Add no_check_certificate option which allows to ignore issues with self signed certs.

This commit is contained in:
Bartlomiej Palmowski 2015-05-20 17:32:36 +02:00
parent 3056644969
commit 3522e5eda3
5 changed files with 24 additions and 0 deletions

View File

@ -118,6 +118,9 @@ s3fs always has to check whether file(or sub directory) exists under object(path
It increases ListBucket request and makes performance bad. It increases ListBucket request and makes performance bad.
You can specify this option for performance, s3fs memorizes in stat cache that the object(file or directory) does not exist. You can specify this option for performance, s3fs memorizes in stat cache that the object(file or directory) does not exist.
.TP .TP
\fB\-o\fR no_check_certificate (by default this option is disabled) - do not check ssl certificate.
server certificate won't be checked against the available certificate authorities.
.TP
\fB\-o\fR nodnscache - disable dns cache. \fB\-o\fR nodnscache - disable dns cache.
s3fs is always using dns cache, this option make dns cache disable. s3fs is always using dns cache, this option make dns cache disable.
.TP .TP

View File

@ -244,6 +244,7 @@ pthread_mutex_t S3fsCurl::curl_handles_lock;
pthread_mutex_t S3fsCurl::curl_share_lock[SHARE_MUTEX_MAX]; pthread_mutex_t S3fsCurl::curl_share_lock[SHARE_MUTEX_MAX];
bool S3fsCurl::is_initglobal_done = false; bool S3fsCurl::is_initglobal_done = false;
CURLSH* S3fsCurl::hCurlShare = NULL; CURLSH* S3fsCurl::hCurlShare = NULL;
bool S3fsCurl::is_cert_check = true; // default
bool S3fsCurl::is_dns_cache = true; // default bool S3fsCurl::is_dns_cache = true; // default
bool S3fsCurl::is_ssl_session_cache= true; // default bool S3fsCurl::is_ssl_session_cache= true; // default
long S3fsCurl::connect_timeout = 300; // default long S3fsCurl::connect_timeout = 300; // default
@ -734,6 +735,12 @@ size_t S3fsCurl::DownloadWriteCallback(void* ptr, size_t size, size_t nmemb, voi
return totalwrite; return totalwrite;
} }
bool S3fsCurl::SetCheckCertificate(bool isCertCheck) {
bool old = S3fsCurl::is_cert_check;
S3fsCurl::is_cert_check = isCertCheck;
return old;
}
bool S3fsCurl::SetDnsCache(bool isCache) bool S3fsCurl::SetDnsCache(bool isCache)
{ {
bool old = S3fsCurl::is_dns_cache; bool old = S3fsCurl::is_dns_cache;
@ -1319,6 +1326,11 @@ bool S3fsCurl::ResetHandle(void)
if((S3fsCurl::is_dns_cache || S3fsCurl::is_ssl_session_cache) && S3fsCurl::hCurlShare){ if((S3fsCurl::is_dns_cache || S3fsCurl::is_ssl_session_cache) && S3fsCurl::hCurlShare){
curl_easy_setopt(hCurl, CURLOPT_SHARE, S3fsCurl::hCurlShare); curl_easy_setopt(hCurl, CURLOPT_SHARE, S3fsCurl::hCurlShare);
} }
if(!S3fsCurl::is_cert_check) {
DPRN("'no_check_certificate' option in effect.")
DPRN("The server certificate won't be checked against the available certificate authorities.")
curl_easy_setopt(hCurl, CURLOPT_SSL_VERIFYPEER, false);
}
if(S3fsCurl::is_verbose){ if(S3fsCurl::is_verbose){
curl_easy_setopt(hCurl, CURLOPT_VERBOSE, true); curl_easy_setopt(hCurl, CURLOPT_VERBOSE, true);
} }

View File

@ -157,6 +157,7 @@ class S3fsCurl
static pthread_mutex_t curl_share_lock[SHARE_MUTEX_MAX]; static pthread_mutex_t curl_share_lock[SHARE_MUTEX_MAX];
static bool is_initglobal_done; static bool is_initglobal_done;
static CURLSH* hCurlShare; static CURLSH* hCurlShare;
static bool is_cert_check;
static bool is_dns_cache; static bool is_dns_cache;
static bool is_ssl_session_cache; static bool is_ssl_session_cache;
static long connect_timeout; static long connect_timeout;
@ -267,6 +268,7 @@ class S3fsCurl
// class methods(valiables) // class methods(valiables)
static std::string LookupMimeType(std::string name); static std::string LookupMimeType(std::string name);
static bool SetCheckCertificate(bool isCertCheck);
static bool SetDnsCache(bool isCache); static bool SetDnsCache(bool isCache);
static bool SetSslSessionCache(bool isCache); static bool SetSslSessionCache(bool isCache);
static long SetConnectTimeout(long timeout); static long SetConnectTimeout(long timeout);

View File

@ -3808,6 +3808,10 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
service_path = strchr(arg, '=') + sizeof(char); service_path = strchr(arg, '=') + sizeof(char);
return 0; return 0;
} }
if(0 == strcmp(arg, "no_check_certificate")){
S3fsCurl::SetCheckCertificate(false);
return 0;
}
if(0 == STR2NCMP(arg, "connect_timeout=")){ if(0 == STR2NCMP(arg, "connect_timeout=")){
long contimeout = static_cast<long>(s3fs_strtoofft(strchr(arg, '=') + sizeof(char))); long contimeout = static_cast<long>(s3fs_strtoofft(strchr(arg, '=') + sizeof(char)));
S3fsCurl::SetConnectTimeout(contimeout); S3fsCurl::SetConnectTimeout(contimeout);

View File

@ -947,6 +947,9 @@ void show_help (void)
" You can specify this option for performance, s3fs memorizes \n" " You can specify this option for performance, s3fs memorizes \n"
" in stat cache that the object(file or directory) does not exist.\n" " in stat cache that the object(file or directory) does not exist.\n"
"\n" "\n"
" no_check_certificate\n"
" - server certificate won't be checked against the available certificate authorities.\n"
"\n"
" nodnscache (disable dns cache)\n" " nodnscache (disable dns cache)\n"
" - s3fs is always using dns cache, this option make dns cache disable.\n" " - s3fs is always using dns cache, this option make dns cache disable.\n"
"\n" "\n"