Opened 4 years ago
Closed 4 years ago
#12397 closed Bug report (rejected)
Connecting to third party S3 provider
| Reported by: | loleg | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | s3 | Cc: | |
| Component version: | Operating system type: | Linux | |
| Operating system version: |
Description
After fiddling ..a lot!.. with the S3 connection and site settings, and having successfully connected to official Amazon S3 buckets, I cannot manage to connect to a Linode Object Storage S3 provider which works completely fine using the s3cmd tool. There is always a 403 user access denied error. I tried rotating my access keys and various ACL and permission settings to no avail.
If anybody else has managed to use FileZilla with Linode or another third-party S3 provider, I would appreciate a tip. They recommend the CyberDuck client, which is not supported on Linux.
See https://www.linode.com/docs/guides/how-to-use-object-storage/#cyberduck
Change History (2)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
| Resolution: | → rejected |
|---|---|
| Status: | new → closed |
Not a bug in FileZilla Pro.
It's a confirmed bug in Linode's third-party S3 implementation. They are working on the issue, no ETA has been given.
From what I understand, they are wrongly checking the S3 request signature not against the Host header as sent by the client, but by a host header mangled by some reverse proxy, which results in an authentication failure.
Please contact Linode support for further assistance.
They look exactly the same if I include the bucket subdomain. Here are my detailed (Debug level 3) logs:
Trace: CHttpControlSocket::ResetSocket()
Trace: CControlSocket::ResetOperation(66)
Trace: CHttpControlSocket::ResetSocket()
Trace: CControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CS3ControlSocket::Connect(eu-central-1.linodeobjects.com)
Trace: CControlSocket::SendNextCommand()
Trace: CHttpConnectOpData::Send() in state 0
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpConnectOpData::Reset(0) in state 0
Trace: CS3ControlSocket::List()
Status: Retrieving directory listing...
Trace: CControlSocket::SendNextCommand()
Trace: CS3ListOp::Send() in state 0
Trace: CS3ControlSocket::DoRequest
Trace: S3RequestOp::Send() in state 0
Trace: S3RequestOp::Send() in state 1
Trace: S3RequestOp::Send() in state 2
Trace: Requesting https://eu-central-1.linodeobjects.com:443/
Trace: CHttpControlSocket::Request()
Trace: CHttpRequestOpData::Send() in state 17
Trace: CHttpRequestOpData::Send() in state 18
Trace: CHttpControlSocket::InternalConnect()
Trace: CHttpControlSocket::ResetSocket()
Trace: CHttpInternalConnectOpData::Send() in state 0
Trace: CHttpControlSocket::ResetSocket()
Status: Resolving address of eu-central-1.linodeobjects.com
Status: Connecting to 139.162.182.14:443...
Status: Connection established, initializing TLS...
Trace: tls_layer_impl::client_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: TLS Handshake successful
Trace: Protocol: TLS1.2, Key exchange: ECDHE-SECP384R1-RSA-SHA384, Cipher: AES-256-GCM, MAC: AEAD
Trace: tls_layer_impl::verify_certificate()
Status: Verifying certificate...
Trace: CS3ControlSocket::SetAsyncRequestReply
Trace: CHttpControlSocket::SetAsyncRequestReply
Status: TLS connection established, sending HTTP request
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpInternalConnectOpData::Reset(0) in state 0
Trace: CHttpRequestOpData::SubcommandResult(0) in state 18
Trace: CControlSocket::SendNextCommand()
Trace: CHttpRequestOpData::Send() in state 20
Command: GET / HTTP/1.1
Command: Authorization:
Command: Connection: keep-alive
Command: Host: eu-central-1.linodeobjects.com:443
Command: Keep-Alive: 300
Command: User-Agent: FileZilla/3.52.2
Command: x-amz-content-sha256: e3b0c44298...........
Command: x-amz-date: 20210312T110642Z
Trace: Finished sending request header. Request has no body
Trace: CHttpRequestOpData::Send() in state 16
Trace: CHttpRequestOpData::ParseHeader()
Response: HTTP/1.1 403 Forbidden
Response: Date: Fri, 12 Mar 2021 11:06:42 GMT
Response: Content-Type: application/xml
Response: Content-Length: 200
Response: Connection: keep-alive
Response: x-amz-request-id: tx000000000000002ab31ae-00604b4b42-153e462-default
Response: Accept-Ranges: bytes
Trace: CHttpRequestOpData::ProcessCompleteHeader()
Trace: S3RequestOp::OnHeader with response code 403
Trace: Finished a response
Trace: Done reading last response
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpRequestOpData::Reset(0) in state 0
Trace: S3RequestOp::SubcommandResult(0) in state 3
Trace: CControlSocket::ResetOperation(2)
Trace: S3RequestOp::Reset(2) in state 3
Trace: CS3ListOp::SubcommandResult(2) in state 0
Error: Please verify the user name and password used to connect.
Trace: CControlSocket::ResetOperation(1026)
Trace: CS3ListOp::Reset(1026) in state 0
Error: Failed to retrieve directory listing