Posted by onedotover on June 11, 2009 at 7:50pm
Jump to:
| Project: | Media Mover |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
I was trying to install and get connected to AWS but am unable to connect via SSL. Correct me if I'm wrong but it shouldn't assume an SSL connection right? It should be an option? I've attached a patch that adds a "Use SSL" checkbox to the config page.
| Attachment | Size |
|---|---|
| mm_s3.patch | 2.38 KB |
Comments
#1
As far as I know, in order to upload you need to connect with ssl. Have you tried the upload test functions to check to see if your information is correct? Also, do you have curl compiled into your php?
(if I'm wrong, I'll happily accept your patch, i'm just not sure it is needed)
#2
When I try to submit without the patch, I get this error when I try to save my settings and cannot complete the test:
When I turn it off, I can save and can do the test. I was also able to upload a sample file using ffmpeg -> s3. I also saw this page on Amazon: http://aws-portal.amazon.com/gp/aws/developer/account/access-identifier-...
Yes, curl is enabled.
#3
Ok... I'm not sure why this is happening- I've never had an issue with it, however, it maybe that the default configuration for your curl is different? Just guessing here.
At any rate, I'll apply your patch, but what I'd like to do is setup a SSL check in the test function that will try with SSL first, and then fall back to non-ssl, change the settings, and alert the user.
#4
My curl and Amazon settings are both default. I haven't made any customizations. I think that's a better idea, though, with the SSL check. I'm not attached to the patch :) Just figured I'd attach it just in case it can help out.
#5
I just encountered this issue using MAMP 1.8.4 on Mac OS X "Snow Leopard" 10.6.3. It is a known issue with outdated CA cert bundles, and is detailed here: http://curl.haxx.se/docs/sslcerts.html
The problem with mm_s3 lies in the included s3.php library on line 1172:
<?phpif (S3::$useSSL) {
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
}
?>
The explicit enabling of CURLOPT_SSL_VERIFYPEER triggers the problem. The solution, in lieu of updating the CA bundles (generally not an option in environments like Mac OS X), is to set CURLOPT_SSL_VERIFYPEER to 0. The error goes away and everyone is happy.
#6
#7
@amorfati if we just don't set those options, does the issue go away?
#8
@arthurf At least on MAMP, you need to explicitly set CURLOPT_SSL_VERIFYPEER to 0; the default value is 1. CURLOPT_SSL_VERIFYHOST is fine; leaving it set to 1 does not affect the problem.
It's likely appropriate to explicitly set CURLOPT_SSL_VERIFYPEER anyway, as each environment's default cURL options could be different.
The doc I linked to recommends setting CURLOPT_SSL_VERIFYPEER to 0 (false) only if one experiences the problem. Short of adding a global option, something like a checkbox labeled "Verify Amazon S3 SSL certificate (recommended)", I'm not sure what the best solution is.
#9
so I think just adding a variable_get('mm_s3_curl_opts', FALSE); should do the trick, no?
#10
I'm not sure; is mm_s3_curl_opts defined somewhere? mm_s3_curl_opts seems to generic though; the problem is only with the value of SSL_VERIFYPEER.
Thinking about it some more, it's probably not a good idea to mess with s3.php, and the original poster's idea to add a checkbox for "Use SSL" is likely the best solution. Even though the problem is only with SSL_VERIFYPEER, I'd think it's insecure to just disable SSL_VERIFYPEER to avoid the error. If you don't have the up-to-date CA bundles, you probably shouldn't be using SSL at all.
#11
I guess I'd prefer to keep the options simple- disable ssl_verifypeer by default and let the advanced user change it in settings.php.... Media Mover configurations are pretty daunting as it is :)