Merge pull request #190 from Rotwang/master

Add a no_check_certificate option.

doc/man/s3fs.1

@@ -118,6 +118,9 @@ s3fs always has to check whether file(or sub directory) exists under object(path
 It increases ListBucket request and makes performance bad.
 You can specify this option for performance, s3fs memorizes in stat cache that the object(file or directory) does not exist.
 .TP
+\fB\-o\fR no_check_certificate (by default this option is disabled) - do not check ssl certificate.
+server certificate won't be checked against the available certificate authorities.
+.TP
 \fB\-o\fR nodnscache - disable dns cache.
 s3fs is always using dns cache, this option make dns cache disable.
 .TP

src/curl.cpp

@@ -244,6 +244,7 @@ pthread_mutex_t  S3fsCurl::curl_handles_lock;
 pthread_mutex_t  S3fsCurl::curl_share_lock[SHARE_MUTEX_MAX];
 bool             S3fsCurl::is_initglobal_done  = false;
 CURLSH*          S3fsCurl::hCurlShare          = NULL;
+bool             S3fsCurl::is_cert_check       = true; // default
 bool             S3fsCurl::is_dns_cache        = true; // default
 bool             S3fsCurl::is_ssl_session_cache= true; // default
 long             S3fsCurl::connect_timeout     = 300;  // default
@@ -734,6 +735,12 @@ size_t S3fsCurl::DownloadWriteCallback(void* ptr, size_t size, size_t nmemb, voi
   return totalwrite;
 }
 
+bool S3fsCurl::SetCheckCertificate(bool isCertCheck) {
+    bool old = S3fsCurl::is_cert_check;
+    S3fsCurl::is_cert_check = isCertCheck;
+    return old;
+}
+
 bool S3fsCurl::SetDnsCache(bool isCache)
 {
   bool old = S3fsCurl::is_dns_cache;
@@ -1319,6 +1326,11 @@ bool S3fsCurl::ResetHandle(void)
   if((S3fsCurl::is_dns_cache || S3fsCurl::is_ssl_session_cache) && S3fsCurl::hCurlShare){
     curl_easy_setopt(hCurl, CURLOPT_SHARE, S3fsCurl::hCurlShare);
   }
+  if(!S3fsCurl::is_cert_check) {
+    DPRN("'no_check_certificate' option in effect.")
+    DPRN("The server certificate won't be checked against the available certificate authorities.")
+    curl_easy_setopt(hCurl, CURLOPT_SSL_VERIFYPEER, false);
+  }
   if(S3fsCurl::is_verbose){
     curl_easy_setopt(hCurl, CURLOPT_VERBOSE, true);
   }

src/curl.h

@@ -157,6 +157,7 @@ class S3fsCurl
     static pthread_mutex_t  curl_share_lock[SHARE_MUTEX_MAX];
     static bool             is_initglobal_done;
     static CURLSH*          hCurlShare;
+    static bool             is_cert_check;
     static bool             is_dns_cache;
     static bool             is_ssl_session_cache;
     static long             connect_timeout;
@@ -267,6 +268,7 @@ class S3fsCurl
 
     // class methods(valiables)
     static std::string LookupMimeType(std::string name);
+    static bool SetCheckCertificate(bool isCertCheck);
     static bool SetDnsCache(bool isCache);
     static bool SetSslSessionCache(bool isCache);
     static long SetConnectTimeout(long timeout);

src/s3fs.cpp

@@ -3808,6 +3808,10 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
       service_path = strchr(arg, '=') + sizeof(char);
       return 0;
     }
+    if(0 == strcmp(arg, "no_check_certificate")){
+        S3fsCurl::SetCheckCertificate(false);
+        return 0;
+    }
     if(0 == STR2NCMP(arg, "connect_timeout=")){
       long contimeout = static_cast<long>(s3fs_strtoofft(strchr(arg, '=') + sizeof(char)));
       S3fsCurl::SetConnectTimeout(contimeout);

src/s3fs_util.cpp

@@ -947,6 +947,9 @@ void show_help (void)
     "      You can specify this option for performance, s3fs memorizes \n"
     "      in stat cache that the object(file or directory) does not exist.\n"
     "\n"
+    "   no_check_certificate\n"
+    "      - server certificate won't be checked against the available certificate authorities.\n"
+    "\n"
     "   nodnscache (disable dns cache)\n"
     "      - s3fs is always using dns cache, this option make dns cache disable.\n"
     "\n"