starred/s3fs-fuse
1
0
Fork 0
mirror of https://github.com/s3fs-fuse/s3fs-fuse.git synced 2026-04-24 21:06:02 +03:00
Code Issues 305 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2776] enable_content_md5 generates invalid MD5 hash on Rocky Linux 10.1 #1294

New issue
Open
opened 2026-03-04 01:52:54 +03:00 by kerem · 2 comments
kerem commented 2026-03-04 01:52:54 +03:00
Owner
Copy link

Originally created by @zvanderbilt on GitHub (Dec 17, 2025).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2776

Environment:

s3fs version: 1.95-2.el10_1 (epel)
OS: Rocky Linux 10.1
OpenSSL version: 3.5.1 1
libcurl version: 8.12.1
fusermount version: 2.9.9
fips mode enabled

Description:
When using the enable_content_md5 mount option on Rocky Linux 10, s3fs generates an invalid Content-MD5 header that appears to contain a memory address rather than the actual MD5 hash of the file content. This causes S3 to reject all PUT requests with a BadDigest error.

Steps to Reproduce:
Mount an S3 bucket with enable_content_md5 option on Rocky Linux 10
Attempt to upload any file

Expected Behavior:
File uploads successfully with a valid Content-MD5 header.

Actual Behavior:
S3 returns HTTP 400 with BadDigest error. The Content-MD5 header contains what appears to be a memory address rather than a valid base64-encoded MD5 hash.

Example from debug logs:
> Content-MD5: EAAAAAAAAABA239b9H8AAA==

S3 response:

<Error>
  <Code>BadDigest</Code>
  <Message>The Content-MD5 you specified did not match what we received.</Message>
  <ExpectedDigest>100000000000000040db7f5bf47f0000</ExpectedDigest>
</Error>

Workaround:
Removing enable_content_md5 from mount options resolves the issue.

Additional Context:
Maybe not helpful but this same configuration works correctly on Rocky Linux 8 with the same s3fs version. The issue appears to be related to the newer toolchain (OpenSSL/libcurl/glibc) on RHEL 10-based distributions.

Originally created by @zvanderbilt on GitHub (Dec 17, 2025). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2776 **Environment:** s3fs version: 1.95-2.el10_1 (epel) OS: Rocky Linux 10.1 OpenSSL version: 3.5.1 1 libcurl version: 8.12.1 fusermount version: 2.9.9 fips mode enabled **Description:** When using the enable_content_md5 mount option on Rocky Linux 10, s3fs generates an invalid Content-MD5 header that appears to contain a memory address rather than the actual MD5 hash of the file content. This causes S3 to reject all PUT requests with a BadDigest error. **Steps to Reproduce:** Mount an S3 bucket with enable_content_md5 option on Rocky Linux 10 Attempt to upload any file **Expected Behavior:** File uploads successfully with a valid Content-MD5 header. **Actual Behavior:** S3 returns HTTP 400 with BadDigest error. The Content-MD5 header contains what appears to be a memory address rather than a valid base64-encoded MD5 hash. **Example from debug logs:** `> Content-MD5: EAAAAAAAAABA239b9H8AAA==` **S3 response:** ``` <Error> <Code>BadDigest</Code> <Message>The Content-MD5 you specified did not match what we received.</Message> <ExpectedDigest>100000000000000040db7f5bf47f0000</ExpectedDigest> </Error> ``` **Workaround:** Removing enable_content_md5 from mount options resolves the issue. **Additional Context:** Maybe not helpful but this same configuration works correctly on Rocky Linux 8 with the same s3fs version. The issue appears to be related to the newer toolchain (OpenSSL/libcurl/glibc) on RHEL 10-based distributions.
kerem commented 2026-03-04 01:52:54 +03:00
Author
Owner
Copy link

@gaul commented on GitHub (Dec 17, 2025):

I wonder if you have a more a more restrictive crypto policy than the default? Can you run update-crypto-policies --show and share the result?

s3fs definitely lacks error-propagation and logging which might help reveal the underlying cause. Let me experiment with this.

<!-- gh-comment-id:3667321953 --> @gaul commented on GitHub (Dec 17, 2025): I wonder if you have a more a more restrictive crypto policy than the default? Can you run `update-crypto-policies --show` and share the result? s3fs definitely lacks error-propagation and logging which might help reveal the underlying cause. Let me experiment with this.
kerem commented 2026-03-04 01:52:54 +03:00
Author
Owner
Copy link

@gaul commented on GitHub (Dec 17, 2025):

You might try testing with the referenced PR to help us understand this issue.

<!-- gh-comment-id:3667379107 --> @gaul commented on GitHub (Dec 17, 2025): You might try testing with the referenced PR to help us understand this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.97
v1.96
v1.95
v1.94
v1.93
v1.92
v1.91
v1.90
v1.89
v1.88
v1.87
v1.86
v1.85
v1.84
v1.83
v1.82
v1.81
v1.80
v1.79
v1.78
Pre-v1.78
v1.77
v1.76
v1.75
v1.74
Labels
Clear labels   
bug

   
bug

   
dataloss

   
duplicate

   
enhancement

   
feature request

   
help wanted

   
invalid

   
need info

   
performance

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
testing
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#1294
No description provided.