Signature mismatch with s3 path style requests for signature v4 when using endpoint host like a http://<host:port/some_path>

Question

Signature mismatch with s3 path style requests for signature v4 when using endpoint host like a http://<host:port/some_path>

artashesbalabekyan opened this issue 7 months ago · comments

For example I want use a http://localhost:8080/s3 as an endpoint. And in this case s3cmd calculates the v4 signature wrong.

It should use the hostname http://localhost:8080 not the http://localhost:8080/s3 for signature calculation.

Any ideas about it? How it can be solved?

Artashes · Answer 1 · Wed Feb 28 2024 03:19:59 GMT+0800 (China Standard Time)

DEBUG: Canonical Request:
GET
/bucket_name/
delimiter=%2F
host:localhost:8080/s3
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20240227T185517Z

As you see host is localhost:8080/s3. But it should be localhost:8080. Because in http, a host can't be like localhost:8080/s3

Florent Viard · Answer 2 · Wed Feb 28 2024 08:13:02 GMT+0800 (China Standard Time)

Which s3 compatible service or software stack are you using?

Because it is a case where it is complicated to know what should be the correct behavior:

On AWS s3, there couldn't be a "sub-path" before the bucket. So there spec does not cover such a case.
In theory you can't have /s3/bucket_name, because otherwise it is "s3" that will be the bucket name.
If we were to ignore what i can call the "service path" (ie "/s3"), the signature would be kind of broken, because the same signature will work with all "services paths".

Florent Viard · Answer 3 · Sat Apr 13 2024 08:34:45 GMT+0800 (China Standard Time)

@artashesbalabekyan Would you be able to give more details about the service that you are using to be encountering this situation?
Otherwise i will have to close this issue.