Project

General

Profile

Actions
Copy link

Bug #20668

closed

rgw multisite: cannot sync objects encrypted with SSE-C

Added by Casey Bodley almost 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Casey Bodley
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

GET requests for encrypted objects require special headers for SSE-C, enforced by rgw_s3_prepare_decrypt(). Multisite sync requests do not include these headers, and will be rejected with 400 Bad Request. These objects should be fetched in encrypted form, so that they can be decrypted on the target zone when the correct SSE-C headers are presented.

Related issues 2 (0 open2 closed)

Related to rgw - Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zoneResolvedCasey Bodley07/18/2017

Actions
Copied to rgw - Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-CResolvedNathan CutlerActions
Actions
Copy link
 #1

Updated by Casey Bodley over 6 years ago

  • Status changed from New to 12
  • Assignee set to Casey Bodley
Actions
Copy link
 #2

Updated by Casey Bodley over 6 years ago

  • Status changed from 12 to 17
Actions
Copy link
 #3

Updated by Casey Bodley over 6 years ago

  • Related to Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone added
Actions
Copy link
 #4

Updated by Matt Benjamin over 6 years ago

  • Status changed from 17 to Pending Backport
Actions
Copy link
 #5

Updated by Nathan Cutler over 6 years ago

  • Copied to Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C added
Actions
Copy link
 #6

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF