On 02/26/2014 01:16 PM, Dan Johansson wrote:
> On 25.02.2014 23:52, Nikolaus Rath wrote:
>> On 02/25/2014 01:06 PM, Dan Johansson wrote:
>>> Hi,
>>>
>>> I am at last planning t o upgrade S3QL on my Gentoo box from 1.15 to 2.7
>>> (latest one in portage at the moment).
>>>
>>> Can I go directly from 1.15 to 2.7 (without losing any data) or do I
>>> have to do it in smaller steps (and what steps in case of yes)?
>>
>> IIRC you should be able to do it in one step. If not, then s3ql 2.7's
>> s3qladm upgrade command will tell you which intermediate version to use.
>
> Ok, I went ahead and updated to 2.7 - now I am getting the following
> error message "Buckets with dots in the name cannot be accessed over
> SSL." when trying to run "fsck.s3ql --batch s3://abc.def.ghi".
>
> This was working perfectly well with 1.15.
>
> Any suggestion?
S3QL 1.15 did not verify the server's SSL certificate. This means
traffic was encrypted, but you couldn't be sure that you're actually
talking to the correct server rather than some mischievous
man-in-the-middle.
This issue was fixed in S3QL 2.7 (or, more precisely, in Python 3.x).
However, due to the way that Amazon has implemented SSL encryption,
any bucket with a dot in its name will appear to have an invalid
certificate (this is because AWS always supplies a certificate for
*.s3.amazonaws.com - but the * does not match dots).
Is your file system itself encrypted? In that case my suggestion is to
just use --no-ssl. Your data will be just as secure (or insecure,
depending on your POV) as with S3QL 1.15, and as a side-effect
performance will increase (Amazon S3 servers are terribly slow when you
access them over SSL).
Best,
-Nikolaus
--
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
