[GH-ISSUE #284] bucket with dot in name with HTTPS SSL #147

New issue

Closed

opened 2026-03-04 01:42:37 +03:00 by kerem · 3 comments

kerem commented

2026-03-04 01:42:37 +03:00

Owner

Originally created by @neilmillard on GitHub (Oct 22, 2015).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/284

SSL: certificate subject name '*.s3.amazonaws.com' does not match target hostname 'abc.example.com.s3.amazonaws.com'

Fails with curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK.

I suppose this is valid following the RFC for wildcard certificates.
Would this leave me with the PR #190 fix?

[root@vagrant-centos65 var]# s3fs abc.example.com:/dev/web1 /var/www -o url=https://s3.amazonaws.com -d -d -f -o f2 -o curldbg
set_moutpoint_attribute(3379): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
FUSE library version: 2.9.3
nullpath_ok: 0
nopath: 0
utime_omit_ok: 0
unique: 1, opcode: INIT (26), nodeid: 0, insize: 56, pid: 0
INIT: 7.13
flags=0x0000b07b
max_readahead=0x00020000
s3fs_init(2650): init
s3fs_check_service(2968): check services.
CheckBucket(2367): check a bucket.
prepare_url(174): URL is https://s3.amazonaws.com/abc.example.com/dev/web1/
prepare_url(204): URL changed is https://abc.example.com.s3.amazonaws.com/dev/web1/
RequestPerform(1572): connecting to URL https://abc.example.com.s3.amazonaws.com/dev/web1/

About to connect() to abc.example.com.s3.amazonaws.com port 443 (#0)
Trying 54.231.140.10... * connected
Connected to abc.example.com.s3.amazonaws.com (54.231.140.10) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL: certificate subject name '*.s3.amazonaws.com' does not match target hostname 'abc.example.com.s3.amazonaws.com'
NSS error -12276
Closing connection #0
SSL peer certificate or SSH remote key was not OK
RequestPerform(1723): ###curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK

Originally created by @neilmillard on GitHub (Oct 22, 2015). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/284 - SSL: certificate subject name '*.s3.amazonaws.com' does not match target hostname 'abc.example.com.s3.amazonaws.com' Fails with curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK. I suppose this is valid following the RFC for wildcard certificates. Would this leave me with the PR #190 fix? --- [root@vagrant-centos65 var]# s3fs abc.example.com:/dev/web1 /var/www -o url=https://s3.amazonaws.com -d -d -f -o f2 -o curldbg set_moutpoint_attribute(3379): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755) FUSE library version: 2.9.3 nullpath_ok: 0 nopath: 0 utime_omit_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56, pid: 0 INIT: 7.13 flags=0x0000b07b max_readahead=0x00020000 s3fs_init(2650): init s3fs_check_service(2968): check services. CheckBucket(2367): check a bucket. prepare_url(174): URL is https://s3.amazonaws.com/abc.example.com/dev/web1/ prepare_url(204): URL changed is https://abc.example.com.s3.amazonaws.com/dev/web1/ RequestPerform(1572): connecting to URL https://abc.example.com.s3.amazonaws.com/dev/web1/ - About to connect() to abc.example.com.s3.amazonaws.com port 443 (#0) - Trying 54.231.140.10... \* connected - Connected to abc.example.com.s3.amazonaws.com (54.231.140.10) port 443 (#0) - Initializing NSS with certpath: sql:/etc/pki/nssdb - CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none - SSL: certificate subject name '*.s3.amazonaws.com' does not match target hostname 'abc.example.com.s3.amazonaws.com' - NSS error -12276 - Closing connection #0 - SSL peer certificate or SSH remote key was not OK RequestPerform(1723): ###curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK

kerem closed this issue

2026-03-04 01:42:37 +03:00

kerem commented

2026-03-04 01:42:38 +03:00

Author

Owner

@RobbKistler commented on GitHub (Oct 22, 2015):

You could try -o use_path_request_style.

@RobbKistler commented on GitHub (Oct 22, 2015): You could try `-o use_path_request_style`.

kerem commented

2026-03-04 01:42:38 +03:00

Author

Owner

@neilmillard commented on GitHub (Oct 23, 2015):

Thanks Robbkistler, would that use the https://s3.amazonaws.com/abc.example.com/dev/web1/ path.
I get a perm redirect at that address.

PermanentRedirect

The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.

@neilmillard commented on GitHub (Oct 23, 2015): Thanks Robbkistler, would that use the https://s3.amazonaws.com/abc.example.com/dev/web1/ path. I get a perm redirect at that address. <Code>PermanentRedirect</Code> <Message> The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint. </Message>

kerem commented

2026-03-04 01:42:38 +03:00

Author

Owner

@sqlbot commented on GitHub (Oct 23, 2015):

@neilmillard you need to combine -o use_path_request_style and -o url=https://s3-${region}.amazonaws.com using the appropriate regional endpoint hostname for S3.

Path request style requires use of the correct regional endpoint hostname when the bucket is not in US Standard (us-east-1).

@sqlbot commented on GitHub (Oct 23, 2015): @neilmillard you need to combine `-o use_path_request_style` and `-o url=https://s3-${region}.amazonaws.com` using the appropriate [regional endpoint hostname for S3](http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Path request style requires use of the correct regional endpoint hostname when the bucket is not in US Standard (us-east-1).

kerem referenced this issue

2026-03-04 01:53:35 +03:00

[PR #147] [MERGED] Use S3Proxy 1.4.0-SNAPSHOT #1365