It looks like, as it's now coded, the 15 minute time limit is hard
coded. It checks that X-Amz-Expires is not exceeded, and then
unconditionally checks that the request time is within 15 minutes of now.
Daniel
On 02/03/2017 04:06 AM, Khang Nguyễn Nhật wrote:
Dear Wido,
I have used X-Amz-Expires=86400 in url but it doesn't work
2017-02-03 16:00 GMT+07:00 Wido den Hollander <wido@xxxxxxxx
<mailto:wido@xxxxxxxx>>:
> Op 3 februari 2017 om 9:52 schreef Khang Nguyễn Nhật
<nguyennhatkhang2704@xxxxxxxxx <mailto:nguyennhatkhang2704@xxxxxxxxx>>:
>
>
> Hi all,
> I'm using Ceph Object Gateway with S3 API (ceph-radosgw-10.2.5-0.el7.x86_64
> on CentOS Linux release 7.3.1611) and I use generate_presigned_url method
> of boto3 to create rgw url. This url working fine in period of 15 minutes,
> after 15 minutes I recived *RequestTimeTooSkewed* error. My
radosgw use
> Asia/Ho_Chi_Minh timezone and running ntp service. Here is url and rgw log:
>
That is normal. The time is part of the signature. You have to
generate a new signature after 15 minutes.
Normal behavior.
Wido
> - URL:
> http://rgw.xxx.vn/bucket/key.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-Credential=7AHTO4E1JBZ1VG1U96F1%2F20170203%2F%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20170203T081233Z&X-Amz-Signature=682be59232443fee58bc4744f656c533da8ddd828e36b739b332736fa22bef51
<http://rgw.xxx.vn/bucket/key.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-Credential=7AHTO4E1JBZ1VG1U96F1%2F20170203%2F%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20170203T081233Z&X-Amz-Signature=682be59232443fee58bc4744f656c533da8ddd828e36b739b332736fa22bef51>
>
> - RGW LOG:
> // //
> NOTICE: request time skew too big.
> now_req = 1486109553 now = 1486110512; now -
> RGW_AUTH_GRACE_MINS=1486109612; now + RGW_AUTH_GRACE_MINS=1486111412
> failed to authorize request
> handler->ERRORHANDLER: err_no=-2012 new_err_no=-2012
> // //
>
> Someone can help me reslove this problem ? Thank
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx <mailto:ceph-users@xxxxxxxxxxxxxx>
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
<http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com