aws-vault does not verify server certificate
othmane399 opened this issue · comments
- [* ] I am using the latest release of AWS Vault
- [* ] I have provided my
.aws/config
(redacted if necessary) - [* ] I have provided the debug output using
aws-vault --debug
(redacted if necessary)
Hello,
When I am using awscli
and http_proxy
like burp, I have an issue when using self signed certificate which is normal
aws configure sso
SSO start URL [None]: https://xxxx.awsapps.com/start
SSO Region [None]: eu-central-1
SSL validation failed for https://portal.sso.eu-central-1.amazonaws.com/assignment/accounts [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
This certificate is not verified when using aws-vault with a config like that
[profile account-sso]
region = eu-central-1
output = json
sso_start_url = https://xxxx.awsapps.com/start
sso_region = eu-central-1
sso_account_id = 0123456789
sso_role_name = RAdministrator
[profile account]
credential_process = aws-vault exec account-sso --json
region = eu-central-1
I've checked the code trying to fix but I didn't find anything expliciting this in the code base, even in aws-sdk-go-v2. and in tls library the by default config check the TLS certificate so very weird..
https://cs.opensource.google/go/go/+/refs/tags/go1.17.4:src/crypto/tls/common.go;l=646
please report to aws-sdk-go-v2