General Category => Questions => Topic started by: smittym on February 03, 2008, 03:48:32 PM

Title: SSL - No Love
Post by: smittym on February 03, 2008, 03:48:32 PM
I am having problems getting s3sync to work with SSL.  It works fine without SSL.  When I use SSL, I get the following error:

user@server:/opt/s3sync$ ruby s3sync.rb --ssl -v -n -d /home/user/localuploadfolder/ mybucket:remotefolder
s3Prefix remotefolder
localPrefix /home/user/localuploadfolder/
localTreeRecurse /home/user/localuploadfolder
Test /home/user/localuploadfolder/TEST~
Test /home/user/localuploadfolder/TEST
local item /home/user/localuploadfolder/TEST
local node object init. Name:TEST Path:/home/user/localuploadfolder/TEST Size:21 Tag:2d282102fa671256327d4767ec23bc6b
s3TreeRecurse mybucket remotefolder
Creating new connection
/usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify failed (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
        from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
        from /usr/lib/ruby/1.8/net/http.rb:548:in `start'
        from ./S3_s3sync_mod.rb:55:in `make_http'
        from ./s3try.rb:62:in `S3tryConnect'
        from ./s3try.rb:69:in `S3try'
        from s3sync.rb:284:in `s3TreeRecurse'
        from s3sync.rb:345:in `main'
        from ./thread_generator.rb:79:in `call'
        from ./thread_generator.rb:79:in `initialize'
        from ./thread_generator.rb:76:in `new'
        from ./thread_generator.rb:76:in `initialize'
        from s3sync.rb:266:in `new'
        from s3sync.rb:266:in `main'
        from s3sync.rb:724

I took out specific identifying info.  Here is packet in the tcpdump where the problem occurs.  I can email the text file if you need to see the entire output of tcpdump.

9   0.153231   TLSv1   Alert (Level: Fatal, Description: Unknown CA)

I have tried my AWS X509 certificate, the README certificate, the certificates from here:  http://mirbsd.mirsolutions.de/cvs.cgi/src/etc/ssl.certs.shar and other certificates installed on my machine.  All produce the same result.  I have set the environment variable to the appropriate directory (which in my case is /opt/s3sync/certs) as well as tried pointing to a specific certificate.  I set the variable in s3sconfig.yml as well as trying it through a shell script (export SSL_CERT_DIR=/opt/s3sync/certs and export SSL_CERT_FILE=/opt/s3sync/certs/ . . .).

I have Ruby 1.8.6 installed and have the libopenssl-ruby1.8 libraries installed.  I am running Ubuntu 7.10 Gutsy Gibbon x64.

Please help.  I really want to use s3sync and have spent many hours trying to figure this out on my own (well and with help from Google), but to no avail.  I have searched these forums, the Ubuntu forums and various SSL forums, but have not found an answer (or at least one that I can understand).

Thank you in advance for any help you may be able to provide.

Title: Re: SSL - No Love
Post by: ferrix on February 04, 2008, 09:53:22 PM
There is not really anything in your question I can use to diagnose what is going on.  Could be anything.   Path problem? File format problem? Permission to file?

Title: Re: SSL - No Love
Post by: smittym on February 05, 2008, 07:24:58 PM
I don't think its a file permission problem because I tried running it as root and had the same error.  Is there anything else I can tell about my setup that would give clues?