jmklix
commented
1 week ago Thanks for finding this bug and pointing it out to us. We are working on a fix.
Open renjipanicker opened 1 week ago
jmklix
commented
1 week ago Thanks for finding this bug and pointing it out to us. We are working on a fix.
Describe the bug
In the file;:
aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cppLine 541 (in function OpenRequest):
DWORD requestFlags = request->GetUri().GetScheme() == Scheme::HTTPS && m_verifySSL ? WINHTTP_FLAG_SECURE : 0;This code passes 0 instead of WINHTTP_FLAG_SECURE if m_verifySSL is false. Therefore the connection is not TLS enabled.
This is incorrect behaviour.
Expected Behavior
If the scheme is HTTPS and m_verifySSL is false, it should initiate a TLS connection, and ignore certificate errors.
Current Behavior
If the scheme is HTTPS and m_verifySSL is false, it initiates a non-TLS connection.
Reproduction Steps
Create an outgoing HTTPS request to S3, and set m_verifySSL to false. Use Wireshark or equivalent to observe that the connection is not TLS enabled.
Possible Solution
Remove the
&& m_verifySSLfrom the condition.Additional Information/Context
No response
AWS CPP SDK version used
1.11.285
Compiler and Version used
Visual Studio 2019
Operating System and version
Windows Server 2019