[GH-ISSUE #915] AWS4-HMAC-SHA256 #524

New issue

Closed

opened 2026-03-04 01:46:21 +03:00 by kerem · 15 comments

kerem commented 2026-03-04 01:46:21 +03:00

Owner

Copy link

Originally created by @vivekatlantis2 on GitHub (Jan 21, 2019).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/915

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.
Keep in mind that the commands we provide to retrieve information are oriented to GNU/Linux Distributions, so you could need to use others if you use s3fs on macOS or BSD

Version of s3fs being used (s3fs --version)

s3fs --v
Amazon Simple Storage Service File System V1.84(commit:beadf95) with OpenSSL

======

Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse)

2.9.4

Kernel information (uname -r)

 uname -r
4.14.33-51.37.amzn1.x86_64

GNU/Linux Distribution, if applicable (cat /etc/os-release)

Amazon Linux

s3fs command line used, if applicable

s3fs bucket name mount point -o passwd_file=${HOME}/.passwd-s3fs -o allow_other -o endpoint=ap-south-1 -o dbglevel=info -f -o curldbg

/etc/fstab entry, if applicable

s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)

if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages

Jan 21 08:58:17  s3fs[2890]: s3fs.cpp:s3fs_check_service(3801): Bad Request(host=/0) - result of checking service.

 Closing connection 0
[ERR] curl.cpp:RequestPerform(2094): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>35FAF502EFD05827</RequestId><HostId>Wuf92KXiKjc7dO6+0UVf46/HYgj9o3ertooihdPsZ+WVoJG5tPXyztIzKk2SOXXYguwIEaYujLI=</HostId></Error>
[ERR] curl.cpp:CheckBucket(3128): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>35FAF502EFD05827</RequestId><HostId>Wuf92KXiKjc7dO6+0UVf46/HYgj9o3ertooihdPsZ+WVoJG5tPXyztIzKk2SOXXYguwIEaYujLI=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3801): Bad Request(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3388): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3451): destroy

Details about issue

Unable to mount bucket using s3fs

Originally created by @vivekatlantis2 on GitHub (Jan 21, 2019). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/915 ### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ _Keep in mind that the commands we provide to retrieve information are oriented to GNU/Linux Distributions, so you could need to use others if you use s3fs on macOS or BSD_ #### Version of s3fs being used (s3fs --version) ``` s3fs --v Amazon Simple Storage Service File System V1.84(commit:beadf95) with OpenSSL ``` ====== #### Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse) ``` 2.9.4 ``` #### Kernel information (uname -r) ``` uname -r 4.14.33-51.37.amzn1.x86_64 ``` #### GNU/Linux Distribution, if applicable (cat /etc/os-release) ``` Amazon Linux ``` #### s3fs command line used, if applicable ``` s3fs bucket name mount point -o passwd_file=${HOME}/.passwd-s3fs -o allow_other -o endpoint=ap-south-1 -o dbglevel=info -f -o curldbg ``` #### /etc/fstab entry, if applicable ``` ``` #### s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs) _if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages_ ``` Jan 21 08:58:17 s3fs[2890]: s3fs.cpp:s3fs_check_service(3801): Bad Request(host=/0) - result of checking service. Closing connection 0 [ERR] curl.cpp:RequestPerform(2094): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>35FAF502EFD05827</RequestId><HostId>Wuf92KXiKjc7dO6+0UVf46/HYgj9o3ertooihdPsZ+WVoJG5tPXyztIzKk2SOXXYguwIEaYujLI=</HostId></Error> [ERR] curl.cpp:CheckBucket(3128): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>35FAF502EFD05827</RequestId><HostId>Wuf92KXiKjc7dO6+0UVf46/HYgj9o3ertooihdPsZ+WVoJG5tPXyztIzKk2SOXXYguwIEaYujLI=</HostId></Error> [CRT] s3fs.cpp:s3fs_check_service(3801): Bad Request(host=https://s3.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3388): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3451): destroy ``` ### Details about issue Unable to mount bucket using s3fs

kerem closed this issue 2026-03-04 01:46:21 +03:00

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@vivekatlantis2 commented on GitHub (Jan 21, 2019):

Can someone please help me in this? Been trying since yesterday to fix this

<!-- gh-comment-id:456009936 --> @vivekatlantis2 commented on GitHub (Jan 21, 2019): Can someone please help me in this? Been trying since yesterday to fix this

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Jan 21, 2019):

@vivekatlantis2 This is a signature error, but even if there are problems with other options, this error may be reported.
If you specify the option url="https://s3-ap-south-1.amazonaws.com", will it work?

<!-- gh-comment-id:456077393 --> @ggtakec commented on GitHub (Jan 21, 2019): @vivekatlantis2 This is a signature error, but even if there are problems with other options, this error may be reported. If you specify the option url="https://s3-ap-south-1.amazonaws.com", will it work?

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@vlad2 commented on GitHub (May 2, 2019):

I've got the same problem. Was this fixed?

<!-- gh-comment-id:488660331 --> @vlad2 commented on GitHub (May 2, 2019): I've got the same problem. Was this fixed?

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@shlha commented on GitHub (Jun 18, 2019):

Me too, same problem when attempting to write data via s3fs to a bucket in different account

<!-- gh-comment-id:503034519 --> @shlha commented on GitHub (Jun 18, 2019): Me too, same problem when attempting to write data via s3fs to a bucket in different account

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@gaul commented on GitHub (Jul 11, 2019):

I cannot reproduce these symptoms; please share debug logs -o curldbg from a failed mount.

<!-- gh-comment-id:510290902 --> @gaul commented on GitHub (Jul 11, 2019): I cannot reproduce these symptoms; please share debug logs `-o curldbg` from a failed mount.

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@mrngm commented on GitHub (Jul 30, 2019):

According to Amazon's documentation, the only valid region that the URL s3.amazonaws.com can be used is us-east-1. Otherwise, the URL scheme is s3.<region>.amazonaws.com.

<!-- gh-comment-id:516450024 --> @mrngm commented on GitHub (Jul 30, 2019): According to [Amazon's documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region), the only valid region that the URL `s3.amazonaws.com` can be used is `us-east-1`. Otherwise, the URL scheme is `s3.<region>.amazonaws.com`.

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@facelezzzz commented on GitHub (Dec 24, 2019):

anyone fix it ?

<!-- gh-comment-id:568690599 --> @facelezzzz commented on GitHub (Dec 24, 2019): anyone fix it ?

kerem commented 2026-03-04 01:46:22 +03:00

Author

Owner

Copy link

@facelezzzz commented on GitHub (Dec 24, 2019):

@vivekatlantis2
just remove
endpoint=ap-south-1，it's a bug。

<!-- gh-comment-id:568694784 --> @facelezzzz commented on GitHub (Dec 24, 2019): @vivekatlantis2 just remove `endpoint=ap-south-1`，it's a bug。

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@gaul commented on GitHub (Feb 2, 2020):

Please reopen if you can reproduce your symptoms with the suggested debug logs.

<!-- gh-comment-id:581134739 --> @gaul commented on GitHub (Feb 2, 2020): Please reopen if you can reproduce your symptoms with the suggested debug logs.

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@xrob commented on GitHub (Apr 8, 2020):

rob@rob-laptop:~$ s3fs rtb-backup backup/ -o passwd_file=.passwd-s3fs -o dbglevel=info -f -o curldbg -o url="https://s3-eu-west-2.amazonaws.com"
[CRT] s3fs.cpp:set_s3fs_log_level(273): change debug level from [CRT] to [INF] 
[INF]     s3fs.cpp:set_mountpoint_attribute(4180): PROC(uid=1000, gid=1000) - MountPoint(uid=1000, gid=1000, mode=40755)
[INF] s3fs.cpp:s3fs_init(3379): init v1.84(commit:unknown) with GnuTLS(gcrypt)
[INF] s3fs.cpp:s3fs_check_service(3721): check services.
[INF]       curl.cpp:CheckBucket(3076): check a bucket.
[INF]       curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/
[INF]       curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2408): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(101): url is https://s3-eu-west-2.amazonaws.com
*   Trying 52.95.150.34:443...
* TCP_NODELAY set
* Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#0)
* found 387 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.s3.eu-west-2.amazonaws.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=*.s3.eu-west-2.amazonaws.com
* 	 start date: Sat, 09 Nov 2019 00:00:00 GMT
* 	 expire date: Wed, 20 May 2020 12:00:00 GMT
* 	 issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Baltimore CA-2 G2
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
Host: rtb-backup.s3-eu-west-2.amazonaws.com
User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=AKIAZJSHYA22W2LJHYTD/20200408/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d7102f48ae29eb55a693e9debdfa638ec794e0fd774e6b5f52cfa5358ac1eb3e
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20200408T100554Z

* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: eu-west-2
< x-amz-request-id: 6CAEA809B038410A
< x-amz-id-2: akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 08 Apr 2020 10:05:54 GMT
< Connection: close
< Server: AmazonS3
< 
* Closing connection 0
[ERR] curl.cpp:RequestPerform(2074): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-2'</Message><Region>eu-west-2</Region><RequestId>6CAEA809B038410A</RequestId><HostId>akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U=</HostId></Error>
[ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-2'</Message><Region>eu-west-2</Region><RequestId>6CAEA809B038410A</RequestId><HostId>akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3742): Could not connect wrong region us-east-1, so retry to connect region eu-west-2.
[INF]       curl.cpp:CheckBucket(3076): check a bucket.
[INF]       curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/
[INF]       curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2408): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(101): url is https://s3-eu-west-2.amazonaws.com
* Hostname rtb-backup.s3-eu-west-2.amazonaws.com was found in DNS cache
*   Trying 52.95.150.34:443...
* TCP_NODELAY set
* Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#1)
* found 387 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL re-using session ID
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.s3.eu-west-2.amazonaws.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=*.s3.eu-west-2.amazonaws.com
* 	 start date: Sat, 09 Nov 2019 00:00:00 GMT
* 	 expire date: Wed, 20 May 2020 12:00:00 GMT
* 	 issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Baltimore CA-2 G2
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
Host: rtb-backup.s3-eu-west-2.amazonaws.com
User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=AKIAZJSHYA22W2LJHYTD/20200408/eu-west-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0af6aab3ef3c6280b440dbf43396b7e582c7dd1c11168ad99fd414c8b5cf1a4c
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20200408T100554Z

* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: eu-west-2
< x-amz-request-id: FD8A082B9FE02AD5
< x-amz-id-2: H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 08 Apr 2020 10:05:54 GMT
< Server: AmazonS3
< 
* Connection #1 to host rtb-backup.s3-eu-west-2.amazonaws.com left intact
[ERR] curl.cpp:RequestPerform(2078): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FD8A082B9FE02AD5</RequestId><HostId>H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us=</HostId></Error>
[ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FD8A082B9FE02AD5</RequestId><HostId>H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us=</HostId></Error>
[WAN] s3fs.cpp:s3fs_check_service(3762): Could not connect, so retry to connect by signature version 2.
[INF]       curl.cpp:CheckBucket(3076): check a bucket.
[INF]       curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/
[INF]       curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/
* Found bundle for host rtb-backup.s3-eu-west-2.amazonaws.com: 0x7f2dec238ad0 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#1) with host rtb-backup.s3-eu-west-2.amazonaws.com
* Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#1)
> GET / HTTP/1.1
Host: rtb-backup.s3-eu-west-2.amazonaws.com
User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS AKIAZJSHYA22W2LJHYTD:aQ/we7szcDspVS37mVKB2Bj6Iow=
Date: Wed, 08 Apr 2020 10:05:55 GMT

* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: eu-west-2
< x-amz-request-id: 80F535E69C3F6F5F
< x-amz-id-2: iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A=
< x-amz-region: eu-west-2
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 08 Apr 2020 10:05:54 GMT
< Connection: close
< Server: AmazonS3
< 
* Closing connection 1
[ERR] curl.cpp:RequestPerform(2074): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>80F535E69C3F6F5F</RequestId><HostId>iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A=</HostId></Error>
[ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>80F535E69C3F6F5F</RequestId><HostId>iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3774): Bad Request(host=https://s3-eu-west-2.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3369): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3428): destroy

<!-- gh-comment-id:610870480 --> @xrob commented on GitHub (Apr 8, 2020): ``` rob@rob-laptop:~$ s3fs rtb-backup backup/ -o passwd_file=.passwd-s3fs -o dbglevel=info -f -o curldbg -o url="https://s3-eu-west-2.amazonaws.com" [CRT] s3fs.cpp:set_s3fs_log_level(273): change debug level from [CRT] to [INF] [INF] s3fs.cpp:set_mountpoint_attribute(4180): PROC(uid=1000, gid=1000) - MountPoint(uid=1000, gid=1000, mode=40755) [INF] s3fs.cpp:s3fs_init(3379): init v1.84(commit:unknown) with GnuTLS(gcrypt) [INF] s3fs.cpp:s3fs_check_service(3721): check services. [INF] curl.cpp:CheckBucket(3076): check a bucket. [INF] curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/ [INF] curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/ [INF] curl.cpp:insertV4Headers(2408): computing signature [GET] [/] [] [] [INF] curl.cpp:url_to_host(101): url is https://s3-eu-west-2.amazonaws.com * Trying 52.95.150.34:443... * TCP_NODELAY set * Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#0) * found 387 certificates in /etc/ssl/certs * ALPN, offering h2 * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.s3.eu-west-2.amazonaws.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=*.s3.eu-west-2.amazonaws.com * start date: Sat, 09 Nov 2019 00:00:00 GMT * expire date: Wed, 20 May 2020 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Baltimore CA-2 G2 * ALPN, server did not agree to a protocol > GET / HTTP/1.1 Host: rtb-backup.s3-eu-west-2.amazonaws.com User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* Authorization: AWS4-HMAC-SHA256 Credential=AKIAZJSHYA22W2LJHYTD/20200408/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d7102f48ae29eb55a693e9debdfa638ec794e0fd774e6b5f52cfa5358ac1eb3e x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date: 20200408T100554Z * Mark bundle as not supporting multiuse < HTTP/1.1 400 Bad Request < x-amz-bucket-region: eu-west-2 < x-amz-request-id: 6CAEA809B038410A < x-amz-id-2: akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U= < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Wed, 08 Apr 2020 10:05:54 GMT < Connection: close < Server: AmazonS3 < * Closing connection 0 [ERR] curl.cpp:RequestPerform(2074): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-2'</Message><Region>eu-west-2</Region><RequestId>6CAEA809B038410A</RequestId><HostId>akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U=</HostId></Error> [ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-2'</Message><Region>eu-west-2</Region><RequestId>6CAEA809B038410A</RequestId><HostId>akfr9T5K+6GbaPxeWJGu7oIqay5eqZqzOrJhHn2hLMhpdHRGE+v644rt/TW30fx2jO2OsN90A1U=</HostId></Error> [CRT] s3fs.cpp:s3fs_check_service(3742): Could not connect wrong region us-east-1, so retry to connect region eu-west-2. [INF] curl.cpp:CheckBucket(3076): check a bucket. [INF] curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/ [INF] curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/ [INF] curl.cpp:insertV4Headers(2408): computing signature [GET] [/] [] [] [INF] curl.cpp:url_to_host(101): url is https://s3-eu-west-2.amazonaws.com * Hostname rtb-backup.s3-eu-west-2.amazonaws.com was found in DNS cache * Trying 52.95.150.34:443... * TCP_NODELAY set * Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#1) * found 387 certificates in /etc/ssl/certs * ALPN, offering h2 * ALPN, offering http/1.1 * SSL re-using session ID * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.s3.eu-west-2.amazonaws.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=*.s3.eu-west-2.amazonaws.com * start date: Sat, 09 Nov 2019 00:00:00 GMT * expire date: Wed, 20 May 2020 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Baltimore CA-2 G2 * ALPN, server did not agree to a protocol > GET / HTTP/1.1 Host: rtb-backup.s3-eu-west-2.amazonaws.com User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* Authorization: AWS4-HMAC-SHA256 Credential=AKIAZJSHYA22W2LJHYTD/20200408/eu-west-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0af6aab3ef3c6280b440dbf43396b7e582c7dd1c11168ad99fd414c8b5cf1a4c x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date: 20200408T100554Z * Mark bundle as not supporting multiuse < HTTP/1.1 403 Forbidden < x-amz-bucket-region: eu-west-2 < x-amz-request-id: FD8A082B9FE02AD5 < x-amz-id-2: H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us= < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Wed, 08 Apr 2020 10:05:54 GMT < Server: AmazonS3 < * Connection #1 to host rtb-backup.s3-eu-west-2.amazonaws.com left intact [ERR] curl.cpp:RequestPerform(2078): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FD8A082B9FE02AD5</RequestId><HostId>H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us=</HostId></Error> [ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FD8A082B9FE02AD5</RequestId><HostId>H34PkpaJ0djeOf5pRiQdhonbniYCsd/91qWl5B0lEoBix9ImlBUa4zORIlJ4YClzxwIhRh+L5us=</HostId></Error> [WAN] s3fs.cpp:s3fs_check_service(3762): Could not connect, so retry to connect by signature version 2. [INF] curl.cpp:CheckBucket(3076): check a bucket. [INF] curl.cpp:prepare_url(4265): URL is https://s3-eu-west-2.amazonaws.com/rtb-backup/ [INF] curl.cpp:prepare_url(4297): URL changed is https://rtb-backup.s3-eu-west-2.amazonaws.com/ * Found bundle for host rtb-backup.s3-eu-west-2.amazonaws.com: 0x7f2dec238ad0 [serially] * Can not multiplex, even if we wanted to! * Re-using existing connection! (#1) with host rtb-backup.s3-eu-west-2.amazonaws.com * Connected to rtb-backup.s3-eu-west-2.amazonaws.com (52.95.150.34) port 443 (#1) > GET / HTTP/1.1 Host: rtb-backup.s3-eu-west-2.amazonaws.com User-Agent: s3fs/1.84 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* Authorization: AWS AKIAZJSHYA22W2LJHYTD:aQ/we7szcDspVS37mVKB2Bj6Iow= Date: Wed, 08 Apr 2020 10:05:55 GMT * Mark bundle as not supporting multiuse < HTTP/1.1 400 Bad Request < x-amz-bucket-region: eu-west-2 < x-amz-request-id: 80F535E69C3F6F5F < x-amz-id-2: iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A= < x-amz-region: eu-west-2 < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Wed, 08 Apr 2020 10:05:54 GMT < Connection: close < Server: AmazonS3 < * Closing connection 1 [ERR] curl.cpp:RequestPerform(2074): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>80F535E69C3F6F5F</RequestId><HostId>iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A=</HostId></Error> [ERR] curl.cpp:CheckBucket(3104): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>80F535E69C3F6F5F</RequestId><HostId>iqiuM9WawNz7qKSelYqqwcJdazCo1QM6zkGAe/tMIiUb5TSblhjOolxz7WuQX+CWzSsoPwsdJ0A=</HostId></Error> [CRT] s3fs.cpp:s3fs_check_service(3774): Bad Request(host=https://s3-eu-west-2.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3369): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3428): destroy ```

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@gaul commented on GitHub (Apr 8, 2020):

Please test with the latest version 1.86 and open a new issue for your symptoms. You might also try -o endpoint=eu-west-2.

<!-- gh-comment-id:610910457 --> @gaul commented on GitHub (Apr 8, 2020): Please test with the latest version 1.86 and open a new issue for your symptoms. You might also try `-o endpoint=eu-west-2`.

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@kuan51 commented on GitHub (Sep 16, 2021):

I have version 1.9 and am having the issue.
s3fs --version Amazon Simple Storage Service File System V1.90 (commit:b4edad8) with OpenSSL

Command: s3fs -f -d -o curldbg -o endpoint=us-east-2 -o url=https://s3.us-east-2.amazonaws.com cadence-bak-s3 /mnt/bak

Debug output:

2021-09-16T22:51:17.123Z [CRT] s3fs_logger.cpp:LowSetLogLevel(240): change debug level from [CRT] to [INF]
2021-09-16T22:51:17.123Z [INF]     s3fs.cpp:set_mountpoint_attribute(4094): PROC(uid=1005, gid=1006) - MountPoint(uid=1005, gid=1006, mode=44700)
2021-09-16T22:51:17.125Z [INF] curl.cpp:InitMimeType(434): Loaded mime information from /etc/mime.types
2021-09-16T22:51:17.127Z [INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission.
2021-09-16T22:51:17.133Z [INF] s3fs.cpp:s3fs_init(3382): init v1.90(commit:b4edad8) with OpenSSL
2021-09-16T22:51:17.133Z [INF] s3fs.cpp:s3fs_check_service(3516): check services.
2021-09-16T22:51:17.133Z [INF]       curl.cpp:CheckBucket(3722): check a bucket.
2021-09-16T22:51:17.133Z [WAN] curl.cpp:ResetHandle(2013): The CURLOPT_SSL_ENABLE_ALPN option could not be unset. S3 server does not support ALPN, then this option should be disabled to maximize performance. you need to use libcurl 7.36.0 or later.
2021-09-16T22:51:17.133Z [WAN] curl.cpp:ResetHandle(2016): The S3FS_CURLOPT_KEEP_SENDING_ON_ERROR option could not be set. For maximize performance you need to enable this option and you should use libcurl 7.51.0 or later.
2021-09-16T22:51:17.133Z [INF]       curl_util.cpp:prepare_url(254): URL is https://s3.us-east-2.amazonaws.com/cadence-bak-s3/
2021-09-16T22:51:17.133Z [INF]       curl_util.cpp:prepare_url(287): URL changed is https://cadence-bak-s3.s3.us-east-2.amazonaws.com/
2021-09-16T22:51:17.133Z [INF]       curl.cpp:insertV4Headers(2908): computing signature [GET] [/] [] []
2021-09-16T22:51:17.133Z [INF]       curl_util.cpp:url_to_host(331): url is https://s3.us-east-2.amazonaws.com
2021-09-16T22:51:17.139Z [CURL DBG] * About to connect() to cadence-bak-s3.s3.us-east-2.amazonaws.com port 443 (#0)
2021-09-16T22:51:17.139Z [CURL DBG] *   Trying 52.219.101.82...
2021-09-16T22:51:17.140Z [CURL DBG] * Connected to cadence-bak-s3.s3.us-east-2.amazonaws.com (52.219.101.82) port 443 (#0)
2021-09-16T22:51:17.140Z [CURL DBG] * Initializing NSS with certpath: sql:/etc/pki/nssdb
2021-09-16T22:51:17.308Z [CURL DBG] *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
2021-09-16T22:51:17.316Z [CURL DBG] * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2021-09-16T22:51:17.316Z [CURL DBG] * Server certificate:
2021-09-16T22:51:17.316Z [CURL DBG] *     subject: CN=*.s3.us-east-2.amazonaws.com,O="Amazon.com, Inc.",L=Seattle,ST=Washington,C=US
2021-09-16T22:51:17.316Z [CURL DBG] *     start date: Jan 14 00:00:00 2021 GMT
2021-09-16T22:51:17.316Z [CURL DBG] *     expire date: Jan 18 23:59:59 2022 GMT
2021-09-16T22:51:17.316Z [CURL DBG] *     common name: *.s3.us-east-2.amazonaws.com
2021-09-16T22:51:17.316Z [CURL DBG] *     issuer: CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US
2021-09-16T22:51:17.316Z [CURL DBG] > GET / HTTP/1.1
2021-09-16T22:51:17.316Z [CURL DBG] > User-Agent: s3fs/1.90 (commit hash b4edad8; OpenSSL)
2021-09-16T22:51:17.316Z [CURL DBG] > Accept: */*
2021-09-16T22:51:17.316Z [CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=AKIAUIUHUBQBHLUFI2EC/20210916/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=974576821e66175bdc5b407fa93c928440af5b7339d3798742eccb95f269ce3a
2021-09-16T22:51:17.316Z [CURL DBG] > host: cadence-bak-s3.s3.us-east-2.amazonaws.com
2021-09-16T22:51:17.316Z [CURL DBG] > x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2021-09-16T22:51:17.316Z [CURL DBG] > x-amz-date: 20210916T225117Z
2021-09-16T22:51:17.316Z [CURL DBG] >
2021-09-16T22:51:17.335Z [CURL DBG] < HTTP/1.1 403 Forbidden
2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-bucket-region: us-east-2
2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-request-id: NJ7AFCACCW91PG4H
2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-id-2: 4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s=
2021-09-16T22:51:17.335Z [CURL DBG] < Content-Type: application/xml
2021-09-16T22:51:17.335Z [CURL DBG] < Transfer-Encoding: chunked
2021-09-16T22:51:17.335Z [CURL DBG] < Date: Thu, 16 Sep 2021 22:51:16 GMT
2021-09-16T22:51:17.335Z [CURL DBG] < Server: AmazonS3
2021-09-16T22:51:17.335Z [CURL DBG] <
2021-09-16T22:51:17.335Z [CURL DBG] * Connection #0 to host cadence-bak-s3.s3.us-east-2.amazonaws.com left intact
2021-09-16T22:51:17.335Z [ERR] curl.cpp:RequestPerform(2591): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>NJ7AFCACCW91PG4H</RequestId><HostId>4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s=</HostId></Error>
2021-09-16T22:51:17.335Z [ERR] curl.cpp:CheckBucket(3765): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>NJ7AFCACCW91PG4H</RequestId><HostId>4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s=</HostId></Error>
2021-09-16T22:51:17.335Z [CRT] s3fs.cpp:s3fs_check_service(3575): Failed to connect by sigv4, so retry to connect by signature version 2.
2021-09-16T22:51:17.335Z [INF] curl_handlerpool.cpp:ReturnHandler(110): Pool full: destroy the oldest handler
2021-09-16T22:51:17.335Z [INF]       curl.cpp:CheckBucket(3722): check a bucket.
2021-09-16T22:51:17.335Z [INF]       curl_util.cpp:prepare_url(254): URL is https://s3.us-east-2.amazonaws.com/cadence-bak-s3/
2021-09-16T22:51:17.335Z [INF]       curl_util.cpp:prepare_url(287): URL changed is https://cadence-bak-s3.s3.us-east-2.amazonaws.com/
2021-09-16T22:51:17.335Z [CURL DBG] * Found bundle for host cadence-bak-s3.s3.us-east-2.amazonaws.com: 0x7f7198018b50
2021-09-16T22:51:17.335Z [CURL DBG] * Re-using existing connection! (#0) with host cadence-bak-s3.s3.us-east-2.amazonaws.com
2021-09-16T22:51:17.335Z [CURL DBG] * Connected to cadence-bak-s3.s3.us-east-2.amazonaws.com (52.219.101.82) port 443 (#0)
2021-09-16T22:51:17.335Z [CURL DBG] > GET / HTTP/1.1
2021-09-16T22:51:17.335Z [CURL DBG] > User-Agent: s3fs/1.90 (commit hash b4edad8; OpenSSL)
2021-09-16T22:51:17.335Z [CURL DBG] > Host: cadence-bak-s3.s3.us-east-2.amazonaws.com
2021-09-16T22:51:17.335Z [CURL DBG] > Accept: */*
2021-09-16T22:51:17.335Z [CURL DBG] > Authorization: AWS AKIAUIUHUBQBHLUFI2EC:toczegxIXWzPbhTm0oCFmapoJL8=
2021-09-16T22:51:17.335Z [CURL DBG] > Date: Thu, 16 Sep 2021 22:51:17 GMT
2021-09-16T22:51:17.335Z [CURL DBG] >
2021-09-16T22:51:17.336Z [CURL DBG] < HTTP/1.1 400 Bad Request
2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-bucket-region: us-east-2
2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-request-id: NJ7C0Q0431MJA490
2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-id-2: LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E=
2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-region: us-east-2
2021-09-16T22:51:17.336Z [CURL DBG] < Content-Type: application/xml
2021-09-16T22:51:17.336Z [CURL DBG] < Transfer-Encoding: chunked
2021-09-16T22:51:17.336Z [CURL DBG] < Date: Thu, 16 Sep 2021 22:51:16 GMT
2021-09-16T22:51:17.336Z [CURL DBG] < Server: AmazonS3
2021-09-16T22:51:17.336Z [CURL DBG] < Connection: close
2021-09-16T22:51:17.336Z [CURL DBG] <
2021-09-16T22:51:17.336Z [CURL DBG] * Closing connection 0
2021-09-16T22:51:17.337Z [ERR] curl.cpp:RequestPerform(2585): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>NJ7C0Q0431MJA490</RequestId><HostId>LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E=</HostId></Error>
2021-09-16T22:51:17.337Z [ERR] curl.cpp:CheckBucket(3765): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>NJ7C0Q0431MJA490</RequestId><HostId>LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E=</HostId></Error>
2021-09-16T22:51:17.337Z [CRT] s3fs.cpp:s3fs_check_service(3587): Bad Request(host=https://s3.us-east-2.amazonaws.com) - result of checking service.
2021-09-16T22:51:17.337Z [ERR] s3fs.cpp:s3fs_exit_fuseloop(3372): Exiting FUSE event loop due to errors

2021-09-16T22:51:17.347Z [INF] s3fs.cpp:s3fs_destroy(3440): destroy```

<!-- gh-comment-id:921315937 --> @kuan51 commented on GitHub (Sep 16, 2021): I have version 1.9 and am having the issue. `s3fs --version Amazon Simple Storage Service File System V1.90 (commit:b4edad8) with OpenSSL` Command: `s3fs -f -d -o curldbg -o endpoint=us-east-2 -o url=https://s3.us-east-2.amazonaws.com cadence-bak-s3 /mnt/bak` Debug output: ```2021-09-16T22:51:17.121Z [INF] s3fs version 1.90(b4edad8) : s3fs -f -d -o curldbg -o endpoint=us-east-2 -o url=https://s3.us-east-2.amazonaws.com cadence-bak-s3 /mnt/bak 2021-09-16T22:51:17.123Z [CRT] s3fs_logger.cpp:LowSetLogLevel(240): change debug level from [CRT] to [INF] 2021-09-16T22:51:17.123Z [INF] s3fs.cpp:set_mountpoint_attribute(4094): PROC(uid=1005, gid=1006) - MountPoint(uid=1005, gid=1006, mode=44700) 2021-09-16T22:51:17.125Z [INF] curl.cpp:InitMimeType(434): Loaded mime information from /etc/mime.types 2021-09-16T22:51:17.127Z [INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission. 2021-09-16T22:51:17.133Z [INF] s3fs.cpp:s3fs_init(3382): init v1.90(commit:b4edad8) with OpenSSL 2021-09-16T22:51:17.133Z [INF] s3fs.cpp:s3fs_check_service(3516): check services. 2021-09-16T22:51:17.133Z [INF] curl.cpp:CheckBucket(3722): check a bucket. 2021-09-16T22:51:17.133Z [WAN] curl.cpp:ResetHandle(2013): The CURLOPT_SSL_ENABLE_ALPN option could not be unset. S3 server does not support ALPN, then this option should be disabled to maximize performance. you need to use libcurl 7.36.0 or later. 2021-09-16T22:51:17.133Z [WAN] curl.cpp:ResetHandle(2016): The S3FS_CURLOPT_KEEP_SENDING_ON_ERROR option could not be set. For maximize performance you need to enable this option and you should use libcurl 7.51.0 or later. 2021-09-16T22:51:17.133Z [INF] curl_util.cpp:prepare_url(254): URL is https://s3.us-east-2.amazonaws.com/cadence-bak-s3/ 2021-09-16T22:51:17.133Z [INF] curl_util.cpp:prepare_url(287): URL changed is https://cadence-bak-s3.s3.us-east-2.amazonaws.com/ 2021-09-16T22:51:17.133Z [INF] curl.cpp:insertV4Headers(2908): computing signature [GET] [/] [] [] 2021-09-16T22:51:17.133Z [INF] curl_util.cpp:url_to_host(331): url is https://s3.us-east-2.amazonaws.com 2021-09-16T22:51:17.139Z [CURL DBG] * About to connect() to cadence-bak-s3.s3.us-east-2.amazonaws.com port 443 (#0) 2021-09-16T22:51:17.139Z [CURL DBG] * Trying 52.219.101.82... 2021-09-16T22:51:17.140Z [CURL DBG] * Connected to cadence-bak-s3.s3.us-east-2.amazonaws.com (52.219.101.82) port 443 (#0) 2021-09-16T22:51:17.140Z [CURL DBG] * Initializing NSS with certpath: sql:/etc/pki/nssdb 2021-09-16T22:51:17.308Z [CURL DBG] * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none 2021-09-16T22:51:17.316Z [CURL DBG] * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 2021-09-16T22:51:17.316Z [CURL DBG] * Server certificate: 2021-09-16T22:51:17.316Z [CURL DBG] * subject: CN=*.s3.us-east-2.amazonaws.com,O="Amazon.com, Inc.",L=Seattle,ST=Washington,C=US 2021-09-16T22:51:17.316Z [CURL DBG] * start date: Jan 14 00:00:00 2021 GMT 2021-09-16T22:51:17.316Z [CURL DBG] * expire date: Jan 18 23:59:59 2022 GMT 2021-09-16T22:51:17.316Z [CURL DBG] * common name: *.s3.us-east-2.amazonaws.com 2021-09-16T22:51:17.316Z [CURL DBG] * issuer: CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US 2021-09-16T22:51:17.316Z [CURL DBG] > GET / HTTP/1.1 2021-09-16T22:51:17.316Z [CURL DBG] > User-Agent: s3fs/1.90 (commit hash b4edad8; OpenSSL) 2021-09-16T22:51:17.316Z [CURL DBG] > Accept: */* 2021-09-16T22:51:17.316Z [CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=AKIAUIUHUBQBHLUFI2EC/20210916/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=974576821e66175bdc5b407fa93c928440af5b7339d3798742eccb95f269ce3a 2021-09-16T22:51:17.316Z [CURL DBG] > host: cadence-bak-s3.s3.us-east-2.amazonaws.com 2021-09-16T22:51:17.316Z [CURL DBG] > x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2021-09-16T22:51:17.316Z [CURL DBG] > x-amz-date: 20210916T225117Z 2021-09-16T22:51:17.316Z [CURL DBG] > 2021-09-16T22:51:17.335Z [CURL DBG] < HTTP/1.1 403 Forbidden 2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-bucket-region: us-east-2 2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-request-id: NJ7AFCACCW91PG4H 2021-09-16T22:51:17.335Z [CURL DBG] < x-amz-id-2: 4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s= 2021-09-16T22:51:17.335Z [CURL DBG] < Content-Type: application/xml 2021-09-16T22:51:17.335Z [CURL DBG] < Transfer-Encoding: chunked 2021-09-16T22:51:17.335Z [CURL DBG] < Date: Thu, 16 Sep 2021 22:51:16 GMT 2021-09-16T22:51:17.335Z [CURL DBG] < Server: AmazonS3 2021-09-16T22:51:17.335Z [CURL DBG] < 2021-09-16T22:51:17.335Z [CURL DBG] * Connection #0 to host cadence-bak-s3.s3.us-east-2.amazonaws.com left intact 2021-09-16T22:51:17.335Z [ERR] curl.cpp:RequestPerform(2591): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>NJ7AFCACCW91PG4H</RequestId><HostId>4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s=</HostId></Error> 2021-09-16T22:51:17.335Z [ERR] curl.cpp:CheckBucket(3765): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>NJ7AFCACCW91PG4H</RequestId><HostId>4I9jQnC852EoY5Yu5/TlIwQuTBitrE9G4sSRL/AYixkl1s85bTLfvBBKukHLM7gbbOqGJw6gu3s=</HostId></Error> 2021-09-16T22:51:17.335Z [CRT] s3fs.cpp:s3fs_check_service(3575): Failed to connect by sigv4, so retry to connect by signature version 2. 2021-09-16T22:51:17.335Z [INF] curl_handlerpool.cpp:ReturnHandler(110): Pool full: destroy the oldest handler 2021-09-16T22:51:17.335Z [INF] curl.cpp:CheckBucket(3722): check a bucket. 2021-09-16T22:51:17.335Z [INF] curl_util.cpp:prepare_url(254): URL is https://s3.us-east-2.amazonaws.com/cadence-bak-s3/ 2021-09-16T22:51:17.335Z [INF] curl_util.cpp:prepare_url(287): URL changed is https://cadence-bak-s3.s3.us-east-2.amazonaws.com/ 2021-09-16T22:51:17.335Z [CURL DBG] * Found bundle for host cadence-bak-s3.s3.us-east-2.amazonaws.com: 0x7f7198018b50 2021-09-16T22:51:17.335Z [CURL DBG] * Re-using existing connection! (#0) with host cadence-bak-s3.s3.us-east-2.amazonaws.com 2021-09-16T22:51:17.335Z [CURL DBG] * Connected to cadence-bak-s3.s3.us-east-2.amazonaws.com (52.219.101.82) port 443 (#0) 2021-09-16T22:51:17.335Z [CURL DBG] > GET / HTTP/1.1 2021-09-16T22:51:17.335Z [CURL DBG] > User-Agent: s3fs/1.90 (commit hash b4edad8; OpenSSL) 2021-09-16T22:51:17.335Z [CURL DBG] > Host: cadence-bak-s3.s3.us-east-2.amazonaws.com 2021-09-16T22:51:17.335Z [CURL DBG] > Accept: */* 2021-09-16T22:51:17.335Z [CURL DBG] > Authorization: AWS AKIAUIUHUBQBHLUFI2EC:toczegxIXWzPbhTm0oCFmapoJL8= 2021-09-16T22:51:17.335Z [CURL DBG] > Date: Thu, 16 Sep 2021 22:51:17 GMT 2021-09-16T22:51:17.335Z [CURL DBG] > 2021-09-16T22:51:17.336Z [CURL DBG] < HTTP/1.1 400 Bad Request 2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-bucket-region: us-east-2 2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-request-id: NJ7C0Q0431MJA490 2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-id-2: LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E= 2021-09-16T22:51:17.336Z [CURL DBG] < x-amz-region: us-east-2 2021-09-16T22:51:17.336Z [CURL DBG] < Content-Type: application/xml 2021-09-16T22:51:17.336Z [CURL DBG] < Transfer-Encoding: chunked 2021-09-16T22:51:17.336Z [CURL DBG] < Date: Thu, 16 Sep 2021 22:51:16 GMT 2021-09-16T22:51:17.336Z [CURL DBG] < Server: AmazonS3 2021-09-16T22:51:17.336Z [CURL DBG] < Connection: close 2021-09-16T22:51:17.336Z [CURL DBG] < 2021-09-16T22:51:17.336Z [CURL DBG] * Closing connection 0 2021-09-16T22:51:17.337Z [ERR] curl.cpp:RequestPerform(2585): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>NJ7C0Q0431MJA490</RequestId><HostId>LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E=</HostId></Error> 2021-09-16T22:51:17.337Z [ERR] curl.cpp:CheckBucket(3765): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>NJ7C0Q0431MJA490</RequestId><HostId>LfI3TkrDg7yboW2xG6fi20DqrRrW7TA7fBrvfaTjQZKSH8tRaX4mjgoLajXghWZP2EQDRop2I2E=</HostId></Error> 2021-09-16T22:51:17.337Z [CRT] s3fs.cpp:s3fs_check_service(3587): Bad Request(host=https://s3.us-east-2.amazonaws.com) - result of checking service. 2021-09-16T22:51:17.337Z [ERR] s3fs.cpp:s3fs_exit_fuseloop(3372): Exiting FUSE event loop due to errors 2021-09-16T22:51:17.347Z [INF] s3fs.cpp:s3fs_destroy(3440): destroy```

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@pgodschalk commented on GitHub (Sep 20, 2021):

Same.

NAME="Oracle Linux Server"
VERSION="7.9"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Oracle Linux Server 7.9"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:9:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.9
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.9

Amazon Simple Storage Service File System V1.90 (commit:unknown) with OpenSSL

4.1.12-124.50.2.el7uek.x86_64

Name        : fuse
Version     : 2.9.4
Release     : 1.0.9.el7
Architecture: x86_64
Install Date: Mon Sep 20 18:55:51 2021
Group       : System Environment/Base
Size        : 228368
License     : GPL+
Signature   : RSA/SHA256, Tue Feb 23 08:47:27 2021, Key ID 72f97b74ec551f03
Source RPM  : fuse-2.9.4-1.0.9.el7.src.rpm
Build Date  : Tue Feb 23 08:47:03 2021
Build Host  : host-100-100-224-38.blddevtest1iad.osdevelopmeniad.oraclevcn.com
Relocations : (not relocatable)
Vendor      : Oracle America
URL         : http://fuse.sf.net
Summary     : File System in Userspace (FUSE) utilities
Description :
With FUSE it is possible to implement a fully functional filesystem in a
userspace program. This package contains the FUSE userspace tools to
mount a FUSE filesystem.

Sep 20 19:31:17 dbs011 s3fs[57131]: s3fs version 1.90(unknown) : s3fs -o rw,allow_other,endpoint=eu-central-1,dbglevel=debug,url=https://s3.eu-central-1.amazonaws.com/,sigv2,dev,suid (redacted) /mnt/upload
Sep 20 19:31:17 dbs011 s3fs[57131]: s3fs_logger.cpp:LowSetLogLevel(240): change debug level from [CRT] to [DBG]
Sep 20 19:31:17 dbs011 s3fs[57131]:    PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
Sep 20 19:31:17 dbs011 s3fs[57131]: Loaded mime information from /etc/mime.types
Sep 20 19:31:17 dbs011 s3fs[57131]: The path to cache top dir is empty, thus not need to check permission.
Sep 20 19:31:17 dbs011 s3fs[57133]: init v1.90(commit:unknown) with OpenSSL
Sep 20 19:31:17 dbs011 s3fs[57133]: check services.
Sep 20 19:31:17 dbs011 s3fs[57133]:      check a bucket.
Sep 20 19:31:17 dbs011 s3fs[57133]: curl.cpp:ResetHandle(1945): The CURLOPT_SSL_ENABLE_ALPN option could not be unset. S3 server does not support ALPN, then this option should be disabled to maximize performance. you need to use libcurl 7.36.0 or later.
Sep 20 19:31:17 dbs011 s3fs[57133]: curl.cpp:ResetHandle(1948): The S3FS_CURLOPT_KEEP_SENDING_ON_ERROR option could not be set. For maximize performance you need to enable this option and you should use libcurl 7.51.0 or later.
Sep 20 19:31:17 dbs011 s3fs[57133]:      URL is https://s3.eu-central-1.amazonaws.com/(redacted)/
Sep 20 19:31:17 dbs011 s3fs[57133]:      URL changed is https://(redacted).s3.eu-central-1.amazonaws.com/
Sep 20 19:31:18 dbs011 s3fs[57133]: curl.cpp:RequestPerform(2357): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>YXDD4753QNP8F5Q0</RequestId><HostId>C0pnlPv0IvIwB+2vnzD1g3zj7nT5MZVnk19HfCg9ItZSrD1tbLbmf22sEqv+TEI5fhGEAYMN8zc=</HostId></Error>
Sep 20 19:31:18 dbs011 s3fs[57133]: curl.cpp:CheckBucket(3421): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>YXDD4753QNP8F5Q0</RequestId><HostId>C0pnlPv0IvIwB+2vnzD1g3zj7nT5MZVnk19HfCg9ItZSrD1tbLbmf22sEqv+TEI5fhGEAYMN8zc=</HostId></Error>
Sep 20 19:31:18 dbs011 s3fs[57133]: s3fs.cpp:s3fs_check_service(3587): Bad Request(host=https://s3.eu-central-1.amazonaws.com) - result of checking service.
Sep 20 19:31:18 dbs011 s3fs[57133]: Pool full: destroy the oldest handler
Sep 20 19:31:18 dbs011 s3fs[57133]: s3fs.cpp:s3fs_exit_fuseloop(3372): Exiting FUSE event loop due to errors
Sep 20 19:31:18 dbs011 s3fs[57133]: destroy

<!-- gh-comment-id:923136252 --> @pgodschalk commented on GitHub (Sep 20, 2021): Same. ```sh NAME="Oracle Linux Server" VERSION="7.9" ID="ol" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Oracle Linux Server 7.9" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:oracle:linux:7:9:server" HOME_URL="https://linux.oracle.com/" BUG_REPORT_URL="https://bugzilla.oracle.com/" ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7" ORACLE_BUGZILLA_PRODUCT_VERSION=7.9 ORACLE_SUPPORT_PRODUCT="Oracle Linux" ORACLE_SUPPORT_PRODUCT_VERSION=7.9 ``` ``` Amazon Simple Storage Service File System V1.90 (commit:unknown) with OpenSSL ``` ``` 4.1.12-124.50.2.el7uek.x86_64 ``` ``` Name : fuse Version : 2.9.4 Release : 1.0.9.el7 Architecture: x86_64 Install Date: Mon Sep 20 18:55:51 2021 Group : System Environment/Base Size : 228368 License : GPL+ Signature : RSA/SHA256, Tue Feb 23 08:47:27 2021, Key ID 72f97b74ec551f03 Source RPM : fuse-2.9.4-1.0.9.el7.src.rpm Build Date : Tue Feb 23 08:47:03 2021 Build Host : host-100-100-224-38.blddevtest1iad.osdevelopmeniad.oraclevcn.com Relocations : (not relocatable) Vendor : Oracle America URL : http://fuse.sf.net Summary : File System in Userspace (FUSE) utilities Description : With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem. ```` ``` Sep 20 19:31:17 dbs011 s3fs[57131]: s3fs version 1.90(unknown) : s3fs -o rw,allow_other,endpoint=eu-central-1,dbglevel=debug,url=https://s3.eu-central-1.amazonaws.com/,sigv2,dev,suid (redacted) /mnt/upload Sep 20 19:31:17 dbs011 s3fs[57131]: s3fs_logger.cpp:LowSetLogLevel(240): change debug level from [CRT] to [DBG] Sep 20 19:31:17 dbs011 s3fs[57131]: PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755) Sep 20 19:31:17 dbs011 s3fs[57131]: Loaded mime information from /etc/mime.types Sep 20 19:31:17 dbs011 s3fs[57131]: The path to cache top dir is empty, thus not need to check permission. Sep 20 19:31:17 dbs011 s3fs[57133]: init v1.90(commit:unknown) with OpenSSL Sep 20 19:31:17 dbs011 s3fs[57133]: check services. Sep 20 19:31:17 dbs011 s3fs[57133]: check a bucket. Sep 20 19:31:17 dbs011 s3fs[57133]: curl.cpp:ResetHandle(1945): The CURLOPT_SSL_ENABLE_ALPN option could not be unset. S3 server does not support ALPN, then this option should be disabled to maximize performance. you need to use libcurl 7.36.0 or later. Sep 20 19:31:17 dbs011 s3fs[57133]: curl.cpp:ResetHandle(1948): The S3FS_CURLOPT_KEEP_SENDING_ON_ERROR option could not be set. For maximize performance you need to enable this option and you should use libcurl 7.51.0 or later. Sep 20 19:31:17 dbs011 s3fs[57133]: URL is https://s3.eu-central-1.amazonaws.com/(redacted)/ Sep 20 19:31:17 dbs011 s3fs[57133]: URL changed is https://(redacted).s3.eu-central-1.amazonaws.com/ Sep 20 19:31:18 dbs011 s3fs[57133]: curl.cpp:RequestPerform(2357): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>YXDD4753QNP8F5Q0</RequestId><HostId>C0pnlPv0IvIwB+2vnzD1g3zj7nT5MZVnk19HfCg9ItZSrD1tbLbmf22sEqv+TEI5fhGEAYMN8zc=</HostId></Error> Sep 20 19:31:18 dbs011 s3fs[57133]: curl.cpp:CheckBucket(3421): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>YXDD4753QNP8F5Q0</RequestId><HostId>C0pnlPv0IvIwB+2vnzD1g3zj7nT5MZVnk19HfCg9ItZSrD1tbLbmf22sEqv+TEI5fhGEAYMN8zc=</HostId></Error> Sep 20 19:31:18 dbs011 s3fs[57133]: s3fs.cpp:s3fs_check_service(3587): Bad Request(host=https://s3.eu-central-1.amazonaws.com) - result of checking service. Sep 20 19:31:18 dbs011 s3fs[57133]: Pool full: destroy the oldest handler Sep 20 19:31:18 dbs011 s3fs[57133]: s3fs.cpp:s3fs_exit_fuseloop(3372): Exiting FUSE event loop due to errors Sep 20 19:31:18 dbs011 s3fs[57133]: destroy ```

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@gaul commented on GitHub (Sep 20, 2021):

@pgodschalk You need to remove -o sigv2. eu-central-1 only supports the default sigv4.

<!-- gh-comment-id:923428465 --> @gaul commented on GitHub (Sep 20, 2021): @pgodschalk You need to remove `-o sigv2`. eu-central-1 only supports the default sigv4.

kerem commented 2026-03-04 01:46:23 +03:00

Author

Owner

Copy link

@oliveiraev commented on GitHub (Jul 6, 2023):

@pgodschalk You need to remove -o sigv2. eu-central-1 only supports the default sigv4.

I can reproduce the problem even without sigv2 option set.

s3fs -d -f my-bucket-name /mnt/my-mount-point/ -oiam_role,endpoint=eu-central-1,curldbg
[CRT] s3fs.cpp:set_s3fs_log_level(257): change debug level from [CRT] to [INF]
[INF]     s3fs.cpp:set_mountpoint_attribute(4193): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
[CRT] s3fs.cpp:s3fs_init(3378): init v1.82(commit:unknown) with GnuTLS(gcrypt)
[INF]       curl.cpp:LoadIAMRoleFromMetaData(2377): Get IAM Role name
*   Trying 169.254.169.254...
* TCP_NODELAY set
* Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
> GET /latest/meta-data/iam/security-credentials/ HTTP/1.1
Host: 169.254.169.254
User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Accept-Ranges: bytes
< Content-Length: 19
< Content-Type: text/plain
< Date: Thu, 06 Jul 2023 11:19:49 GMT
< Last-Modified: Thu, 06 Jul 2023 11:08:11 GMT
< Connection: close
< Server: EC2ws
<
* Closing connection 0
[INF]       curl.cpp:RequestPerform(1940): HTTP response code 200
[INF]       curl.cpp:SetIAMRoleFromMetaData(1465): IAM role name response = "pdfChipInstanceRole"
[INF] s3fs.cpp:s3fs_init(3409): loaded IAM role name = pdfChipInstanceRole
[INF] s3fs.cpp:s3fs_check_service(3754): check services.
[INF]       curl.cpp:GetIAMCredentials(2336): [IAM role=pdfChipInstanceRole]
* Hostname 169.254.169.254 was found in DNS cache
*   Trying 169.254.169.254...
* TCP_NODELAY set
* Connected to 169.254.169.254 (169.254.169.254) port 80 (#1)
> GET /latest/meta-data/iam/security-credentials/pdfChipInstanceRole HTTP/1.1
Host: 169.254.169.254
User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Accept-Ranges: bytes
< Content-Length: 1590
< Content-Type: text/plain
< Date: Thu, 06 Jul 2023 11:19:49 GMT
< Last-Modified: Thu, 06 Jul 2023 11:08:11 GMT
< Connection: close
< Server: EC2ws
<
* Closing connection 1
[INF]       curl.cpp:RequestPerform(1940): HTTP response code 200
[INF]       curl.cpp:SetIAMCredentials(1409): IAM credential response = "{
  "Code" : "Success",
  "LastUpdated" : "2023-07-06T11:07:13Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "AWS_ACCESS_KEY_ID",
  "SecretAccessKey" : "AWS_ACCESS_KEY_SECRET",
  "Token" : "AWS_ACCESS_TOKEN",
  "Expiration" : "2023-07-06T17:33:21Z"
}"
[INF]       curl.cpp:CheckBucket(2914): check a bucket.
[INF]       curl.cpp:prepare_url(4205): URL is https://s3.amazonaws.com/my-bucket-name/
[INF]       curl.cpp:prepare_url(4237): URL changed is https://my-bucket-name.s3.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2267): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(100): url is https://s3.amazonaws.com
*   Trying 52.219.75.193...
* TCP_NODELAY set
* Connected to my-bucket-name.s3.amazonaws.com (52.219.75.193) port 443 (#2)
* found 137 certificates in /etc/ssl/certs/ca-certificates.crt
* found 414 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.s3.amazonaws.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=*.s3.amazonaws.com
* 	 start date: Tue, 21 Mar 2023 00:00:00 GMT
* 	 expire date: Tue, 19 Dec 2023 23:59:59 GMT
* 	 issuer: C=US,O=Amazon,CN=Amazon RSA 2048 M01
* 	 compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
host: my-bucket-name.s3.amazonaws.com
User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=AWS_ACCESS_KEY_ID/20230706/eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=31c9978b8a6a1edbde1240e923d77ce740c44968220553c6c80f43cea6238cf4
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20230706T111949Z
x-amz-security-token: AWS_ACCESS_TOKEN

< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: eu-central-1
< x-amz-request-id: RNQ8F6P7TA0R02EK
< x-amz-id-2: YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Thu, 06 Jul 2023 11:19:49 GMT
< Server: AmazonS3
<
* Connection #2 to host my-bucket-name.s3.amazonaws.com left intact
[INF]       curl.cpp:RequestPerform(1957): HTTP response code 403 was returned, returning EPERM
[ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>RNQ8F6P7TA0R02EK</RequestId><HostId>YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08=</HostId></Error>
[WAN] s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2.
[INF]       curl.cpp:CheckBucket(2914): check a bucket.
[INF]       curl.cpp:prepare_url(4205): URL is https://s3.amazonaws.com/my-bucket-name/
[INF]       curl.cpp:prepare_url(4237): URL changed is https://my-bucket-name.s3.amazonaws.com/
* Found bundle for host my-bucket-name.s3.amazonaws.com: 0x7f6b7814d250 [can pipeline]
* Re-using existing connection! (#2) with host my-bucket-name.s3.amazonaws.com
* Connected to my-bucket-name.s3.amazonaws.com (52.219.75.193) port 443 (#2)
> GET / HTTP/1.1
Host: my-bucket-name.s3.amazonaws.com
User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS AWS_ACCESS_KEY_ID:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Date: Thu, 06 Jul 2023 11:19:49 GMT
x-amz-security-token: AWS_ACCESS_TOKEN

< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: eu-central-1
< x-amz-request-id: RNQBF8J623Z562XS
< x-amz-id-2: MF7acdooOYLqmjCCDBgio1Ics6DQnlqEXA4AtuxZ6rfIi1W8mX3Iy+3l4k7lqXdO/BH59fWokaw=
< x-amz-region: eu-central-1
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Thu, 06 Jul 2023 11:19:49 GMT
< Server: AmazonS3
< Connection: close
<
* Closing connection 2
[INF]       curl.cpp:RequestPerform(1952): HTTP response code 400 was returned, returning EIO.
[ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>RNQBF8J623Z562XS</RequestId><HostId>MF7acdooOYLqmjCCDBgio1Ics6DQnlqEXA4AtuxZ6rfIi1W8mX3Iy+3l4k7lqXdO/BH59fWokaw=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3807): Bad Request(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3441): destroy
[WAN] s3fs.cpp:s3fs_destroy(3445): Could not release curl library.

looks like the problem resides between lines 104~108...

[...]
[INF]       curl.cpp:RequestPerform(1957): HTTP response code 403 was returned, returning EPERM
[ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>RNQ8F6P7TA0R02EK</RequestId><HostId>YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08=</HostId></Error>
[WAN] s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2.
[...]

... and may be related to #1743 which is my case.

direct awscli command works smoothly

aws s3 cp test-file.txt s3://my-bucket-name/test-file.txt
upload: ./test-file.txt to s3://my-bucket-name/test-file.txt

usually AWS SDK should parse and make use of .aws/config and .aws/credentials, doesn't?

<!-- gh-comment-id:1623547873 --> @oliveiraev commented on GitHub (Jul 6, 2023): > @pgodschalk You need to remove `-o sigv2`. eu-central-1 only supports the default sigv4. I can reproduce the problem even without `sigv2` option set. ``` s3fs -d -f my-bucket-name /mnt/my-mount-point/ -oiam_role,endpoint=eu-central-1,curldbg [CRT] s3fs.cpp:set_s3fs_log_level(257): change debug level from [CRT] to [INF] [INF] s3fs.cpp:set_mountpoint_attribute(4193): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755) [CRT] s3fs.cpp:s3fs_init(3378): init v1.82(commit:unknown) with GnuTLS(gcrypt) [INF] curl.cpp:LoadIAMRoleFromMetaData(2377): Get IAM Role name * Trying 169.254.169.254... * TCP_NODELAY set * Connected to 169.254.169.254 (169.254.169.254) port 80 (#0) > GET /latest/meta-data/iam/security-credentials/ HTTP/1.1 Host: 169.254.169.254 User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < Accept-Ranges: bytes < Content-Length: 19 < Content-Type: text/plain < Date: Thu, 06 Jul 2023 11:19:49 GMT < Last-Modified: Thu, 06 Jul 2023 11:08:11 GMT < Connection: close < Server: EC2ws < * Closing connection 0 [INF] curl.cpp:RequestPerform(1940): HTTP response code 200 [INF] curl.cpp:SetIAMRoleFromMetaData(1465): IAM role name response = "pdfChipInstanceRole" [INF] s3fs.cpp:s3fs_init(3409): loaded IAM role name = pdfChipInstanceRole [INF] s3fs.cpp:s3fs_check_service(3754): check services. [INF] curl.cpp:GetIAMCredentials(2336): [IAM role=pdfChipInstanceRole] * Hostname 169.254.169.254 was found in DNS cache * Trying 169.254.169.254... * TCP_NODELAY set * Connected to 169.254.169.254 (169.254.169.254) port 80 (#1) > GET /latest/meta-data/iam/security-credentials/pdfChipInstanceRole HTTP/1.1 Host: 169.254.169.254 User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < Accept-Ranges: bytes < Content-Length: 1590 < Content-Type: text/plain < Date: Thu, 06 Jul 2023 11:19:49 GMT < Last-Modified: Thu, 06 Jul 2023 11:08:11 GMT < Connection: close < Server: EC2ws < * Closing connection 1 [INF] curl.cpp:RequestPerform(1940): HTTP response code 200 [INF] curl.cpp:SetIAMCredentials(1409): IAM credential response = "{ "Code" : "Success", "LastUpdated" : "2023-07-06T11:07:13Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AWS_ACCESS_KEY_ID", "SecretAccessKey" : "AWS_ACCESS_KEY_SECRET", "Token" : "AWS_ACCESS_TOKEN", "Expiration" : "2023-07-06T17:33:21Z" }" [INF] curl.cpp:CheckBucket(2914): check a bucket. [INF] curl.cpp:prepare_url(4205): URL is https://s3.amazonaws.com/my-bucket-name/ [INF] curl.cpp:prepare_url(4237): URL changed is https://my-bucket-name.s3.amazonaws.com/ [INF] curl.cpp:insertV4Headers(2267): computing signature [GET] [/] [] [] [INF] curl.cpp:url_to_host(100): url is https://s3.amazonaws.com * Trying 52.219.75.193... * TCP_NODELAY set * Connected to my-bucket-name.s3.amazonaws.com (52.219.75.193) port 443 (#2) * found 137 certificates in /etc/ssl/certs/ca-certificates.crt * found 414 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.s3.amazonaws.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=*.s3.amazonaws.com * start date: Tue, 21 Mar 2023 00:00:00 GMT * expire date: Tue, 19 Dec 2023 23:59:59 GMT * issuer: C=US,O=Amazon,CN=Amazon RSA 2048 M01 * compression: NULL * ALPN, server accepted to use http/1.1 > GET / HTTP/1.1 host: my-bucket-name.s3.amazonaws.com User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* Authorization: AWS4-HMAC-SHA256 Credential=AWS_ACCESS_KEY_ID/20230706/eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=31c9978b8a6a1edbde1240e923d77ce740c44968220553c6c80f43cea6238cf4 x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date: 20230706T111949Z x-amz-security-token: AWS_ACCESS_TOKEN < HTTP/1.1 403 Forbidden < x-amz-bucket-region: eu-central-1 < x-amz-request-id: RNQ8F6P7TA0R02EK < x-amz-id-2: YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08= < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Thu, 06 Jul 2023 11:19:49 GMT < Server: AmazonS3 < * Connection #2 to host my-bucket-name.s3.amazonaws.com left intact [INF] curl.cpp:RequestPerform(1957): HTTP response code 403 was returned, returning EPERM [ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>RNQ8F6P7TA0R02EK</RequestId><HostId>YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08=</HostId></Error> [WAN] s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2. [INF] curl.cpp:CheckBucket(2914): check a bucket. [INF] curl.cpp:prepare_url(4205): URL is https://s3.amazonaws.com/my-bucket-name/ [INF] curl.cpp:prepare_url(4237): URL changed is https://my-bucket-name.s3.amazonaws.com/ * Found bundle for host my-bucket-name.s3.amazonaws.com: 0x7f6b7814d250 [can pipeline] * Re-using existing connection! (#2) with host my-bucket-name.s3.amazonaws.com * Connected to my-bucket-name.s3.amazonaws.com (52.219.75.193) port 443 (#2) > GET / HTTP/1.1 Host: my-bucket-name.s3.amazonaws.com User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt)) Accept: */* Authorization: AWS AWS_ACCESS_KEY_ID:XXXXXXXXXXXXXXXXXXXXXXXXXXXX Date: Thu, 06 Jul 2023 11:19:49 GMT x-amz-security-token: AWS_ACCESS_TOKEN < HTTP/1.1 400 Bad Request < x-amz-bucket-region: eu-central-1 < x-amz-request-id: RNQBF8J623Z562XS < x-amz-id-2: MF7acdooOYLqmjCCDBgio1Ics6DQnlqEXA4AtuxZ6rfIi1W8mX3Iy+3l4k7lqXdO/BH59fWokaw= < x-amz-region: eu-central-1 < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Thu, 06 Jul 2023 11:19:49 GMT < Server: AmazonS3 < Connection: close < * Closing connection 2 [INF] curl.cpp:RequestPerform(1952): HTTP response code 400 was returned, returning EIO. [ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>RNQBF8J623Z562XS</RequestId><HostId>MF7acdooOYLqmjCCDBgio1Ics6DQnlqEXA4AtuxZ6rfIi1W8mX3Iy+3l4k7lqXdO/BH59fWokaw=</HostId></Error> [CRT] s3fs.cpp:s3fs_check_service(3807): Bad Request(host=https://s3.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3441): destroy [WAN] s3fs.cpp:s3fs_destroy(3445): Could not release curl library. ``` looks like the problem resides between lines 104~108... ``` [...] [INF] curl.cpp:RequestPerform(1957): HTTP response code 403 was returned, returning EPERM [ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>RNQ8F6P7TA0R02EK</RequestId><HostId>YUh0PjCmjzguN5eW0CmnTZsPTX80Drx+CjPMfWTmuuRGPjXPpsTCqKu/Qv1LqbfIHgxLtIk2K08=</HostId></Error> [WAN] s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2. [...] ``` ... and may be related to #1743 which is my case. direct awscli command works smoothly ``` aws s3 cp test-file.txt s3://my-bucket-name/test-file.txt upload: ./test-file.txt to s3://my-bucket-name/test-file.txt ``` usually AWS SDK should parse and make use of `.aws/config` and `.aws/credentials`, doesn't?

kerem referenced this issue 2026-03-04 02:00:56 +03:00

[PR #546] [MERGED] Fixed double initialization of SSL library at foreground #1540

kerem referenced this issue 2026-03-04 02:01:26 +03:00

[PR #780] [MERGED] gnutls_auth: initialize libgcrypt #1636

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.97

v1.96

v1.95

v1.94

v1.93

v1.92

v1.91

v1.90

v1.89

v1.88

v1.87

v1.86

v1.85

v1.84

v1.83

v1.82

v1.81

v1.80

v1.79

v1.78

Pre-v1.78

v1.77

v1.76

v1.75

v1.74

Labels

Clear labels   

bug

  

bug

  

dataloss

  

duplicate

  

enhancement

  

feature request

  

help wanted

  

invalid

  

need info

  

performance

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

testing

No labels

bug

bug

dataloss

duplicate

enhancement

feature request

help wanted

invalid

need info

performance

pull-request

question

question

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/s3fs-fuse#524

No description provided.