[CloudFront] Add exception when signature generation fails #2590
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
2 times, most recently
from
ce21d37
to
7d537d3
Compare
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
7d537d3
to
7174662
Compare
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
7174662
to
728ce05
Compare
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
728ce05
to
202795e
Compare
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
202795e
to
217d065
Compare
yenfryherrerafeliz
approved these changes
Jan 7, 2024
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
217d065
to
a65c76f
Compare
|
@yenfryherrerafeliz refactored and rebased code, ready to go when you are ready! |
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
a65c76f
to
55c8fad
Compare
|
Hi @DocLM, one last thing. Could you please add a generic error message for when $errorMessages is empty. Just to be safe. $exceptionMessage = implode("\n",$errorMessages);
if (count($errorMessages) == 0) {
$exceptionMessage = "An error has occurred when signing the policy";
}
throw new \RuntimeException($exceptionMessage);Thanks! |
DocLM
force-pushed
the
enhancement/cloudfront-sha1-openssl
branch
from
55c8fad
to
4189548
Compare
|
@yenfryherrerafeliz Fallback error message now available! |
stobrien89
approved these changes
Jan 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #2608
Description of changes:
On recent RHEL/RockyLinux/Alma 9 the default system security policies disable SHA-1 in OpenSSL.
This cause
CloudFrontClientto silently fail signature generation ingetSignedUrland generate an URL with empty signature.I've added a check for empty signature and an exception with OpenSSL errors to help to identify the issue.
I'd like to add a test but I'm struggling to find a way to dynamically disable the algorithm during unit tests, any suggestion is welcome.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.