Invalid trailing header names in x-amz-trailer since update to 1.36

[MarcoGriep88]

Describe the bug

Hi, since update to boto3 1.36.0 from 15.01.2025 i got following error on put_object

" An error occurred (InvalidTrailer) when calling the PutObject operation: Invalid trailing header names in x-amz-trailer."

`
custom_config = Config(signature_version="s3v4")

s3 = boto3.client(
"s3",
aws_access_key_id=AWS_ACCESS_KEY,
aws_secret_access_key=AWS_SECRET_KEY,
endpoint_url=AWS_ENDPOINT,
config=custom_config
)

content = sanitize_content(content) # Content bereinigen
print(f"Uploading {file_name} to S3 with size {len(content)} bytes")

    s3.put_object(
        Bucket=S3_BUCKET_NAME,
        Key=s3_path,
        Body=content,
        Metadata={}
    )

....

`

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

Upload the file without issues

Current Behavior

Throws error "Invalid trailing header names in x-amz-trailer"

Reproduction Steps

`
custom_config = Config(signature_version="s3v4")

s3 = boto3.client(
"s3",
aws_access_key_id=AWS_ACCESS_KEY,
aws_secret_access_key=AWS_SECRET_KEY,
endpoint_url=AWS_ENDPOINT,
config=custom_config
)

content = sanitize_content(content) # Content bereinigen
print(f"Uploading {file_name} to S3 with size {len(content)} bytes")

    s3.put_object(
        Bucket=S3_BUCKET_NAME,
        Key=s3_path,
        Body=content,
        Metadata={}
    )

....

Possible Solution

Downgrade to Version 1.35

Additional Information/Context

No response

SDK version used

1.36

Environment details (OS name and version, etc.)

Python 3, Ubuntu Server 24.04

[jonathan343]

Hey @MarcoGriep88, thanks for opening an issue with us.

Boto3 introduced some changes to the s3 client in v1.36.0 that change the default behavior for S3 data integrity checks (see our announcement for more information).

The SDK should only be providing X-Amz-Trailer values supported by S3. Can you enable boto3 debug logs so we can provide further assistance with this issue?

The example below shows how to enable debug logs in boto3:

Note: Please remove sensitive information from the debug logs if any.

import boto3
boto3.set_stream_logger("")

Also can you confirm if you're interacting with the official S3 service or a 3rd party S3-like service?

[MarcoGriep88]

@jonathan343 Hi, currently not on my workstation anymore. But i wanted to answer your question:

"Also can you confirm if you're interacting with the official S3 service or a 3rd party S3-like service?"

Its an S3-Like Service from Ionos Datacenter. Not official AWS. Dont know what backend its based on.
https://cloud.ionos.at/storage/object-storage

[jonathan343]

Please see our announcement in #4392.
Specifically the following:

Disclaimer: The AWS SDKs and CLI are designed for usage with official AWS services. We may introduce and enable new features by default, such as these new default integrity protections prior to them being supported or handled by third-party service implementations. You can disable the new behavior with the WHEN_REQUIRED value for the request_checksum_calculation and response_checksum_validation configuration options covered in Data Integrity Protections for Amazon S3.

If you experience issues with Amazon S3 or configuring default integrity options to WHEN_REQUIRED, feel free to reopen this issue. We apologize for the inconvenience.