mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-12-22 08:48:55 +00:00
Abort for SSE-KMS encryption type and not SSL/TLS specified
This commit is contained in:
parent
4d7fd60305
commit
b97fd470a5
@ -110,6 +110,7 @@ You can use "k" for short "kmsid".
|
||||
If you san specify SSE-KMS type with your <kms id> in AWS KMS, you can set it after "kmsid:" (or "k:").
|
||||
If you specify only "kmsid" ("k"), you need to set AWSSSEKMSID environment which value is <kms id>.
|
||||
You must be careful about that you can not use the KMS id which is not same EC2 region.
|
||||
Additionally, if you specify SSE-KMS, your endpoints must use Secure Sockets Layer(SSL) or Transport Layer Security(TLS).
|
||||
.TP
|
||||
\fB\-o\fR load_sse_c - specify SSE-C keys
|
||||
Specify the custom-provided encryption keys file path for decrypting at downloading.
|
||||
|
@ -898,6 +898,13 @@ bool S3fsCurl::FinalCheckSse()
|
||||
S3FS_PRN_ERR("sse type is SSE-KMS, but signature type is not v4. SSE-KMS require signature v4.");
|
||||
return false;
|
||||
}
|
||||
|
||||
// SSL/TLS is required for KMS
|
||||
//
|
||||
if(!is_prefix(s3host.c_str(), "https://")){
|
||||
S3FS_PRN_ERR("The sse type is SSE-KMS, but it is not configured to use SSL/TLS. SSE-KMS requires SSL/TLS communication.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
S3FS_PRN_ERR("sse type is unknown(%d).", static_cast<int>(S3fsCurl::ssetype));
|
||||
|
@ -128,6 +128,8 @@ static constexpr char help_string[] =
|
||||
" environment which value is <kms id>. You must be careful\n"
|
||||
" about that you can not use the KMS id which is not same EC2\n"
|
||||
" region.\n"
|
||||
" Additionally, if you specify SSE-KMS, your endpoints must use\n"
|
||||
" Secure Sockets Layer(SSL) or Transport Layer Security(TLS).\n"
|
||||
"\n"
|
||||
" load_sse_c - specify SSE-C keys\n"
|
||||
" Specify the custom-provided encryption keys file path for decrypting\n"
|
||||
|
Loading…
Reference in New Issue
Block a user