apt HTTPS connection reuse leading to 403 Forbidden against S3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Encountered with Trusty, apt package 1.0.1ubuntu2
This might be a consequence of https:/
I saw failures with "apt-get update" against some repositories configured as https, where those repositories are S3 backed. I ran:
$ sudo apt-get -o Debug::
I saw 403 Forbidden for some resources, but only when the connection was being reused. Please excuse the name mangling below; the repository is open but intended for private use.
Get:9 https:/
72% [Waiting for headers] [9 Translation-en 0 B]* Found bundle for host censored.
* Re-using existing connection! (#2) with host censored.
* Connected to censored.
> GET /dists/
User-Agent: Debian APT-CURL/1.0 (1.0.1ubuntu2)
Host: censored.
Cache-Control: max-age=0
Accept: text/*
Hit http://
74% [Working]< HTTP/1.1 403 Forbidden
< x-amz-request-id: censored
< x-amz-id-2: censored
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 16 Jun 2014 18:51:03 GMT
* Server AmazonS3 is not blacklisted
< Server: AmazonS3
I do not see the same error with curl(1), so this appears to be something specific to apt with the https acquire transport; took a while to notice that the errors were all after connection reuse. I could find no tuning option to disable connection reuse.