rgw: add "rgw_verify_ssl" config

author lu.shasha <lu.shasha@eisoo.com>

Fri, 26 May 2017 09:01:49 +0000 (17:01 +0800)

committer lu.shasha <lu.shasha@eisoo.com>

Sat, 27 May 2017 09:39:32 +0000 (17:39 +0800)
author lu.shasha <lu.shasha@eisoo.com>
Fri, 26 May 2017 09:01:49 +0000 (17:01 +0800)
committer lu.shasha <lu.shasha@eisoo.com>
Sat, 27 May 2017 09:39:32 +0000 (17:39 +0800)
diff --git a/doc/radosgw/config-ref.rst b/doc/radosgw/config-ref.rst

index 8a9c39e858848269daa9472d0265b92a10cf305a..0109fc0c24b98ebeecdf5f963d22b180dcb4f0c7 100644 (file)
--- a/doc/radosgw/config-ref.rst
+++ b/doc/radosgw/config-ref.rst
@@ -385,6 +385,13 @@ Ceph configuration file, the default value will be set automatically.
  :Default: ``-1``
  
  
+``rgw verify ssl``
+
+:Description: Verify SSL certificates while making requests.
+:Type: Boolean
+:Default: ``true``
+
+
  Regions
  =======
  
diff --git a/src/common/config_opts.h b/src/common/config_opts.h

index 122e84401fe8aca27e62df43cd554e2846937a0e..517e48766c1420300d6f4eaafd0e5415bdf50b23 100644 (file)
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -1545,6 +1545,7 @@ OPTION(rgw_op_thread_suicide_timeout, OPT_INT, 0)
  OPTION(rgw_thread_pool_size, OPT_INT, 100)
  OPTION(rgw_num_control_oids, OPT_INT, 8)
  OPTION(rgw_num_rados_handles, OPT_U32, 1)
+OPTION(rgw_verify_ssl, OPT_BOOL, true) // should http_client try to verify ssl when sent https request
  
  /* The following are tunables for caches of RGW NFS (and other file
   * client) objects.
diff --git a/src/rgw/rgw_http_client.cc b/src/rgw/rgw_http_client.cc

index 81c4c6ef6bca3480135f600bf65b4c43a612825f..3b5e22fdc00f85793b5779faf37e85f5938fbff2 100644 (file)
--- a/src/rgw/rgw_http_client.cc
+++ b/src/rgw/rgw_http_client.cc
@@ -355,6 +355,11 @@ int RGWHTTPClient::init_request(const char *method, const char *url, rgw_http_re
    if (has_send_len) {
      curl_easy_setopt(easy_handle, CURLOPT_INFILESIZE, (void *)send_len); 
    }
+  if (!verify_ssl) {
+    curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYPEER, 0L);
+    curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYHOST, 0L);
+    dout(20) << "ssl verification is set to off" << dendl;
+  }
    curl_easy_setopt(easy_handle, CURLOPT_PRIVATE, (void *)req_data);
  
    return 0;
diff --git a/src/rgw/rgw_http_client.h b/src/rgw/rgw_http_client.h

index cbe4f3d031210ec86639e1d04c68f4daa8f52ca4..6d74242502dc8cc95937ca4c6214461ca1460e1f 100644 (file)
--- a/src/rgw/rgw_http_client.h
+++ b/src/rgw/rgw_http_client.h
@@ -93,7 +93,7 @@ public:
        http_status(HTTP_STATUS_NOSTATUS),
        req_data(nullptr),
        user_info(nullptr),
-      verify_ssl(true),
+      verify_ssl(cct->_conf->rgw_verify_ssl),
        cct(cct) {
    }
author	lu.shasha <lu.shasha@eisoo.com>
	Fri, 26 May 2017 09:01:49 +0000 (17:01 +0800)
committer	lu.shasha <lu.shasha@eisoo.com>
	Sat, 27 May 2017 09:39:32 +0000 (17:39 +0800)
doc/radosgw/config-ref.rst		patch \| blob \| history
src/common/config_opts.h		patch \| blob \| history
src/rgw/rgw_http_client.cc		patch \| blob \| history
src/rgw/rgw_http_client.h		patch \| blob \| history