Giters

barnybug / cli53

Command line tool for Amazon Route 53

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

No failure message in case of a bad certificate

pommi opened this issue · comments

commented

Issue type

  • Bug report

I've wasted a lot of time debugging this issue, because there was no clear error. I put the cli53 binary in my git repository and try to run it from a GitLab pipeline in a Debian 10 docker container. When no TLS root certificates are present on the system (package ca-certificates), it seems like cli53 just hangs when running a command. But under the hood it's hitting a "TLS bad certificate" error all the time.

cli53 version (cli53 --version)

cli53 version 0.8.17

OS / Platform

Debian 10

Steps to reproduce

docker run -it debian:buster /bin/bash
apt-get update -qq && apt-get install -yqq wget  # which will install package ca-certificates as well
wget https://github.com/barnybug/cli53/releases/download/0.8.17/cli53-linux-amd64
chmod +x cli53-linux-amd64
apt-get purge -y ca-certificates
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
./cli53-linux-amd64 list -d

Expected behaviour

List the hosted zones

Actual behaviour

cli53 keeps retrying with no response:

DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip


-----------------------------------------------------

Have you checked if the documentation has the information you require?

yes

Could you contribute a fix or help testing with this issue?

It would be nice if this was just mentioned in README.md as dependency.

apt-get install ca-certificates