No failure message in case of a bad certificate
pommi opened this issue · comments
Issue type
- Bug report
I've wasted a lot of time debugging this issue, because there was no clear error. I put the cli53 binary in my git repository and try to run it from a GitLab pipeline in a Debian 10 docker container. When no TLS root certificates are present on the system (package ca-certificates), it seems like cli53 just hangs when running a command. But under the hood it's hitting a "TLS bad certificate" error all the time.
cli53 version (cli53 --version)
cli53 version 0.8.17
OS / Platform
Debian 10
Steps to reproduce
docker run -it debian:buster /bin/bash
apt-get update -qq && apt-get install -yqq wget # which will install package ca-certificates as well
wget https://github.com/barnybug/cli53/releases/download/0.8.17/cli53-linux-amd64
chmod +x cli53-linux-amd64
apt-get purge -y ca-certificates
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
./cli53-linux-amd64 list -d
Expected behaviour
List the hosted zones
Actual behaviour
cli53 keeps retrying with no response:
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip
-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip
-----------------------------------------------------
DEBUG: Request route53/ListHostedZones Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /2013-04-01/hostedzone HTTP/1.1
Host: route53.amazonaws.com
User-Agent: aws-sdk-go/1.29.19 (go1.14; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=XXX/20200925/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=XXX
X-Amz-Date: XXX
Accept-Encoding: gzip
-----------------------------------------------------
Have you checked if the documentation has the information you require?
yes
Could you contribute a fix or help testing with this issue?
It would be nice if this was just mentioned in README.md as dependency.
apt-get install ca-certificates