Opened on Sep 28, 2010 at 6:08:06 PM
Closed on Oct 2, 2010 at 9:36:14 AM
Last modified on Oct 4, 2010 at 4:46:16 PM
#5239 closed defect (fixed)
Proxy connection failure
Reported by: | https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 3.7 |
Component: | s3 | Version: | 3.6.1 |
Severity: | major | Keywords: | s3 connection error I/O request |
Cc: | Architecture: | Intel | |
Platform: | Mac OS X 10.6 |
Description (last modified by dkocher)
I have been using 3.5.1 with no issues to connect to S3. When I upgraded to 3.6.1, none of my S3 bookmarks would work, nor could I manually connect. When I try to connect, all attempts fail with an error message that reads: "I/O Error: Connection failed - Request Error." The log window shows many GET requests, but all to: "URL http://s3.amazonaws.com/ HTTP/1.1", not to the full URL of my account.
All connections were made as type 'Amazon S3', using Access Key ID for username and Secret Access Key for password. The path attempted doesn't seem to make a difference ('/' or sub paths).
Downgrading to CyberDuck 3.5.1 fixed the problem with no change to any pref files or bookmarks - all connections open and behave normally.
Transcript of log drawer from a single 3.6.1 connection attempt (auth info redacted, naturally):
GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: Date: Tue, 28 Sep 2010 17:23:58 GMT Authorization: AWS <REDACTED> User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Host: s3.amazonaws.com Proxy-Connection: Keep-Alive GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Proxy-Connection: Keep-Alive Date: Tue, 28 Sep 2010 17:23:58 GMT Authorization: AWS <REDACTED> Host: s3.amazonaws.com GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Proxy-Connection: Keep-Alive Date: Tue, 28 Sep 2010 17:23:58 GMT Authorization: AWS <REDACTED> Host: s3.amazonaws.com GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Proxy-Connection: Keep-Alive Date: Tue, 28 Sep 2010 17:23:58 GMT Authorization: AWS <REDACTED> Host: s3.amazonaws.com GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Proxy-Connection: Keep-Alive Date: Tue, 28 Sep 2010 17:23:59 GMT Authorization: AWS <REDACTED> Host: s3.amazonaws.com GET https://s3.amazonaws.com/ HTTP/1.1 Content-Type: User-Agent: Cyberduck/3.6.1 (6900) (Mac OS X/10.6.4) (i386) Proxy-Connection: Keep-Alive Date: Tue, 28 Sep 2010 17:23:59 GMT Authorization: AWS <REDACTED> Host: s3.amazonaws.com
Change History (15)
comment:1 Changed on Sep 29, 2010 at 7:38:28 AM by dkocher
- Component changed from core to s3
- Description modified (diff)
comment:2 Changed on Sep 30, 2010 at 8:22:19 PM by dkocher
- Resolution set to worksforme
- Status changed from new to closed
comment:3 Changed on Sep 30, 2010 at 9:56:10 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u
I haven't set that in the Path setting of the bookmark. It's in the 'Web URL' setting, but I can't change it, I presume it's been placed there by the fact of selecting S3 as the connection type. I've included a screenshot which shows the bookmark edit window open to the bookmark which is failing to load. I've redacted the bits of the image that contained AWS user data, hence the cutout bars.
The bookmark visible "Development-S3-OSX" has a path of "/medidata-osx". That doesn't work either, and fails in the same manner with the same attempted connections and errors. It looks like it's ignoring the path, or something like that. I'll try to get a screenshot of that:
comment:4 Changed on Sep 30, 2010 at 9:57:34 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u
- Resolution worksforme deleted
- Status changed from closed to reopened
comment:5 Changed on Oct 1, 2010 at 7:00:10 AM by dkocher
- Milestone set to 3.6.2
comment:6 Changed on Oct 1, 2010 at 11:41:28 AM by dkocher
- Summary changed from Cannot connect to Amazon S3 (I/O Request: Connection Failed - Request Error) to Invalid GET request
comment:7 Changed on Oct 1, 2010 at 12:00:42 PM by dkocher
This is strange and I can't reproduce. Can you try if you still have the issue when using the latest snapshot build from http://update.cyberduck.ch/nightly/.
comment:8 Changed on Oct 1, 2010 at 7:57:38 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u
Downloaded build 7154 and tried. Exact same behavior. None of the requests in the transcript have anything other than the base path in them:
GET https://s3.amazonaws.com/ HTTP/1.1
...no matter what path the bookmark (or manual connection window) has. The 'URL' field in the connection window reports:
https://<AWS Key ID>@s3.amazonaws.com:443/ (or whatever path I have in the 'path' field)
...but that doesn't seem to be what's being requested.
One add'l point - I am behind a Bluecoat proxy (although I think they've configured it to allow direct access to S3). I'm not sure that's relevant, since as I said it seems to work fine with 3.5.1.
Hm, I realized I should probably include a transcript of a successful 3.5.1 connection. Here it is:
---cut---
CONNECT s3.amazonaws.com:443 HTTP/1.1 User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n] Host: s3.amazonaws.com[\r][\n] Proxy-Connection: Keep-Alive[\r][\n] [\r][\n] HTTP/1.1 200 Connection established[\r][\n] HTTP/1.1 200 Connection established[\r][\n] [\r][\n] GET / HTTP/1.1[\r][\n] Content-Type: [\r][\n] Date: Fri, 01 Oct 2010 19:52:49 GMT[\r][\n] Authorization: AWS <REDACTED>[\r][\n] User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n] Host: s3.amazonaws.com[\r][\n] [\r][\n] HTTP/1.1 200 OK[\r][\n] HTTP/1.1 200 OK[\r][\n] x-amz-id-2: tG5+CvdUnkrjv2xK+QnFXtyKV+2gYo4ivtJdGeFD77550uo+fgGwThjWp7ASqsnq[\r][\n] x-amz-request-id: 0EC1E33B1E7334E8[\r][\n] Date: Fri, 01 Oct 2010 19:52:50 GMT[\r][\n] Content-Type: application/xml[\r][\n] Transfer-Encoding: chunked[\r][\n] Server: AmazonS3[\r][\n] [\r][\n] [\r][\n] GET / HTTP/1.1[\r][\n] Content-Type: [\r][\n] Date: Fri, 01 Oct 2010 19:52:49 GMT[\r][\n] Authorization: AWS <REDACTED>[\r][\n] User-Agent: Cyberduck/3.5.1 (6117) (Mac OS X/10.6.4) (i386)[\r][\n] Host: s3.amazonaws.com[\r][\n] [\r][\n] HTTP/1.1 200 OK[\r][\n] HTTP/1.1 200 OK[\r][\n] x-amz-id-2: 6oqPIh7BKAfimjyCVigGBOMUigupW+cEphpYgPiqn3eoqbhsbGwYreHM3ikaYSQv[\r][\n] x-amz-request-id: 3501AEA7462646B3[\r][\n] Date: Fri, 01 Oct 2010 19:52:50 GMT[\r][\n] Content-Type: application/xml[\r][\n] Transfer-Encoding: chunked[\r][\n] Server: AmazonS3[\r][\n] [\r][\n] [\r][\n]
---cut---
comment:9 Changed on Oct 2, 2010 at 7:57:11 AM by dkocher
- Summary changed from Invalid GET request to Proxy connection failure with Invalid GET request
comment:10 Changed on Oct 2, 2010 at 8:31:33 AM by dkocher
Replying to https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u:
One add'l point - I am behind a Bluecoat proxy (although I think they've configured it to allow direct access to S3). I'm not sure that's relevant, since as I said it seems to work fine with 3.5.1.
Thanks for the additional information. I can replicate the issue now with a proxy setup.
comment:11 Changed on Oct 2, 2010 at 9:23:12 AM by dkocher
As a workaround you can use a HTTP connection without SSL until this issue is resolved.
comment:12 Changed on Oct 2, 2010 at 9:35:38 AM by dkocher
Bug was introduced in r6818 because the secure socket factory no more implements org.apache.commons.httpclient.protocol.org.apache.commons.httpclient.protocol. Then the socket is assumed not secure and no CONNECT for a secure tunnel is sent to the proxy.
comment:13 Changed on Oct 2, 2010 at 9:36:14 AM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
In r7166.
comment:14 Changed on Oct 2, 2010 at 9:36:29 AM by dkocher
- Summary changed from Proxy connection failure with Invalid GET request to Proxy connection failure
comment:15 Changed on Oct 4, 2010 at 4:46:16 PM by https://www.google.com/accounts/o8/id?id=aitoawnuslsj0omptnilptbjmoouhffiiyi1z-u
Just to confirm: works for me now in build 7192. Many thanks.
It looks like you have set https://s3.amazonaws.com/ in the Path setting of the bookmark. Better leave that blank or change it to a existing bucket and/or directory.