I'm trying to upload some data to Elasticsearch via Curl in a CI job. The Curl command I believe is correct and works perfectly locally. However within the job it appears to hang and then times out after 30 seconds.
Here is the Curl command:
curl -u $user:$password \
-XPOST "${HOST}${INDEX}/data" \
-H 'Content-Type: application/json' \
-d "$json_data" \
--max-time 30 \
--verbose
Here is the verbose output:
Note: Unnecessary use of -X or --request, POST is already inferred.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Trying <IP-ADDRESS>...
* TCP_NODELAY set
* Connected to <HOST> (<IP-ADDRESS>) port <PORT> (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [58 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3024 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* ...
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Server auth using Basic with user '<USERNAME>'
* Using Stream ID: 1 (easy handle 0x565087a74580)
} [5 bytes data]
> POST /elasticsearch/<INDEX>/data HTTP/2
> Host: <HOST>
> Authorization: Basic <KEY>
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 13735
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* We are completely uploaded and fine
{ [5 bytes data]
100 13735 0 0 100 13735 0 11388 0:00:01 0:00:01 --:--:-- 11388
100 13735 0 0 100 13735 0 6220 0:00:02 0:00:02 --:--:-- 6220
100 13735 0 0 100 13735 0 4280 0:00:03 0:00:03 --:--:-- 4280
...
100 13735 0 0 100 13735 0 469 0:00:29 0:00:29 --:--:-- 0
* Operation timed out after 30001 milliseconds with 0 bytes received
100 13735 0 0 100 13735 0 457 0:00:30 0:00:30 --:--:-- 0
* Connection #0 to host <HOST> left intact
curl: (28) Operation timed out after 30001 milliseconds with 0 bytes received
It looks like the host can be reached by the CI job but seems to hang for some reason. If I remove the timeout limit I get a curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 110 error. According to the libcurl docs the 56 error code is when there is a failure receiving network data, which is strange as it’s doing a POST. Everything works fine locally, but this error is happening with every job. Any ideas?
Related
i am use
curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
output is
root#localhost:~# curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
* Added www.skillacademy.com:443:104.18.24.139 to DNS cache
* Hostname www.skillacademy.com was found in DNS cache
* Trying 104.18.24.139:443...
* Connected to www.skillacademy.com (104.18.24.139) port 443 (#0)
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS change cipher, Change cipher spec (1):
* (304) (OUT), TLS Unknown, Certificate Status (22):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Proxy certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: May 10 00:00:00 2022 GMT
* expire date: May 10 23:59:59 2023 GMT
* subjectAltName: host "www.skillacademy.com" matched cert's "*.skillacademy.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* allocate connect buffer
* Establish HTTP proxy tunnel to www.skillacademy.com:443
* (304) (OUT), TLS Unknown, Unknown (23):
> CONNECT www.skillacademy.com:443 HTTP/1.1
> Host: www.skillacademy.com:443
> User-Agent: curl/7.85.0
> Proxy-Connection: Keep-Alive
>
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 400 Bad Request
< Server: cloudflare
< Date: Tue, 18 Oct 2022 06:57:20 GMT
< Content-Type: text/html
< Content-Length: 155
< Connection: close
< CF-RAY: -
<
* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed
* Closing connection 0
* (304) (OUT), TLS Unknown, Unknown (21):
* (304) (OUT), TLS alert, close notify (256):
curl: (56) Received HTTP code 400 from proxy after CONNECT
Look at Establish HTTP proxy tunnel to www.skillacademy.com:443
Why still HTTP not a HTTPS ?
what i try :
update openssl to latest
update curl to latest
Here output
root#localhost:~# curl -V
curl 7.85.0 (aarch64-unknown-linux-gnu) libcurl/7.85.0 OpenSSL/1.1.1q zlib/1.2.11
Release-Date: 2022-08-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
root#localhost:~# openssl version -a
OpenSSL 1.1.1q 5 Jul 2022
built on: Tue Oct 18 06:23:52 2022 UTC
platform: linux-aarch64
options: bn(64,64) rc4(char) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific
root#localhost:~#
any help will apreciated
As part of pipeline for building Debian package with popular game Factorio i need to download game's distribution files. This is without any problems in gui web browser.
I try to download file using curl but i still cannot solve problem with CSRF token:
#!/bin/sh
LOGIN=""
PASSWD=""
VERSION=`curl -s "https://api.github.com/repos/wube/factorio-data/tags" | jq -r '.[0].name'`
ARCHIVE="factorio_alpha_x64_${VERSION}.tar.xz"
CSRF=`curl -s -c ~/cookie.txt https://www.factorio.com/login | grep csrf_token | awk -F'"' '{print $8}'`
curl -v -c ~/cookie.txt -b ~/cookie.txt -H "X-CSRF-Token: ${CSRF}" -X POST -F "csrf_token=${CSRF}" -F "username_or_email=${LOGIN}" -F "password=${PASSWD}" https://www.factorio.com/login
curl -c ~/cookie.txt https://www.factorio.com/get-download/${VERSION}/alpha/linux64 > ${ARCHIVE}
The script run fail everytime with the final response:
vitex#exiv:~/Projects/Packaging/Games/factorio-deb$ ./downloader.sh
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 104.26.14.88:443...
* Connected to www.factorio.com (104.26.14.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Jul 6 00:00:00 2021 GMT
* expire date: Jul 5 23:59:59 2022 GMT
* subjectAltName: host "www.factorio.com" matched cert's "*.factorio.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55eea0a17d10)
> POST /login HTTP/2
> Host: www.factorio.com
> user-agent: curl/7.76.1
> accept: */*
> cookie: session=eyJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.D93FhsjkngmtONrHEFB6P0d4w8Y
> x-csrf-token: IjE5NjJlZTgwZDAyYjBhYTg0NDdlNThmYmExMmRkMzE4Y2U2OTExZGQi.YXicKQ.HKcRPgEkSRVU4_Xat-dCV31sHWg
> content-length: 461
> content-type: multipart/form-data; boundary=------------------------c63b0f58b7ac0deb
>
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 400
< date: Wed, 27 Oct 2021 00:24:09 GMT
< content-type: text/html; charset=utf-8
< cache-control: no-cache
< x-frame-options: SAMEORIGIN
< strict-transport-security: max-age=31536000
< vary: Cookie
* Replaced cookie session="eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM" for domain factorio.com, path /, expire 0
< set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM; Domain=.factorio.com; Secure; HttpOnly; Path=/
< via: 1.1 vegur
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZPVm%2FRu31d1J8IkHuFfcRwFad6vXWf2%2FbHrH3PCRg1GFuXfHgsJDXN10zPpE6ZaOP7I1ClCiaDo0i0tO%2B5kih95W6gO28pCyjiiA3oXOmJvFHr%2F4iipMg0xlK7v2rVQ51w%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6a47c7a32c4f27a0-PRG
<
<!DOCTYPE html>
<html>
<head>
<title> 400 - CSRF Error | Factorio</title>
...
How i can better work with cookies recieved by first request ?
What is wrong here ?
Hi I have had a search on this already and I cannot work out why this keeps failing. I'm using the following curl command to send an email via a gmail account. fails on authentication.
I have tried two accounts one that has 2 factor setup with an app password, and one that just has less secure apps enabled.
both just fail to authenticate.
curl --ssl-reqd --url smtp://smtp.gmail.com:587 --mail-from myemail#gmail.com --mail-rcpt otheremail#gmail.com --user 'myemail#gmail.com:password' --cacert cacert.pem --upload-file mail.txt --TLSv1.2 --tls-max 1.2 --verbose
the cacert.pem came from here https://curl.haxx.se/ca/cacert.pem
This is the output from curl
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 64.233.167.109:587...
* TCP_NODELAY set
* Connected to smtp.gmail.com (64.233.167.109) port 587 (#0)
< 220 smtp.gmail.com ESMTP v11sm289228wml.26 - gsmtp
> EHLO mail.txt
< 250-smtp.gmail.com at your service, [x.x.x.x]
< 250-SIZE 35882577
< 250-8BITMIME
< 250-STARTTLS
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-CHUNKING
< 250 SMTPUTF8
> STARTTLS
< 220 2.0.0 Ready to start TLS
* successfully set certificate verify locations:
* CAfile: c:\utils\curl-7.68.0-win64-mingw\bin\cacert.pem
CApath: none
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [208 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [91 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2342 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [114 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=smtp.gmail.com
* start date: Sep 22 15:25:59 2020 GMT
* expire date: Dec 15 15:25:59 2020 GMT
* subjectAltName: host "smtp.gmail.com" matched cert's "smtp.gmail.com"
* issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
* SSL certificate verify ok.
} [5 bytes data]
> EHLO mail.txt
{ [5 bytes data]
< 250-smtp.gmail.com at your service, [x.x.x.x]
< 250-SIZE 35882577
< 250-8BITMIME
< 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-CHUNKING
< 250 SMTPUTF8
} [5 bytes data]
> AUTH PLAIN
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0{ [5 bytes data]
< 334
} [5 bytes data]
> ACdhbmR5cGRzMjAxNEBnbWFpbC5jb20AYW9ub3hubnB2Y3N3aGR1bic=
{ [5 bytes data]
< 535-5.7.8 Username and Password not accepted. Learn more at
< 535 5.7.8 https://support.google.com/mail/?p=BadCredentials v11sm289228wml.26 - gsmtp
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, close notify (256):
} [2 bytes data]
curl: (67) Login denied```
I cannot see why this is not working, I can use the app password in another app that does not use OAuth and that lets me send emails OK.
I'm new to using curl and any help will be apricated.
Thanks.
Andy.
Edit: I have also tried this on my linuxVM and that worked fined with GMail, so I tried again in windows and still failed. I just removed the quotes from the user field and it worked fine.
So as I put in the edited question. I have solved it.
the --user 'myemail#gmail.com:password' need the single quotes removing from it and it now connects and sends the mail.
Hopefully this will aid someone else in the future.
I am trying to trigger an remote Jenkins job from an host Jenkins server.
I have created build token. I am trying to call the job using the curl
curl.exe -v -x -K --insecure -u "username#username.com:pwd" POST https://hostname:8443/job/mypackjob/build?token=XXXIODFASDF
if use the same command from the command prompt (i.e Windows CMD) the job is getting triggered, but from the Jenkins job it is not working. I am getting HTTP/1.1 error.
* Rebuilt URL to: POST/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 132.186.32.5...
* TCP_NODELAY set
* Connected to INCHNIISNW0113.net (132.186.32.5) port 8443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1580 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=INCHNIISNW0113.net
* start date: Nov 3 13:41:11 2016 GMT
* expire date: Dec 31 23:59:59 2039 GMT
* issuer: CN=API
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'username#xxx.com'
} [5 bytes data]
> -K /job/2.50HR0API0Obfuscation/build?token=TRIGGERMEHRAPIBUILD HTTP/1.0
> Host: INCHNIISNW0113.net:8443
> Authorization: Basic **************
> User-Agent: curl/7.58.0
> Accept: */*
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
**< HTTP/1.1 404 Not Found**
< Date: Wed, 18 Apr 2018 15:46:23 GMT
< X-Content-Type-Options: nosniff
< Server: Jetty(9.4.z-SNAPSHOT)
* no chunk, no close, no size. Assume close to signal end
<
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
* TLSv1.2 (IN), TLS alert, Client hello (1):
{ [2 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Closing connection 1
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]
I wanted to do a GET on the following URL in Postman with Basic Authorization:
https://1.2.3.4:8338/accounts
Unfortunately I cannot connect directly to that server so I've tunneled through Jump server 5.6.7.8 using SSH Tunnel Manager and
ssh -N -p 22 username#5.6.7.8 -o StrictHostKeyChecking=no -L 127.0.0.1:8080:1.2.3.4:8338
That worked. I now want to create a container by doing a PUT to this URL using AWSV4 Authorization:
https://1.2.3.4/testcontainer
If I use the above tunner I get a 404 error. I've a feeling that my issue is that the tunnel is on port 8338 but my URL doesn't specify a port. I've tried leaving the port on 1.2.3.4 blank but it defaults to 0 and the tunnel doesn't work.
I then tried setting that port to 443(default HTTPS port). When I do that I get a SignatureDoesNotMatch error. I think that's because I set the AWSV4 authentication up on port 8338(it's a guess).
Finally I tried to setup AWSV4 authorization with port 443 but received a 403 error.
I'm not sure where to go now. Can anybody advise what I might have to do a PUT to the below URL using localhost?
https://1.2.3.4/testcontainer
UPDATE 2017-06-28
I got access to a server that can connect directly to 1.2.3.4 and decided to try using curl in the terminal. It wouldn't work as I need to use AWS v4 auth. When looking into this I came across s3curl. I've tried running the following:
./s3curl.pl --id personal -- -s -v -X PUT https://1.2.3.4/testcontainer -k
Still no luck. This is the output:
* Hostname was NOT found in DNS cache
* Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=US; ST=T; L=A; O=B; CN=access01.b.com; emailAddress=b#us.b.com
* start date: 2017-06-04 08:05:04 GMT
* expire date: 2018-06-05 08:25:00 GMT
* issuer: C=US; ST=I; L=C; O=cc; CN=Manager CA; serialNumber=serialnumber
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> PUT /testcontainer HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 1.2.3.4
> Accept: */*
> Date: Wed, 28 Jun 2017 13:23:01 +0000
> Authorization: AWS authoization
>
< HTTP/1.1 403 Forbidden
< Date: Wed, 28 Jun 2017 13:23:01 GMT
< X-Clv-Request-Id: requestid
< Accept-Ranges: bytes
* Server cc/3.1.0.1 is not blacklisted
< Server: cc/3.1.0.1
< X-Clv-S3-Version: 2.5
< x-amz-request-id: requestid
< Content-Type: application/xml
< Content-Length: 894
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Error> <Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.</Message><Resource>/pctestcontainer1/</Resource><RequestId>bfb1bdf1-9d7a-4bc7-966a-a3a5e89498eb</RequestId><StringToSign>PUT
Wed, 28 Jun 2017 13:23:01 +0000
* Connection #0 to host 10.137.63.202 left intact
/pctestcontainer1</StringToSign><StringToSignBytes>80 85 84 10 10 10 87 101 100 44 32 50 56 32 74 117 110 32 50 48 49 55 32 49 51 58 50 51 58 48 49 32 43 48 48 48 48 10 47 112 99 116 101 115 116 99 111 110 116 97 105 110 101 114 49</StringToSignBytes><SignatureProvided>signature</SignatureProvided><AWSAccessKeyId>accesskey</AWSAccessKeyId><httpStatusCode>403</httpStatusCode></Error>root#utility:/tmp/cp/s3curl#
Does this mean anything to anybody?
After a lot of investigation I found that I needed to include a "Host" key in my header and use the AWS V4 credentials I generated.
I can now do a PUT using a statement in Postman.