt_range, "0-"); curl_easy_setopt(curl, curlopt_sslversion, curl_sslversion_tlsv1_2); curl_easy_setopt(curl, curlopt_tcp_keepintvl, 2); // urldownload call fails. awsurldownload call successful. curl_easy_setopt(curl, curlopt_url, urldownload); curlcode error = curl_easy_perform(curl); curl_easy_reset(curl); return 0; }
the debug informations when downloading aws:
* trying ip... * tcp_nodelay set * connected x.amazonaws.com (ip) port 443 (#0) * tls 1.2 connection using tls_ecdhe_rsa_with_aes_128_gcm_sha256 * server certificate: *.x.amazonaws.com * server certificate: digicert baltimore ca-2 g2 * server certificate: baltimore cybertrust root > /file?x-amz-expires=431861&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=aq/20170814/aws4_request&x-amz-date=20170814t090903z&x-amz-signedheaders=host&x-amz-signature=0eb http/1.1 host: x.amazonaws.com range: bytes=0-100 accept: */* < http/1.1 206 partial content < x-amz-id-2: q/0/xjrh4tnkcju= < x-amz-request-id: 92cea7a5e6ab < date: mon, 14 aug 2017 14:32:46 gmt < last-modified: tue, 16 may 2017 22:15:57 gmt < etag: "9d57e32d88c89a-55" < x-amz-meta-cb-modifiedtime: tue, 16 may 2017 22:13:27 gmt < accept-ranges: bytes < content-range: bytes 0-100/566567658 < content-type: application/octet-stream < content-length: 101 < server: amazons3 < \246ՙ\30\363\360т.c\375\205\211\327\327\343\204\320\224\3404\327dͩ\3362\\306\354%%\214}"\3171\216\362}la\245u\304}\260\223\205\332\335 ]\314\330\300 * curl_http_done: called premature == 0 * connection #0 host x.amazonaws.com left intact
the debug informations when downloading cloudfront:
* trying ip... * tcp_nodelay set * connected x.cloudfront.net (ip) port 443 (#0) * ssl peer handshake failed, server requires client certificate connect * curl_http_done: called premature == 1 * closing connection 0
the 2 calls made exact same linked library
Comments
Post a Comment