macOS Sonoma 14.2: Failed to connect to Cognito & Lambda endpoints (Curl error code 35 - SSL error) Reopening #2795 #2804
Comments
triton3
added
bug
|
Reopning #2795 Logs: |
triton3
changed the title
|
Update: After updating to XCode 15.1 (and associated tools to use macOS 14.2 sdk).
The end result is still the same that our app cannot even get past initial authentication. Could it be that the AWS sdk needs to be rebuilt using curl v8.4.0 ? Is there a way to specify that if curl is installed in a separate location when building the sdk from source? |
|
Hi @triton3, Thank you for the update and investigation of the issue. Here is how a custom curl build could be used during the SDK build: Best regards, |
|
Hi @SergeyRyabinin Thank you for your response. I also managed to rebuild the AWS sdk on a mac with macOS 14.2 which has Curl v8.4.0 (see The first set of API calls to authenticate via cognito goes through, but subsequent ones (MFA) fail. Please see At this point, I am not sure how to proceed on figuring out what else I can try. Any suggestions? |
|
could you try to rebuild it with curl 8.5 provided homebrew? similiar to how sergey suggested in his response. that will use the curl that homebrew installs instead of system. you can see this in your cmake output edit: did some testing with 8.5 this morning and i could not replicate the issue |
|
Hi @triton3, Thank you for providing the log file,
quick search lead me to this libcurl issue: curl/curl#12525 and our SDK performs curl_global_init and curl_global_cleanup quite extensively. Well, there is hidden issue that SDK does not perform curl_global_init after cleanup (but libcurl has a hidden workaround that performs curl_global_init and hides/fixes our issue and that's why we did not notice it), and we have a PR that fixes this: #2424 May I ask you to try few different hacks to investigate the issue on your build?
I expect either 1 to workaround (and confirm) the issue, or 2 to fix the issue. Best regards, |
jmklix
added
response-requested
|
@SergeyRyabinin Thank you.
Good news: After commenting out the curl cleanup function, it worked and subsequent calls to aws are connecting.
Will try this next and update the result here. |
github-actions
bot
removed
the
response-requested
Using Curl v8.5.0 along with the fix: 042c5f7 seems to work. Had to statically link the curl library, since the app was still picking the default macOS curl v8.4.0 when running on target machine. Seems like this is a sensitive dependency for the AWS sdk, and we have no idea if Apple will decide to fix/update the curl version any time soon, or may break anytime in the future. Shouldn't it be mentioned in the instructions which version of Curl was tested and worked, or at least cautioning developers to use custom built curl library to ensure correctness? |
11 tasks
|
updated documentation to warn about using libcurl 8.4.0, resolving this issue, please re-open if you have any more comments on how we could surface this to customers or need any more help |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
OS: macOS Sonoma 14.2
AWS sdk is unable to connect to any endpoint (Cognito and Lambda endpoints for example).
Expected Behavior
The sdk successfully connects to endpoints.
Current Behavior
Connection fails with Curl http endpoint.
Error message:
curlCode: 35, SSL connect errorReproduction Steps
Aws::CognitoIdentityProvider::Model::InitiateAuthOutcome auth_request_result = cognito_client_->InitiateAuth(auth_request);Possible Solution
No response
Additional Information/Context
Note: SDK was built on macOS 13.6 (22G120). Connection succeeds on macOS version up to 14.1, but fails on macOS 14.2
AWS CPP SDK version used
1.11.235 (Built on macOS 13.6 (22G120))
Compiler and Version used
Apple clang version 15.0.0 (XCode v15.0)
Operating System and version
Issue occurs on macOS Sonoma v14.2
The text was updated successfully, but these errors were encountered: