With this policy, if/when the client deploys the checksum as header with the file, Artifactory will calculate the file's checksum and then compare the client uploaded checksum and the Artifactory calculated checksum.
If a checksum was not provided along with the file during deployment, then the following message will be displayed:
Client did not publish a checksum value.
If you trust the uploaded artifact you can accept the actual checksum by clicking the 'Fix Checksum' button.
By clicking the “Fix Checksum” button, you are instructing Artifactory to trust the checksums that were generated by Artifactory itself, so there will be no comparison of the client checksums and the server checksums to check if the file content is valid.
If a checksum is not provided, and you do not address the problem by using "Fix Checksum," then when a client attempts to send a get request to access that checksum file, Artifactory will return a 404 (not found) error.
In the case that the submitted checksum does not match Artifactory's generated checksum, Artifactory will return a 409 (conflict) error until a valid checksum is deployed.
Important note:
It's quite easy/common for files to become corrupted during file transfer or even after deployment; by using this Checksum-Policy option (making sure that the client's provided checksum matches the one calculated by Artifactory), the user is ensuring the file's data-integrity has not been compromised.