clientETag, err := etag.FromContentMD5(formValues)
	if err != nil {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidDigest), r.URL)
		return
	}

	var forceMD5 []byte
	// Optimization: If SSE-KMS and SSE-C did not request Content-Md5. Use uuid as etag. Optionally enable this also
	// for server that is started with `--no-compat`.
	kind, _ := crypto.IsRequested(formValues)

	ErrPolicyAlreadyAttached
	ErrPolicyNotAttached
	ErrExcessData
	ErrPolicyInvalidName
	ErrNoTokenRevokeType
	ErrAdminOpenIDNotEnabled
	ErrAdminNoSuchAccessKey
	// Add new error codes here.

	// SSE-S3/SSE-KMS related API errors
	ErrInvalidEncryptionMethod
	ErrInvalidEncryptionKeyID

	// Server-Side-Encryption (with Customer provided key) related API errors.
	ErrInsecureSSECustomerRequest
	ErrSSEMultipartEncrypted

    for DNS offers better security and potentially better performance. This feature is a preview:
    the API is subject to change.
 *  New: `okhttp-sse` is an early preview of Server-Sent Events (SSE). This feature is incomplete
    and is only suitable for experimental use.
 *  New: MockWebServer now supports client authentication (mutual TLS). Call `requestClientAuth()`

		}
		// Make sure to return object info to provide extra information.
		return &GetObjectReader{
			ObjInfo: objInfo,
		}, toObjectErr(errMethodNotAllowed, bucket, object)
	}

	// Set NoDecryption for SSE-C objects and if replication request
	if crypto.SSEC.IsEncrypted(objInfo.UserDefined) && opts.ReplicationRequest {
		opts.NoDecryption = true
	}

	if objInfo.Size == 0 {