Sunday, November 22, 2009

Using s3fs with centos and https

There are several s3fs projects, this is the one I'm using: http://code.google.com/p/s3fs/wiki/FuseOverAmazon

When I tried to connect in Centos to the filesystem while using an https url, I got the message:
ls: reading directory /mnt/s3: Input/output error
And in /var/log/messages:
Nov 22 15:02:57 host s3fs: init $Rev: 177 $
Nov 22 15:03:01 host s3fs: ###problem with the SSL CA cert (path? access rights?)
Nov 22 15:03:01 host s3fs: ###retrying...
Nov 22 15:03:01 host s3fs: ###problem with the SSL CA cert (path? access rights?)
Nov 22 15:03:01 host s3fs: ###retrying...
Nov 22 15:03:01 host s3fs: ###problem with the SSL CA cert (path? access rights?)
Nov 22 15:03:01 host s3fs: ###retrying...
Nov 22 15:03:01 host s3fs: ###giving up
Nov 22 15:03:05 host s3fs: destroy

Based on a message on that google code page, I added the slightly different than suggested function call:
curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/pki/tls/certs/ca-bundle.crt");
which took care of the errors.  Then it mostly worked.  Although there are still random failures so I'm trying s3backer next.

4 comments:

Randy Rizun said...

just out of curiosity, what kind of random failures did you see?

he said said...

All I tried to do was cat a text file and I get lots of this in my log:
s3fs: 620###result=-13
s3fs: 1128###result=-9
s3fs: 1128###result=-9
s3fs: 1177###result=-9

pace said...

Hi Matt. Can you post a diff/patch of your changes. I'm not a C++ programmer so I'm sure where I should place the extra line (or if I should do it all over the place where I see curl options being set).


Thanks!
pace

he said said...

I'm not even using s3 at all anymore but was able to find the source again. Have you tried with the latest version and are still getting the same error?

I modified r177 as follows:

170a171,173
> //MJB Workaround cert errors when connecting w/ https
> curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/pki/tls/certs/ca-bundle.crt");
>


Don't forget that the path is centos/rhel specific