Setting a number of additional security settings about aws-sdk-cpp HOT 5 CLOSED

Hi asylvest

1. We just defer to the TLS implementation on your system and don't currently support this override.
   Which platform are you on?
   We have an override used for the android tests for curl https://github.com/awslabs/aws-sdk-cpp/blob/b46c1f4c185ce64c4c6d2e85bfd04ca8c346c3af/aws-cpp-sdk-core/source/http/curl/CurlHttpClient.cpp#L174.

2.Yes, just set the endpointOverride.
3. aws-sdk-cpp ONLY supports sigv4. All new AWS services only support sigv4 and ALL AWS services support sigv4 in all regions so we have no reason to support older signing methods.

1. Yes, this is exactly the same as the other SDKS.
2. No, we currently have no dotfile overrides like boto. The only functionality like this we support is configuring credential profiles in the ~/.aws/credentials file.

In regards to 1, feel free to open an issue if this is a feature you require.

from aws-sdk-cpp.

Preston,

Thanks for all the info. I am on Linux (some chance I will care about Windows eventually but Linux is what matters for the medium term) and using libcurl with the SDK. I'm not very familiar with libcurl or CA certs in general but based on the override you pointed me to and a little Googling, are you saying I can do curl_easy_setopt(handle, CURLOPT_CAPATH, "/path/to/cert.pem") and curl will take care of this aspect? If so, the catch is that from what I see, m_curlHandleContainer is private in CurlHttpClient so I don't have any way to do this in my application code right (well, I guess I could hardcode it via TEST_CERT_PATH at SDK compile time)? No big deal - if you can verify that I'm following what you're saying, I'll recompile the SDK to use AWS_CA_BUNDLE to point to my cert, confirm I can get things working, and then put in a pull request. From what you're saying, sounds like this should be a one-liner (for the libcurl implementation at least).

from aws-sdk-cpp.

You should get the ca stuff for free. Curl gives you bundle for free when
yoy install. You shouldn't need to override anything. Have you tried just
using the sdk and seeing what happens?
On Dec 7, 2015 8:07 PM, "Adam Sylvester" [email protected] wrote:

Preston,

Thanks for all the info. I am on Linux (some chance I will care about
Windows eventually but Linux is what matters for the medium term) and using
libcurl with the SDK. I'm not very familiar with libcurl or CA certs in
general but based on the override you pointed me to and a little Googling,
are you saying I can do curl_easy_setopt(handle, CURLOPT_CAPATH,
"/path/to/cert.pem") and curl will take care of this aspect? If so, the
catch is that from what I see, m_curlHandleContainer is private in
CurlHttpClient so I don't have any way to do this in my application code
right (well, I guess I could hardcode it via TEST_CERT_PATH at SDK
compile time)? No big deal - if you can verify that I'm following what
you're saying, I'll recompile the SDK to use AWS_CA_BUNDLE to point to my
cert, confirm I can get things working, and then put in a pull request.
From what you're saying, sounds like this should be a one-liner (for th e
libcurl implementation at least).

—
Reply to this email directly or view it on GitHub
#56 (comment).

from aws-sdk-cpp.

Yes you are correctly following what I'm saying, but lets make sure this is the correct thing for you to do.

We did not make this easy because you should not NEED to override the certs. Why do you need to override the cert bundle?

from aws-sdk-cpp.

After doing a lot of diagnosing and starting to write a very long detailed post here, I realized I was actually doing something else incorrectly here and that was the source of my connection problem. I am not quite sure how/where curl is picking my certs up from (I don't see them in the location where curl appears to be looking), but at this point I have a hello world application that can successfully query SQS, so I will remain blissfully ignorant of curl specifics and be happy at the end result. I assume the other AWS services will work very similarly but will post any follow-up issues/questions I run into.

Thanks for the help (and for putting the C++ SDK together!).

from aws-sdk-cpp.