Can’t seem to get Amazon AWS URLs to work with URLRequest/URLLoader:

var request:URLRequest = new URLRequest("https://41x8yctd26.execute-api.us-west-2.amazonaws.com/test/api");
request.contentType = "application/json";
request.method  = URLRequestMethod.GET;

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;

loader.addEventListener(Event.COMPLETE, function(e:Event):Void {
    trace(loader.data);
});

loader.addEventListener(IOErrorEvent.IO_ERROR, function(e:IOErrorEvent):Void {
    trace(e);
});

loader.load(request);

If working, I should see "SUCCESS" traced, but instead I get:

[IOErrorEvent type="ioError" bubbles=true cancelable=false text=Problem with curl: 35 errorID=0]

If I use lime.net.curl.CURLEasy directly with the verbose option enabled, like so:

var curl:CURL = CURLEasy.init();
CURLEasy.reset(curl);
CURLEasy.setopt(curl, CURLOption.HTTPGET, true);
CURLEasy.setopt(curl, CURLOption.USE_SSL, true);
CURLEasy.setopt(curl, CURLOption.SSLVERSION, 1);
CURLEasy.setopt(curl, CURLOption.SSL_VERIFYPEER, false);
CURLEasy.setopt(curl, CURLOption.SSL_VERIFYHOST, 0);
CURLEasy.setopt(curl, CURLOption.CONNECTTIMEOUT, 30);
CURLEasy.setopt(curl, CURLOption.TRANSFERTEXT, 1);
CURLEasy.setopt(curl, CURLOption.VERBOSE, true);
CURLEasy.setopt(curl, CURLOption.HTTPHEADER, ["Content-Type: application/json"]);
CURLEasy.setopt(curl, CURLOption.URL, "https://41x8yctd26.execute-api.us-west-2.amazonaws.com/test/api");
trace(CURLEasy.perform(curl));

I get:

Error: SSL error 40
* Hostname was NOT found in DNS cache
*   Trying 54.230.140.82...
* Connected to 41x8yctd26.execute-api.us-west-2.amazonaws.com (54.230.140.82) port 443 (#0)
*   Curl_axtls_close
* Closing connection 0
*   Curl_axtls_close
*   Curl_axtls_close
*   Curl_axtls_close

Not entirely sure what is going on…

The URL works fine when visiting in a browser or using cURL via Command Prompt (Windows) / Terminal (Mac):

C:\Users\Driklyn>curl -v "https://41x8yctd26.execute-api.us-west-2.amazonaws.com
/test/api"
*   Trying 54.230.87.206...
* Connected to 41x8yctd26.execute-api.us-west-2.amazonaws.com (54.230.87.206) po
rt 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:\Windows\system32\curl-ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*        subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.execu
te-api.us-west-2.amazonaws.com
*        start date: Jul  8 00:00:00 2015 GMT
*        expire date: Jul  8 23:59:59 2016 GMT
*        subjectAltName: 41x8yctd26.execute-api.us-west-2.amazonaws.com matched
*        issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Sym
antec Class 3 Secure Server CA - G4
*        SSL certificate verify ok.
> GET /test/api HTTP/1.1
> Host: 41x8yctd26.execute-api.us-west-2.amazonaws.com
> User-Agent: curl/7.45.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 9
< Connection: keep-alive
< Date: Sun, 22 Nov 2015 01:52:12 GMT
< x-amzn-RequestId: a5d98be5-90bb-11e5-bb39-eff35063b7c5
< X-Cache: Miss from cloudfront
< Via: 1.1 b4a728926e1ddd661b6703f4bc4f78bb.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: 7nTYL0Sk6HSYAIaTcchigUtHmV8qrIR2uXqXh3mM69XsyHZvDOWFDA==
<
"SUCCESS"* Connection #0 to host 41x8yctd26.execute-api.us-west-2.amazonaws.com
left intact

Other TLS addresses work, just not Amazon’s:

https://www.random.org/cgi-bin/randbyte?nbytes=32&format=h
https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json
https://api.twitter.com/1.1/statuses/user_timeline.json

Using openfl 3.4.0 and lime 2.7.0.

Any help is much appreciated…

Anyone have any ideas?

I’m having same issue
Did you found some solution?

No, I haven’t.

Tried using akifox-asynchttp as well, but that didn’t work either.

Not sure what to do.

Thanks for posting though Maybe will help this post gain some traction…

I think we don’t do true HTTPS, and Amazon might refuse to keep the connection without a HTTPS certified connection?

CURLEasy.setopt(curl, CURLOption.SSL_VERIFYPEER, false);

Tried setting SSL_VERIFYPEER to true and false, but made no difference. Must have something to do with not doing “true HTTPS” (whatever that means exactly )

If I curl using the insecure flag in Command Prompt (which is equivalent to setting SSL_VERIFYPEER to false), it worked. Also set it to TLS 1.0 and HTTP 1.0 to use the earliest versions, and it worked as well.

C:\Users\Driklyn>curl --tlsv1.0 --http1.0 --insecure https://41x8yctd26.execute-
api.us-west-2.amazonaws.com/test/api -v
*   Trying 54.192.161.212...
* Connected to 41x8yctd26.execute-api.us-west-2.amazonaws.com (54.192.161.212) p
ort 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES128-SHA
* ALPN, server accepted to use http/1.1
* Server certificate:
*        subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.execu
te-api.us-west-2.amazonaws.com
*        start date: Jul  8 00:00:00 2015 GMT
*        expire date: Jul  8 23:59:59 2016 GMT
*        issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Sym
antec Class 3 Secure Server CA - G4
*        SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
> GET /test/api HTTP/1.0
> Host: 41x8yctd26.execute-api.us-west-2.amazonaws.com
> User-Agent: curl/7.45.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 9
< Connection: close
< Date: Mon, 07 Dec 2015 07:08:46 GMT
< x-amzn-RequestId: 5b911ff6-9cb1-11e5-bf7b-dd56ce2bcfb9
< X-Cache: Miss from cloudfront
< Via: 1.1 f338582de2208dc1a53dbac4547ef8a1.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: XLStJOMD-wzNZb3u9BXBPCYJ1X032nUfZY-0WZI7qqCdZWtk3RJ-6Q==
<
"SUCCESS"* Closing connection 0
* TLSv1.0 (OUT), TLS alert, Client hello (1):

Also decided to try it in Unity using the WWW class and it worked successfully.

void Start () {
	WWW www = new WWW ("https://41x8yctd26.execute-api.us-west-2.amazonaws.com/test/api");
	StartCoroutine (WaitForRequest (www));
}

IEnumerator WaitForRequest(WWW www)
{
	yield return www;
	// check for errors
	if (www.error == null)
	{
		Debug.Log("WWW Ok!: " + www.data);
	} else {
		Debug.Log("WWW Error: "+ www.error);
	}    
}

Prints:

WWW Ok!: "SUCCESS"
UnityEngine.Debug:Log(Object)

Amazon uses outdated HTTPS technology. I know because on a recent iOS project, iOS 9 wouldn’t load from an S3 bucket and the address had to be added to the insecure URL exceptions list to make it work.