Actions
Bug #62875
closedSignatureDoesNotMatch when extra headers start with 'x-amzn'
% Done:
100%
Source:
Tags:
s3 backport_processed
Backport:
pacific quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Here is my s3 put-object test
bucket="new-bucket-01"
file=$1
objname="testfile"
url="127.0.0.1:8000"
s3Key="xxx"
s3Secret="xxx"
protocol=http
resource="/${bucket}/${objname}"
contentType="application/octet-stream"
LANG="en_US.UTF-8"
dateValue=`date -u +'%a, %d %b %Y %H:%M:%S GMT'`
stringToSign="PUT\n\n${contentType}\n${dateValue}\n${resource}"
signature=`echo -en ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`
curl -X PUT -T "${file}" \
-H "Host: ${url}" \
-H "Date: ${dateValue}" \
-H "Content-Type: ${contentType}" \
-H "Authorization: AWS ${s3Key}:${signature}" "$protocol://${url}/${bucket}/${objname}" \
-H "x-amzn-trace-id:Root=1-127ce9f8-411f3b20b20ac1e707782051;Parent=abd438e5710e3d4a;Sampled=1" \
-i
add an extra header 'x-amzn-trace-id' after signing the request. Which results in SignatureDoesNotMatch.
AWS signature v2 or v4 should not happens.
Cause it only select all HTTP request headers that start with 'x-amz-' to construct the CanonicalizedAmzHeaders (or CanonicalHeaders).
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
Updated by Casey Bodley 8 months ago
- Status changed from New to Fix Under Review
- Tags set to s3
- Backport set to pacific quincy reef
- Pull request ID set to 53525
Updated by Casey Bodley 7 months ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot 7 months ago
- Copied to Backport #63052: pacific: SignatureDoesNotMatch when extra headers start with 'x-amzn' added
Updated by Backport Bot 7 months ago
- Copied to Backport #63053: quincy: SignatureDoesNotMatch when extra headers start with 'x-amzn' added
Updated by Backport Bot 7 months ago
- Copied to Backport #63054: reef: SignatureDoesNotMatch when extra headers start with 'x-amzn' added
Updated by Backport Bot 7 months ago
- Tags changed from s3 to s3 backport_processed
Updated by Konstantin Shalygin 6 months ago
- Status changed from Pending Backport to Resolved
- Assignee set to Rui Ma
- Target version set to v19.0.0
- % Done changed from 0 to 100
Actions