9

I'm using the Amazon AWS .NET SDK v1.2.1.

The following code throws an exception after failing a DNS lookup for myBucket.more.https which is clearly not what it should be looking for...

AmazonS3Config S3Config = new AmazonS3Config()
{
    ServiceURL = "https://s3.amazonaws.com",
    CommunicationProtocol = Amazon.S3.Model.Protocol.HTTPS,
};

using (AmazonS3 client = Amazon.AWSClientFactory.CreateAmazonS3Client(accessKey,secretKey, S3Config))
{
    PutObjectRequest request = new PutObjectRequest();

    using (MemoryStream ms = new MemoryStream(inputBytes))
    {
        request.WithBucketName("myBucket.more")
                .WithKey(output.Name)
                .WithInputStream(ms);

        using (S3Response response = client.PutObject(request))
        {
                        Log.Message("File Sent: " + output.Name);
        }
    }
}

If I remove the https:// from the front of the ServiceURL it throws a web exception with:

"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

So how am I suppose to get SSL working?

The only way I've managed so far is with the following, which is not secure:

AmazonS3Config S3Config = new AmazonS3Config()
{
    ServiceURL = "s3.amazonaws.com",
    CommunicationProtocol = Amazon.S3.Model.Protocol.HTTP,
};

UPDATE

If I don't pass a custom S3Config to CreateAmazonS3Client, it is still failing with:

"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

"The remote certificate is invalid according to the validation procedure."

Tim
  • 7,746
  • 3
  • 49
  • 83

1 Answers1

7

The ServiceUrl should be S3.amazonaws.com without the https:// in front. That is the default setting as is HTTPS for the Communication protocol. That's why you get the same error when you don't set the settings manually.

Update

EU buckets cannot contain periods(.) in the name if you want to use HTTPS.

Geoff Appleford
  • 18,538
  • 4
  • 62
  • 85
  • The bucket was created hours ago, and works perfectly if I turn SSL off. With the default config I get: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure." – Tim Jan 27 '11 at 16:00
  • although I guess that could still be down to DNS at it has to match the certificate! – Tim Jan 27 '11 at 16:01
  • @Jim - have you tried looking at the requests going across the wire with a tool like fiddler? – Geoff Appleford Jan 27 '11 at 16:05
  • @Jim - another thing - I don't think EU buckets over SSL work if they have periods(.) or Capitals in the name. You don't have one of those do you? – Geoff Appleford Jan 27 '11 at 16:13
  • The actual bucket name I'm using has a period '.' in it, which messes up the SSL certificates! – Tim Jan 27 '11 at 16:18
  • @Jim - updated my answer to reflect the solution from my earlier comment :) – Geoff Appleford Jan 27 '11 at 16:22
  • If you want to use SSL with a period in the bucket name you must use the "version 1" URL style. e.g. https://s3.amazonaws.com/my.bucket.with.periods/path/to/file.txt – Uriah Carpenter Jan 28 '11 at 06:09
  • @Uriah - Except that doesn't work with EU buckets. Please correct me if I am wrong. – Geoff Appleford Jan 28 '11 at 08:01
  • 1
    @geoff - To use path style buckets you must use the [region specific endpoint](http://aws.amazon.com/articles/3912). The S3 EU region has an unpublished endpoint of `s3-eu-west-1.amazonaws.com`. I have uploaded an example image: [DNS style](http://eutest.uriah.com.s3.amazonaws.com/flowers.jpg), [SSL with path style](https://s3-eu-west-1.amazonaws.com/eutest.uriah.com/flowers.jpg) – Uriah Carpenter Jan 28 '11 at 15:11