Remove Port number from Host header for standard HTTPS: Connection to presigned AWS IoT websocket URIs fails with "connection not upgraded"

[oliverrahner]

• Bug exists Release Version 1.2.5 ( Master Branch)
• Bug exists in MQTTv3 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)
• Bug exists in MQTTv5 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)

When connecting to a presigned AWS IoT URI in the form of wss://xxxxxxx.iot.<region>.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA32D2HMOBBU5IAHIO%2F20200910%2Feu-central-1%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20200910T155612Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=7ec319b14d8905a5b170bdd2b03e258a68dca22052bfdf0f307dade2b2c7f95e&X-Amz-Security-Token=FwoGZXIvY<snip>%3D the connection fails and AWS returns a 401 Forbidden error.

This is because the host header value is part of the signed information in the token. The header is not supposed to have the port number in it, but for some reason this exact behavior has been intentionally introduced in accb989.

When reverting back to 1.2.1, I am able to complete the connection.

Additionally, should the HTTP return code be checked to produce more specific exceptions insted of "connection not upgraded" in this case?

[bank0]

I am also having the same issue and would appreciate to see this being fixed.

[harialgat]

This issue is not yet fixed.. I am getting this issue again? does anyone know how to resolve this?