Blaze Server 0.21.24 - Possible Regression in SSL Verification

[etspaceman]

My kinesis-mock project attempted to upgrade to 0.21.24 (from 0.21.22). Most requests seemed to work just fine, however when interacting using the AWS CLI, I was getting errors. I couldn't nail down what was happening. I've added logs from the blaze server as well as the AWS CLI.

This can be reproduced with the following command:

docker run --rm -d -p "4567:4567" -p "4568:4568" -e "ROOT_LOG_LEVEL=TRACE" ghcr.io/etspaceman/kinesis-mock:0.0.5 && \
sleep 5 && \
AWS_ACCESS_KEY_ID=foo AWS_SECRET_ACCESS_KEY=bar AWS_DEFAULT_REGION=us-east-1 aws kinesis list-streams --endpoint-url https://localhost:4567 --no-verify-ssl

awsclidebuglogs.txt blazeLogs.txt

The offending PR is likely https://github.com/http4s/blaze/pull/522.

Downgrading to 0.21.22 works for this use case. You can test that by using the 0.0.6 version, like so:

docker run --rm -d -p "4567:4567" -p "4568:4568" -e "ROOT_LOG_LEVEL=TRACE" ghcr.io/etspaceman/kinesis-mock:0.0.6 && \
sleep 5 && \
AWS_ACCESS_KEY_ID=foo AWS_SECRET_ACCESS_KEY=bar AWS_DEFAULT_REGION=us-east-1 aws kinesis list-streams --endpoint-url https://localhost:4567 --no-verify-ssl