From: Mark Kogan <mkogan@redhat.com>
Date: Sun, 12 Dec 2021 17:30:42 +0000 (+0000)
Subject: rgw: allow specifying ssl certificate for radosgw-admin operations
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7c7633bb6795b410974dc3a61cdc162bfaf15e52;p=ceph.git

rgw: allow specifying ssl certificate for radosgw-admin operations

for example

../src/mrun c2 radosgw-admin realm pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin period pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin period update --commit --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin sync status --rgw_verify_ssl_cacert=./cert.pem

fixes: https://tracker.ceph.com/issues/53588

Signed-off-by: Mark Kogan <mkogan@redhat.com>
---

diff --git a/src/rgw/rgw_http_client.cc b/src/rgw/rgw_http_client.cc
index 670e24ca79c8..9ea8a9bf0d7e 100644
--- a/src/rgw/rgw_http_client.cc
+++ b/src/rgw/rgw_http_client.cc
@@ -316,6 +316,17 @@ std::ostream& RGWHTTPClient::gen_prefix(std::ostream& out) const
 
 void RGWHTTPClient::init()
 {
+  char* ca_bundle = std::getenv("CURL_CA_BUNDLE");
+  if (ca_bundle) {
+    size_t ca_bundle_len = strlen(ca_bundle);
+    size_t max_len = PATH_MAX + NAME_MAX;
+    if (ca_bundle_len > max_len) {
+      ldout(cct, 0) << "ERROR: " << __func__ << "(): CURL_CA_BUNDLE length exceeds the allowed maximum (" << max_len << " chars)" << dendl;
+    } else {
+      set_ca_path(ca_bundle);
+    }
+  }
+
   auto pos = url.find("://");
   if (pos == string::npos) {
     host = url;