Cyberduck Mountain Duck CLI

#5821 closed enhancement (worksforme)

Add path-style S3 links

Reported by: Ippolito Mike Owned by: dkocher
Priority: high Milestone: 4.6
Component: s3 Version: 4.0
Severity: major Keywords:
Cc: Architecture:
Platform: Mac OS X 10.6

Description

When formatting url's for S3 buckets using

https://bucket name.s3.amazonaws.com/folder name/object name fails browser certificate check

but https://s3.amazonaws.com/bucket name/folder name/object name

passess - can you offer a preference to choose between them?

The advantage of the first style apart from it looking more personalised, is that Flash and Silverlight players can access files such as crossdomain.xml (and web robots can access robots.txt) in their expected locations, which is the top level of the hostname. I don't think this is the desired use of the url

The advantage to the 2nd is you can directly click on the URL, therefore is more applicable to sending links to others.

Change History (5)

comment:1 Changed on Mar 23, 2011 at 2:35:53 PM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed

The server certificate of s3.amazonaws.com is a wildcard certificate that should be valid for bucket names prepended. Also, browsers usually even accept the certificate for hostnames with multiple third levels such as my.domain.s3.amazonaws.com.

Documentation in SSL certificate trust verification.

comment:2 Changed on Sep 25, 2014 at 7:21:17 PM by hunter blanks

As noted in #3813's citation of RFC 2818, wildcard certificates only work for the top level of the wildcard. I.e. *.s3.amazonaws.com is valid for foo.s3.amazonaws.com, but not for *.foo.s3.amazonaws.com.

For this reason, the AWS web console generates URLs such as this one for a bucket in us-west-2:

https://s3-us-west-2.amazonaws.com/BUCKET_NAME/KEY_NAME.

I thus suggest that this issue be re-opened. Correcting the URL to what AWS provides in their own UI seems like the right thing to do. Thanks for all the hard work!

comment:3 Changed on Sep 29, 2014 at 1:01:29 PM by dkocher

  • Milestone set to 4.5.3
  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Summary changed from S3 links failed security certificate to Add path-style S3 links
  • Type changed from defect to enhancement

comment:4 Changed on Sep 29, 2014 at 2:10:56 PM by dkocher

We already provide HTTP and HTTPS links with both virtual host and path style variants.

comment:5 Changed on Sep 29, 2014 at 2:11:24 PM by dkocher

  • Resolution set to worksforme
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.
swiss made software