SNI support for S3 buckets?

Hi there,

Am attempting to connect to an S3 bucket hosted by Oracle Cloud. They use Server Name Indication (SNI) which appears to be causing some issues. Here’s the error which I receive when attempting to connect to the S3 endpoint:

Head https://[bucketname].[namespace_id].compat.objectstorage.ap-sydney-1.oraclecloud.com/config: x509: certificate is valid for swiftobjectstorage.ap-sydney-1.oraclecloud.com, not [bucketname].[namespace_id.compat.objectstorage.ap-sydney-1.oraclecloud.com

OpenSSL request (with SNI)
Request: openssl s_client -connect [bucketname].compat.objectstorage.ap-sydney-1.oraclecloud.com:443 -servername [bucketname].compat.objectstorage.ap-sydney-1.oraclecloud.com

Response (snippet): 0 s:/C=US/ST=California/L=Redwood City/O=Oracle Corporation/OU=Oracle OCI-PROD SYDNEY/CN=*.compat.objectstorage.ap-sydney-1.oraclecloud.com

OpenSSL request (without SNI)
Request: openssl s_client -connect [bucketname].compat.objectstorage.ap-sydney-1.oraclecloud.com:443

Response (snippet): 0 s:/C=US/ST=California/L=Redwood City/O=Oracle Corporation/OU=Oracle OCI-PROD SYDNEY/CN=swiftobjectstorage.ap-sydney-1.oraclecloud.com

You can test this yourself by replacing [bucketname] in the above with anything and the responses will be the same.

Is anyone aware of a way around this or a suggested solution? Oracle Cloud offers OpenStack Swift as an option, too, but the documentation (or my intelligence) is lacking and I’ve so far been unsuccessful in connecting.

SNI isn’t supported currently. As a workaround you can disable the SSL check by using the minio:// backend (i.e., change s3:// to minio:// in the storage URL).

Thanks

Unfortunately Oracle doesn’t support connections which aren’t SSL.

It’s a long shot, but have you (or others on the forum) had experience with their Openstack Swift option? I’ve struggled to wrap my head around all of their various docs and had so far had zero luck.

Cheers

As a workaround you can try rclone as an adapter layer (see rclone serve)