无法从MacOSX客户端连接到Cloudfront

时间:2017-08-14 15:25:39

标签: c++ macos libcurl amazon-cloudfront

我的多平台客户端(用C++编写并构建在cURL上)应该从Cloudfront下载文件。在Windows上,下载适用于libcurl 7.40.0OpenSSL 1.0.2c。在MacOSX上:

  • 通过“直接”亚马逊AWS链接提供的文件已正确下载;
  • 无法下载通过Cloudfront链接提供的文件:调用设置为CURLE_SSL_CONNECT_ERROR后出现CURL错误,调试信息显示协议在SSL握手期间中断。

该文件也是通过MacOSX bash(版本7.54.0)中的curl命令正确下载的。

我正在链接我的iMac上安装的cURL版本(版本7.54.0,其中zlib版本1.2.8提供了安全层)。该版本支持SSL和TLSv1.2(执行AWS下载时可以看到)。

我即将结束:TLSv1.2受支持,应在与Cloudfront通信期间启用。还有别的东西我忘记了吗?

提前感谢您的帮助。两个服务器的MWE和响应如下。

最低工作示例(网址伪造):

#include "curl/curl.h"

#define URLDOWNLOAD "https://x.cloudfront.net/file.file?Expires=123&Signature=456&Key-Pair-Id=789"
#define AWSURLDOWNLOAD "https://x.amazonaws.net/file.file?Expires=123&Signature=456&Key-Pair-Id=789"

int main(int argc, const char * argv[]) {

    curl_global_init(CURL_GLOBAL_ALL);

    CURL* curl = curl_easy_init();

    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);

    curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, true);
    curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 30);
    curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 5);

    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
    curl_easy_setopt(curl, CURLOPT_RANGE, "0-");
    curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

    curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 2);

    // with URLDOWNLOAD the call fails. With AWSURLDOWNLOAD the call is successful.
    curl_easy_setopt(curl, CURLOPT_URL, URLDOWNLOAD);

    CURLcode error = curl_easy_perform(curl);

    curl_easy_reset(curl);

    return 0;
}

从AWS下载时的调试信息:

*   Trying ip...
* TCP_NODELAY set
* Connected to x.amazonaws.com (ip) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.x.amazonaws.com
* Server certificate: DigiCert Baltimore CA-2 G2
* Server certificate: Baltimore CyberTrust Root
> GET /FILE?X-Amz-Expires=431861&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AQ/20170814/aws4_request&X-Amz-Date=20170814T090903Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0eb HTTP/1.1
Host: x.amazonaws.com
Range: bytes=0-100
Accept: */*

< HTTP/1.1 206 Partial Content
< x-amz-id-2: Q/0/xjrH4tNKcJU=
< x-amz-request-id: 92CEA7A5E6AB
< Date: Mon, 14 Aug 2017 14:32:46 GMT
< Last-Modified: Tue, 16 May 2017 22:15:57 GMT
< ETag: "9d57e32d88c89a-55"
< x-amz-meta-cb-modifiedtime: Tue, 16 May 2017 22:13:27 GMT
< Accept-Ranges: bytes
< Content-Range: bytes 0-100/566567658
< Content-Type: application/octet-stream
< Content-Length: 101
< Server: AmazonS3
<
\246ՙ\30\363\360т.C\375\205\211\327\327\343\204\320\224\3404\327dͩ\3362\\306\354%%\214}"\3171\216\362}La\245U\304}\260\223\205\332\335 ]\314\330\300
* Curl_http_done: called premature == 0
* Connection #0 to host x.amazonaws.com left intact

从Cloudfront下载时的调试信息:

*   Trying ip...
* TCP_NODELAY set
* Connected to x.cloudfront.net (ip) port 443 (#0)
* SSL peer handshake failed, the server most likely requires a client certificate to connect
* Curl_http_done: called premature == 1
* Closing connection 0

这两个调用是使用完全相同的链接库进行的

0 个答案:

没有答案
相关问题
最新问题