Cyberduck Mountain Duck CLI

#5239 closed defect (fixed)

Proxy connection failure

Reported by: https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u Owned by: dkocher
Priority: normal Milestone: 3.7
Component: s3 Version: 3.6.1
Severity: major Keywords: s3 connection error I/O request
Cc: Architecture: Intel
Platform: Mac OS X 10.6

Description (last modified by dkocher)

I have been using 3.5.1 with no issues to connect to S3. When I upgraded to 3.6.1, none of my S3 bookmarks would work, nor could I manually connect. When I try to connect, all attempts fail with an error message that reads: "I/O Error: Connection failed - Request Error." The log window shows many GET requests, but all to: "URL http://s3.amazonaws.com/ HTTP/1.1", not to the full URL of my account.

All connections were made as type 'Amazon S3', using Access Key ID for username and Secret Access Key for password. The path attempted doesn't seem to make a difference ('/' or sub paths).

Downgrading to CyberDuck 3.5.1 fixed the problem with no change to any pref files or bookmarks - all connections open and behave normally.

Transcript of log drawer from a single 3.6.1 connection attempt (auth info redacted, naturally):

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
Date: Tue, 28 Sep 2010 17:23:58 GMT
Authorization: AWS <REDACTED>
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Host: s3.amazonaws.com
Proxy-Connection: Keep-Alive

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Proxy-Connection: Keep-Alive
Date: Tue, 28 Sep 2010 17:23:58 GMT
Authorization: AWS <REDACTED>
Host: s3.amazonaws.com

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Proxy-Connection: Keep-Alive
Date: Tue, 28 Sep 2010 17:23:58 GMT
Authorization: AWS <REDACTED>
Host: s3.amazonaws.com

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Proxy-Connection: Keep-Alive
Date: Tue, 28 Sep 2010 17:23:58 GMT
Authorization: AWS <REDACTED>
Host: s3.amazonaws.com

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Proxy-Connection: Keep-Alive
Date: Tue, 28 Sep 2010 17:23:59 GMT
Authorization: AWS <REDACTED>
Host: s3.amazonaws.com

GET https://s3.amazonaws.com/ HTTP/1.1
Content-Type: 
User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386)
Proxy-Connection: Keep-Alive
Date: Tue, 28 Sep 2010 17:23:59 GMT
Authorization: AWS <REDACTED>
Host: s3.amazonaws.com

Change History (15)

comment:1 Changed on Sep 29, 2010 at 7:38:28 AM by dkocher

  • Component changed from core to s3
  • Description modified (diff)

comment:2 Changed on Sep 30, 2010 at 8:22:19 PM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed

It looks like you have set https://s3.amazonaws.com/ in the Path setting of the bookmark. Better leave that blank or change it to a existing bucket and/or directory.

comment:3 Changed on Sep 30, 2010 at 9:56:10 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u

I haven't set that in the Path setting of the bookmark. It's in the 'Web URL' setting, but I can't change it, I presume it's been placed there by the fact of selecting S3 as the connection type. I've included a screenshot which shows the bookmark edit window open to the bookmark which is failing to load. I've redacted the bits of the image that contained AWS user data, hence the cutout bars.

http://sharp-tools.net/images/cyberduckshot.png

The bookmark visible "Development-S3-OSX" has a path of "/medidata-osx". That doesn't work either, and fails in the same manner with the same attempted connections and errors. It looks like it's ignoring the path, or something like that. I'll try to get a screenshot of that:

http://sharp-tools.net/images/cyberduckshot2.png

comment:4 Changed on Sep 30, 2010 at 9:57:34 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u

  • Resolution worksforme deleted
  • Status changed from closed to reopened

comment:5 Changed on Oct 1, 2010 at 7:00:10 AM by dkocher

  • Milestone set to 3.6.2

comment:6 Changed on Oct 1, 2010 at 11:41:28 AM by dkocher

  • Summary changed from Cannot connect to Amazon S3 (I/O Request: Connection Failed - Request Error) to Invalid GET request

comment:7 Changed on Oct 1, 2010 at 12:00:42 PM by dkocher

This is strange and I can't reproduce. Can you try if you still have the issue when using the latest snapshot build from http://update.cyberduck.ch/nightly/.

comment:8 Changed on Oct 1, 2010 at 7:57:38 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u

Downloaded build 7154 and tried. Exact same behavior. None of the requests in the transcript have anything other than the base path in them:

GET https://s3.amazonaws.com/ HTTP/1.1

...no matter what path the bookmark (or manual connection window) has. The 'URL' field in the connection window reports:

https://<AWS Key ID>@s3.amazonaws.com:443/ (or whatever path I have in the 'path' field)

...but that doesn't seem to be what's being requested.

One add'l point - I am behind a Bluecoat proxy (although I think they've configured it to allow direct access to S3). I'm not sure that's relevant, since as I said it seems to work fine with 3.5.1.

Hm, I realized I should probably include a transcript of a successful 3.5.1 connection. Here it is:

---cut---

CONNECT s3.amazonaws.com:443 HTTP/1.1
User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n]
Host: s3.amazonaws.com[\r][\n]
Proxy-Connection: Keep-Alive[\r][\n]
[\r][\n]
HTTP/1.1 200 Connection established[\r][\n]
HTTP/1.1 200 Connection established[\r][\n]
[\r][\n]
GET / HTTP/1.1[\r][\n]
Content-Type: [\r][\n]
Date: Fri, 01 Oct 2010 19:52:49 GMT[\r][\n]
Authorization: AWS <REDACTED>[\r][\n]
User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n]
Host: s3.amazonaws.com[\r][\n]
[\r][\n]
HTTP/1.1 200 OK[\r][\n]
HTTP/1.1 200 OK[\r][\n]
x-amz-id-2: tG5+CvdUnkrjv2xK+QnFXtyKV+2gYo4ivtJdGeFD77550uo+fgGwThjWp7ASqsnq[\r][\n]
x-amz-request-id: 0EC1E33B1E7334E8[\r][\n]
Date: Fri, 01 Oct 2010 19:52:50 GMT[\r][\n]
Content-Type: application/xml[\r][\n]
Transfer-Encoding: chunked[\r][\n]
Server: AmazonS3[\r][\n]
[\r][\n]
[\r][\n]
GET / HTTP/1.1[\r][\n]
Content-Type: [\r][\n]
Date: Fri, 01 Oct 2010 19:52:49 GMT[\r][\n]
Authorization: AWS <REDACTED>[\r][\n]
User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n]
Host: s3.amazonaws.com[\r][\n]
[\r][\n]
HTTP/1.1 200 OK[\r][\n]
HTTP/1.1 200 OK[\r][\n]
x-amz-id-2: 6oqPIh7BKAfimjyCVigGBOMUigupW+cEphpYgPiqn3eoqbhsbGwYreHM3ikaYSQv[\r][\n]
x-amz-request-id: 3501AEA7462646B3[\r][\n]
Date: Fri, 01 Oct 2010 19:52:50 GMT[\r][\n]
Content-Type: application/xml[\r][\n]
Transfer-Encoding: chunked[\r][\n]
Server: AmazonS3[\r][\n]
[\r][\n]
[\r][\n]

---cut---

comment:9 Changed on Oct 2, 2010 at 7:57:11 AM by dkocher

  • Summary changed from Invalid GET request to Proxy connection failure with Invalid GET request

comment:10 Changed on Oct 2, 2010 at 8:31:33 AM by dkocher

Replying to https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u:

One add'l point - I am behind a Bluecoat proxy (although I think they've configured it to allow direct access to S3). I'm not sure that's relevant, since as I said it seems to work fine with 3.5.1.

Thanks for the additional information. I can replicate the issue now with a proxy setup.

comment:11 Changed on Oct 2, 2010 at 9:23:12 AM by dkocher

As a workaround you can use a HTTP connection without SSL until this issue is resolved.

comment:12 Changed on Oct 2, 2010 at 9:35:38 AM by dkocher

Bug was introduced in r6818 because the secure socket factory no more implements org.apache.commons.httpclient.protocol.org.apache.commons.httpclient.protocol. Then the socket is assumed not secure and no CONNECT for a secure tunnel is sent to the proxy.

comment:13 Changed on Oct 2, 2010 at 9:36:14 AM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r7166.

comment:14 Changed on Oct 2, 2010 at 9:36:29 AM by dkocher

  • Summary changed from Proxy connection failure with Invalid GET request to Proxy connection failure

comment:15 Changed on Oct 4, 2010 at 4:46:16 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u

Just to confirm: works for me now in build 7192. Many thanks.

Note: See TracTickets for help on using tickets.
swiss made software