Closed dschultz0 closed 2 months ago
Hi @dschultz0, thanks for raising this. Fixing this should be relatively easy, but I am having trouble to even get to the stage where the proxy creates certificates.
Did you have any problems with the openssl
command? We call openssl version
using a regular Python subprocess, and later on some more involved openssl
commands to actually create the certificates.
That part is currently failing in our CI, because Windows seems to require a full path to invoke this, i.e. C:/../openssl.exe version
. At least when using regular bash - calling openssl
works in Powershell, but I'm not seeing an easy to way to get our Python-code to explicitly use Powershell to invoke these commands.
The existing code wasn't getting to the openssl step, but I grabbed the change from your pull request, and it worked great. Thanks for the fix!
I think the reason it worked for me and not in CI, is that I'm invoking it from within Powershell instead of the windows command shell (cmd). From within powershell any subprocesses are going to continue to use powershell, but for cmd there's no way to break out into a powershell subprocess. It looks like you're installing openssl in pwsh
but then running motoproxy using cmd
. If you change the execution to use pwsh
it will probably work. If you really want to be comprehensive you can
install and run it in cmd
as well but that's probably overkill.
The proxy actually calls openssl version
at the startup, just to verify that the binary exists, that's why I assumed it could reach openssl. You can actually see that when running moto_proxy -v
, that should print the SSL version in use.
Thanks for the hint about Powershell! That was indeed what was missing, now I managed to get it working in our CI.
This is now part of moto >= 5.0.12.dev2
.
I'm in the minority that uses Windows for development but I think I've found an issue with how proxy mode handles certificate names. When running it using the standard configuration, I received the following error trace. From a cursory look at the code, it appears that the CertificateCreator is trying to generate a cert file with a wildcard which isn't allowed in Windows.
I've been able to reproduce the problem by running the various environment variable examples described here: https://docs.getmoto.org/en/latest/docs/proxy_mode.html#environment-variables-configuration