search

cryptomator / ios

Cryptomator for iOS
https://cryptomator.org
GNU General Public License v3.0
210 stars 26 forks source link

Add support for path-style endpoint in S3 #312

Open tobihagemann opened 1 year ago

tobihagemann commented 1 year ago

Please agree to the following

Summary

Add support for path-style endpoint in S3 (instead of subdomain).

Motivation

The current S3 implementation enforces the endpoint, where the bucket name is used as a subdomain, e.g., https://<bucket>.s3.<domain>/. A user reported that he'd like to use the path-style endpoint, e.g., https://s3.<domain>/<bucket>.

I'm not sure why this would become necessary but it's still a limitation. The user faced an issue because the TLS certificate for s3.<domain> can't be used for <bucket>.s3.<domain>, which is automatically enforced by Cryptomator.

Considered Alternatives

This hasn't been confirmed yet but a workaround could be to issue a wildcard TLS certificate for *.s3.<domain>.

Anything else?

There doesn't seem to be a quick fix at the moment: https://github.com/aws-amplify/aws-sdk-ios/issues/683

We're using this SDK for our S3 implementation and the s3ForcePathStyle configuration is not supported. They've mentioned that it has been addressed in a their Swift SDK but we're unable to use it at the moment since it's still marked as "developer preview" and discouraged to be used for production apps.

There seems to be a workaround though but it would require some time for us to try it out and implement.

eBeyond commented 1 year ago

The aws-sdk-ios now contains the force path style. It would be great if it could be implemented. The android app for cryptomator is already using it.

tobihagemann commented 1 year ago

Is that so? Could you please link a reference? As I've mentioned in the "Anything else?" part, I couldn't find it. We're not using the Swift SDK at the moment, which is not recommended for production use.

eBeyond commented 1 year ago

In https://github.com/aws-amplify/aws-sdk-ios/issues/683 the issue https://github.com/awslabs/aws-sdk-swift/pull/607 is referenced, as it's tracked there. In the last comments it's mentioned as merged and implemented. If I'm not wrong or misunderstood the posts in there. But all relevant issues which are covering this point are closed after that merge.

tobihagemann commented 1 year ago

As you've linked it yourself, these are separate libraries (aws-sdk-ios vs. aws-sdk-swift) and I've already made my comments about it. Edit: To be clear, they didn't fix it in aws-sdk-ios and closed the issue anyway but that doesn't mean that it has been implemented there.