mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2025-01-03 13:07:24 +00:00
Add no_check_certificate option which allows to ignore issues with self signed certs.
This commit is contained in:
parent
3056644969
commit
3522e5eda3
@ -118,6 +118,9 @@ s3fs always has to check whether file(or sub directory) exists under object(path
|
||||
It increases ListBucket request and makes performance bad.
|
||||
You can specify this option for performance, s3fs memorizes in stat cache that the object(file or directory) does not exist.
|
||||
.TP
|
||||
\fB\-o\fR no_check_certificate (by default this option is disabled) - do not check ssl certificate.
|
||||
server certificate won't be checked against the available certificate authorities.
|
||||
.TP
|
||||
\fB\-o\fR nodnscache - disable dns cache.
|
||||
s3fs is always using dns cache, this option make dns cache disable.
|
||||
.TP
|
||||
|
12
src/curl.cpp
12
src/curl.cpp
@ -244,6 +244,7 @@ pthread_mutex_t S3fsCurl::curl_handles_lock;
|
||||
pthread_mutex_t S3fsCurl::curl_share_lock[SHARE_MUTEX_MAX];
|
||||
bool S3fsCurl::is_initglobal_done = false;
|
||||
CURLSH* S3fsCurl::hCurlShare = NULL;
|
||||
bool S3fsCurl::is_cert_check = true; // default
|
||||
bool S3fsCurl::is_dns_cache = true; // default
|
||||
bool S3fsCurl::is_ssl_session_cache= true; // default
|
||||
long S3fsCurl::connect_timeout = 300; // default
|
||||
@ -734,6 +735,12 @@ size_t S3fsCurl::DownloadWriteCallback(void* ptr, size_t size, size_t nmemb, voi
|
||||
return totalwrite;
|
||||
}
|
||||
|
||||
bool S3fsCurl::SetCheckCertificate(bool isCertCheck) {
|
||||
bool old = S3fsCurl::is_cert_check;
|
||||
S3fsCurl::is_cert_check = isCertCheck;
|
||||
return old;
|
||||
}
|
||||
|
||||
bool S3fsCurl::SetDnsCache(bool isCache)
|
||||
{
|
||||
bool old = S3fsCurl::is_dns_cache;
|
||||
@ -1319,6 +1326,11 @@ bool S3fsCurl::ResetHandle(void)
|
||||
if((S3fsCurl::is_dns_cache || S3fsCurl::is_ssl_session_cache) && S3fsCurl::hCurlShare){
|
||||
curl_easy_setopt(hCurl, CURLOPT_SHARE, S3fsCurl::hCurlShare);
|
||||
}
|
||||
if(!S3fsCurl::is_cert_check) {
|
||||
DPRN("'no_check_certificate' option in effect.")
|
||||
DPRN("The server certificate won't be checked against the available certificate authorities.")
|
||||
curl_easy_setopt(hCurl, CURLOPT_SSL_VERIFYPEER, false);
|
||||
}
|
||||
if(S3fsCurl::is_verbose){
|
||||
curl_easy_setopt(hCurl, CURLOPT_VERBOSE, true);
|
||||
}
|
||||
|
@ -157,6 +157,7 @@ class S3fsCurl
|
||||
static pthread_mutex_t curl_share_lock[SHARE_MUTEX_MAX];
|
||||
static bool is_initglobal_done;
|
||||
static CURLSH* hCurlShare;
|
||||
static bool is_cert_check;
|
||||
static bool is_dns_cache;
|
||||
static bool is_ssl_session_cache;
|
||||
static long connect_timeout;
|
||||
@ -267,6 +268,7 @@ class S3fsCurl
|
||||
|
||||
// class methods(valiables)
|
||||
static std::string LookupMimeType(std::string name);
|
||||
static bool SetCheckCertificate(bool isCertCheck);
|
||||
static bool SetDnsCache(bool isCache);
|
||||
static bool SetSslSessionCache(bool isCache);
|
||||
static long SetConnectTimeout(long timeout);
|
||||
|
@ -3808,6 +3808,10 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
|
||||
service_path = strchr(arg, '=') + sizeof(char);
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "no_check_certificate")){
|
||||
S3fsCurl::SetCheckCertificate(false);
|
||||
return 0;
|
||||
}
|
||||
if(0 == STR2NCMP(arg, "connect_timeout=")){
|
||||
long contimeout = static_cast<long>(s3fs_strtoofft(strchr(arg, '=') + sizeof(char)));
|
||||
S3fsCurl::SetConnectTimeout(contimeout);
|
||||
|
@ -947,6 +947,9 @@ void show_help (void)
|
||||
" You can specify this option for performance, s3fs memorizes \n"
|
||||
" in stat cache that the object(file or directory) does not exist.\n"
|
||||
"\n"
|
||||
" no_check_certificate\n"
|
||||
" - server certificate won't be checked against the available certificate authorities.\n"
|
||||
"\n"
|
||||
" nodnscache (disable dns cache)\n"
|
||||
" - s3fs is always using dns cache, this option make dns cache disable.\n"
|
||||
"\n"
|
||||
|
Loading…
Reference in New Issue
Block a user