-
-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MD5 checksum failure for downloads #8798
Comments
Please post the transcript from the log drawer of the Transfers window. Choose ⌘-L on Mac or right-click the toolbar from the Transfers window and choose Log on Windows |
Please note that the download is still complete but failed verification of checksums. |
Please report this issue to the server vendor. You can choose Continue to ignore the verification failure. |
Hi dkocher, I don't see any way to continue past the error when I get this message doing a WebDAV download in the Windows client. Also, the server in this case is run by a large, unresponsive academic institution. Any chance of getting a way in the next release to ignore checksums the way it behaved in prior versions? Thanks! |
Replying to [comment:10 cmcapellan]: Set the property
|
Thank you, this is very helpful! TL;DR for hidden configuration for Windows 7/8 users:
|
The assumption in bfe5a45 that all ETags that look like an MD5 hash must be calculated with the same logic as S3 is wrong. The spec is clear that there is no formula to an ETag. The ETag is not a method for byte validation: http://www.webdav.org/specs/rfc4918.html#etag Sakai is an open-source learning management system, and we calculate our ETag using a simple MD5 hash: https://crucible.sakaiproject.org/changelog/Sakai.Git?cs=7f8f50feda276a68d2488990a4fb91b2de079f02 We follow the spec: our ETag is unique per item. Cyberduck 4.7 is Sakai's recommended WebDAV client and no longer works for hundreds of Sakai-using institutions around the world. |
Replying to [comment:13 samottenhoff]:
This changeset should just make it work with matching MD5 being calculated in Sakai and Cyberduck. Do you have any more insight why the checksums might not match? |
Replying to [comment:13 samottenhoff]:
If your unique ID match the above pattern but is not actually a MD5 digest then that would explain the trouble. |
bfe5a45 assumes that if it sees a 32-character ETag, that it is an MD5 calculated using a certain formula for checksum verification. But there is no specification that dictates how the ETag should be calculated. Sakai just happens to use a 32-character ETag. Why is bfe5a45 assuming that our ETag should be used for checksum verification? |
Replying to [comment:17 samottenhoff]:
|
You are misunderstanding what an MD5 is. An MD5 is an arbitrary hashing algorithm. Any string or series of bytes can have an MD5 computed (http://www.md5.cz/) for it. bfe5a45 is making a huge assumption that any 32-character string that looks like an MD5 must have been created to provide an MD5 file checksum. This assumption is incorrect. It appears this assumption begun with how Amazon S3 implemented their ETag. |
Since updating to 4.7, virtually all my downloads via CyberDuck have failed. When I begin a download, I get an error message that reads:
I have worked around this issue by reinstalling 4.6.4 (16610). This is fine for my needs, but I thought I should report this issue.
The text was updated successfully, but these errors were encountered: