"An SSL error has occurred and a secure connection to the server cannot be made"

[dsernst]

I'm following the example from the readme exactly, but running into this fatal error during upload:

Searching around, it looks like maybe Apple thinks there could be something wrong with AWS' cert: https://stackoverflow.com/questions/32755674/ios9-getting-error-an-ssl-error-has-occurred-and-a-secure-connection-to-the-ser

Will keep investigating...

[benjreinhart]

Thanks for reporting!

I have not seen this, and I tested uploads in my environment last night. Will keep an eye on it though.

[dsernst]

Yeah, it seems to be a problem with the S3 bucket. If I try to visit the bucket directly, Chrome is throwing a privacy warning: NET::ERR_CERT_COMMON_NAME_INVALID.

I had added the IAM policy like you specified here, but I hadn't done anything to configure the bucket after it was created. Do you know offhand if permissions need to be adjusted there as well?

Will keep investigating.

[benjreinhart]

I do not remember, but it's definitely possible. I do remember having to poke around and bucket permissions/IAM policies for a while before it made sense to me, then I dumped my permissions on this readme.

Wish I could be of more help!

[dsernst]

Fighting with AWS permissions always makes me feel like 😒 🙃

[dsernst]

Well this particular SSL error went away... I tried a number of things so I'm not positive which made the difference.

But my best guess is that it was caused by a problem with AWS' wildcard cert, and I think what fixed it was using a differently named S3 bucket that didn't have any .'s in the name, so that it didn't look like a deeper nested subdomain.

I'm going to close this issue for now, although I'm still having some other trouble, but I'll open more specific issues for those or comment on existing problems I'm seeing, such as https://github.com/benjreinhart/react-native-aws3/issues/26

[dsernst]

I was able to get everything working.

I was missing the text of an error AWS was sending back, because I was only logging response.body, but the error was at response.text.

Once I found that, I realized a spot where I had a typo (us-west-2 instead of us-west-1) and was able to get everything working perfectly now. 🏆

---

Once I got it working, I was able to tighten up all the settings on the bucket and everything is still working fine. So re my earlier question about needing to grant permissions to the bucket rather than just adding the IAM policy to the AccessKey, it was not necessary.

---

PS, it's still all working for me even though I tightened up the AccessKey's policy to just:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1458840156000",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectVersionAcl"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/uploads/*"
            ]
        }
    ]
}

s3:GetObject, s3:GetObjectAcl, s3:GetObjectVersion, s3:PutObjectAcl were not necessary and I removed them for security reasons, so that other users can't see each others' uploads.

[benjreinhart]

Yeah, I've been meaning to change that in the readme. I had realized that as well after I originally wrote the readme.

[brunoosilva]

In my case, this resolved with:

Add this line, inside of <dict> in key <key>NSAppTransportSecurity</key>:

<key>NSAllowsArbitraryLoads</key>
<true/>

More info: https://stackoverflow.com/questions/32755674/ios9-getting-error-an-ssl-error-has-occurred-and-a-secure-connection-to-the-ser?answertab=active#tab-top

[jaredramirez]

For me, I resolved this error by changing my bucket's name from company.data to company-data.

[thomas-coldwell]

I found that the url it was sending the request to was https://bucket-name.s3.amazonaws.com. Opening this up in chrome showed it wasn't getting the SSL certs and was unsecure. I changed it to instead use a url of format https://s3-eu-west-1.amazonaws.com/bucket-name and it worked without a hitch.

Essentially I changed the line to this in RNS3.js : var url = 'https://s3-' + options.region + '.' + (options.awsUrl || AWS_DEFAULT_S3_HOST) + '/' + options.bucket; And set AWS_DEFAULT_S3_HOST to just amazonaws.com