Redshift SSL certificate validation fails for StorageLoader


#1

We are trying to run StorageLoader with ssl_mode: disable (which should also be the default), but loading into the Redshift cluster fails with:

Loading Snowplow events and shredded types into analytics (Redshift cluster)...
Unexpected error: hostname does not match the server certificate (OpenSSL::SSL::SSLError)
/tmp/jruby3563532967324046283extract/jruby-stdlib-1.7.20.1.jar!/META-INF/jruby.home/lib/ruby/shared/jopenssl19/openssl/ssl-internal.rb:99:in `post_connection_check'

We are running R77 Great Auk and the Redshift cluster does not have force_ssl set. The certificate is supposed to be invalid as the CA is not trusted, but that should still allow StorageLoader to connect.

Ideas?


#2

We realized that the issue was not with Redshift but rather S3 (hah!)

As StorageLoader tried to discover the Iglu schemas and jsonpaths, it retrieves those from https://iglu-bucket.s3.amazonaws.com. If iglu-bucket contains a ., SSL validation will fail. Our Iglu bucket name was an FQDN (because we use it as a static website as well) and SSL failed.

Leaving the issue here for others to benefit from :slight_smile:


#3

Thanks for following up with the fix @rgabo! That’s good to know.