Actions
Bug #20668
closedrgw multisite: cannot sync objects encrypted with SSE-C
% Done:
0%
Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
GET requests for encrypted objects require special headers for SSE-C, enforced by rgw_s3_prepare_decrypt(). Multisite sync requests do not include these headers, and will be rejected with 400 Bad Request. These objects should be fetched in encrypted form, so that they can be decrypted on the target zone when the correct SSE-C headers are presented.
Updated by Casey Bodley over 6 years ago
- Status changed from New to 12
- Assignee set to Casey Bodley
Updated by Casey Bodley over 6 years ago
- Status changed from 12 to 17
Updated by Casey Bodley over 6 years ago
- Related to Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone added
Updated by Matt Benjamin over 6 years ago
- Status changed from 17 to Pending Backport
Updated by Nathan Cutler over 6 years ago
- Copied to Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C added
Updated by Nathan Cutler over 6 years ago
- Status changed from Pending Backport to Resolved
Actions