From 3522e5eda399c0b4b10a038c5796f31515a1f391 Mon Sep 17 00:00:00 2001 From: Bartlomiej Palmowski Date: Wed, 20 May 2015 17:32:36 +0200 Subject: [PATCH] Add no_check_certificate option which allows to ignore issues with self signed certs. --- doc/man/s3fs.1 | 3 +++ src/curl.cpp | 12 ++++++++++++ src/curl.h | 2 ++ src/s3fs.cpp | 4 ++++ src/s3fs_util.cpp | 3 +++ 5 files changed, 24 insertions(+) diff --git a/doc/man/s3fs.1 b/doc/man/s3fs.1 index be7bb1f..acf409e 100644 --- a/doc/man/s3fs.1 +++ b/doc/man/s3fs.1 @@ -118,6 +118,9 @@ s3fs always has to check whether file(or sub directory) exists under object(path It increases ListBucket request and makes performance bad. You can specify this option for performance, s3fs memorizes in stat cache that the object(file or directory) does not exist. .TP +\fB\-o\fR no_check_certificate (by default this option is disabled) - do not check ssl certificate. +server certificate won't be checked against the available certificate authorities. +.TP \fB\-o\fR nodnscache - disable dns cache. s3fs is always using dns cache, this option make dns cache disable. .TP diff --git a/src/curl.cpp b/src/curl.cpp index f0c5cbe..e9e202c 100644 --- a/src/curl.cpp +++ b/src/curl.cpp @@ -244,6 +244,7 @@ pthread_mutex_t S3fsCurl::curl_handles_lock; pthread_mutex_t S3fsCurl::curl_share_lock[SHARE_MUTEX_MAX]; bool S3fsCurl::is_initglobal_done = false; CURLSH* S3fsCurl::hCurlShare = NULL; +bool S3fsCurl::is_cert_check = true; // default bool S3fsCurl::is_dns_cache = true; // default bool S3fsCurl::is_ssl_session_cache= true; // default long S3fsCurl::connect_timeout = 300; // default @@ -734,6 +735,12 @@ size_t S3fsCurl::DownloadWriteCallback(void* ptr, size_t size, size_t nmemb, voi return totalwrite; } +bool S3fsCurl::SetCheckCertificate(bool isCertCheck) { + bool old = S3fsCurl::is_cert_check; + S3fsCurl::is_cert_check = isCertCheck; + return old; +} + bool S3fsCurl::SetDnsCache(bool isCache) { bool old = S3fsCurl::is_dns_cache; @@ -1319,6 +1326,11 @@ bool S3fsCurl::ResetHandle(void) if((S3fsCurl::is_dns_cache || S3fsCurl::is_ssl_session_cache) && S3fsCurl::hCurlShare){ curl_easy_setopt(hCurl, CURLOPT_SHARE, S3fsCurl::hCurlShare); } + if(!S3fsCurl::is_cert_check) { + DPRN("'no_check_certificate' option in effect.") + DPRN("The server certificate won't be checked against the available certificate authorities.") + curl_easy_setopt(hCurl, CURLOPT_SSL_VERIFYPEER, false); + } if(S3fsCurl::is_verbose){ curl_easy_setopt(hCurl, CURLOPT_VERBOSE, true); } diff --git a/src/curl.h b/src/curl.h index a3349b2..ca10cef 100644 --- a/src/curl.h +++ b/src/curl.h @@ -157,6 +157,7 @@ class S3fsCurl static pthread_mutex_t curl_share_lock[SHARE_MUTEX_MAX]; static bool is_initglobal_done; static CURLSH* hCurlShare; + static bool is_cert_check; static bool is_dns_cache; static bool is_ssl_session_cache; static long connect_timeout; @@ -267,6 +268,7 @@ class S3fsCurl // class methods(valiables) static std::string LookupMimeType(std::string name); + static bool SetCheckCertificate(bool isCertCheck); static bool SetDnsCache(bool isCache); static bool SetSslSessionCache(bool isCache); static long SetConnectTimeout(long timeout); diff --git a/src/s3fs.cpp b/src/s3fs.cpp index 2a8f104..f37b10a 100644 --- a/src/s3fs.cpp +++ b/src/s3fs.cpp @@ -3808,6 +3808,10 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar service_path = strchr(arg, '=') + sizeof(char); return 0; } + if(0 == strcmp(arg, "no_check_certificate")){ + S3fsCurl::SetCheckCertificate(false); + return 0; + } if(0 == STR2NCMP(arg, "connect_timeout=")){ long contimeout = static_cast(s3fs_strtoofft(strchr(arg, '=') + sizeof(char))); S3fsCurl::SetConnectTimeout(contimeout); diff --git a/src/s3fs_util.cpp b/src/s3fs_util.cpp index a46d31c..b81256a 100644 --- a/src/s3fs_util.cpp +++ b/src/s3fs_util.cpp @@ -947,6 +947,9 @@ void show_help (void) " You can specify this option for performance, s3fs memorizes \n" " in stat cache that the object(file or directory) does not exist.\n" "\n" + " no_check_certificate\n" + " - server certificate won't be checked against the available certificate authorities.\n" + "\n" " nodnscache (disable dns cache)\n" " - s3fs is always using dns cache, this option make dns cache disable.\n" "\n"