New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-sigv4 request signature does not match expected value #13058
Comments
@outscale-mgo any idea? |
I think the problem is that
|
Ouch, that's... weird. I suppose we can run an extra pass over the query part when AWS-SIGV4 is used and force-replace all pluses with |
AWS sigv4 have this function. |
@outscale-mgo the mentioned bypass works, but kind of defeats the purpose of using You say As I mentioned above, I am running a SPARQL query using the W3C SPARQL 1.1 Protocol. Specifically I am using the
The referenced RFC 3986 specifies percent-encoding on page 12. To my understanding, encoding spaces as a See also: https://stackoverflow.com/questions/1634271/url-encoding-the-space-character-or-20 |
Here's the documentation about aws query encoding:
So saying "AWS s3 isn't that standard" was a little of an overstatement. |
I'm thinking about it now @jaw111 .
Because it might just work. |
I'd prefer to say that curl is currently running in "backwards compatible" mode :) It might not be wrong per-se, but it is also not compliant with what the SPARQL 1.1 Protocol sees as a must. Whilst I expect that many servers will accept requests with So the real question we should ask is if there are any servers out that that will throw errors if the query string parameter is percent encoded i.e. IMHO curl should be forward looking here and use percent encoding. Maybe for backwards compatibility you could provide a way to encode spaces as
|
@outscale-mgo using non-encoded spaces with the plus prefix makes curl throw an error:
|
But it's not only about the '+'.
|
@outscale-mgo let's not conflate two different things here. Although I see the initial issue when signing the AWS requests, further analysis determines that the So this current behavior may cause problems when sending requests to any SPARQL endpoint using I can agree the AWS Signature Version 4 documentation is a bit vague in the wording, maybe too S3-centric? I found more documentation under IAM and there it specifies the canonicalization algorithm in more detail. From that it seems that you should not encode the "/" in the absolute path, but would do elsewhere: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html#create-canonical-request So seems a bit like encodeURI() vs. encodeURIComponent() in JavaScript. |
I did this
Using latest curl version 8.6.0 I am running into problems with the signatures when trying to run SPARQL queries using
--url-query
as described here.An example request:
Response headers
Response body:
Some problems were already resolved by #11794 but it seems some characters used in SPARQL queries are still not handled correctly. I think the spaces are the cause as it works OK with
--url-query "query=select*where{?s?p?o}limit1"
.I expected the following
The calculated signature should be correct.
curl/libcurl version
curl 8.6.0 (x86_64-w64-mingw32) libcurl/8.6.0 LibreSSL/3.8.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.5 WinIDN libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.59.0 ngtcp2/1.2.0 nghttp3/1.1.0
Release-Date: 2024-01-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM PSL SSL threadsafe UnixSockets zstd
operating system
MINGW32_NT-10.0-22621-WOW64 SMW008711 3.3.6-341.i686 2022-09-05 20:09 UTC i686 Msys
The text was updated successfully, but these errors were encountered: