Custom CA bundle removes support for HTTP_PROXY

[frigus02]

Version of AWS SDK for Go?

github.com/aws/aws-sdk-go v1.15.57

Version of Go (go version)?

go version go1.11.2 darwin/amd64

What issue did you see?

I tried to use the SDK in a network with an intercepting HTTP proxy. This means I have to use both, HTTP_PROXY and AWS_CA_BUNDLE environment variables.

I discovered that the HTTP proxy works fine until I also use a custom CA bundle. Then the proxy is ignored and I get a "no such host" error when connecting to any AWS endpoint.

As far as I can see the issue lies here:

aws-sdk-go/aws/session/session.go

Lines 408 to 410 in 50e2f06

	if t == nil {
	t = &http.Transport{}
	}

I don't have a custom HTTP client and the default HTTP client has a nil transport (source). Having no transport means it uses the default transport (source), which has a proxy function.

If I provide a custom CA bundle, this code is executed. It creates a new transport without a proxy function. This means it ignores any HTTP_PROXY set in the environment.

Steps to reproduce

Create a simple application, which for example lists objects in an S3 bucket.

Running the app like this will connect using the proxy:

HTTP_PROXY=http://127.0.0.1:3128 go run main.go

Once you add a custom CA bundle, the proxy is ignored and the app tries to connect to the AWS endpoint directly:

AWS_CA_BUNDLE=/tmp/cabundle.pem HTTP_PROXY=http://127.0.0.1:3128 go run main.go

[diehlaws]

Thanks for bringing this to our attention @frigus02. This behavior is a bug and I've and marked this issue as such. We will work toward fixing this quickly.