From 1c738a6d0f64db2240d44fbf00cfc4ae90279694 Mon Sep 17 00:00:00 2001
From: Mark Kogan <mkogan@redhat.com>
Date: Sun, 12 Dec 2021 17:30:42 +0000
Subject: [PATCH] rgw: allow specifying ssl certificate for radosgw-admin
 operations

for example

../src/mrun c2 radosgw-admin realm pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin period pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin period update --commit --rgw_verify_ssl_cacert=./cert.pem

../src/mrun c2 radosgw-admin sync status --rgw_verify_ssl_cacert=./cert.pem

fixes: https://tracker.ceph.com/issues/53588

Signed-off-by: Mark Kogan <mkogan@redhat.com>
(cherry picked from commit 7c7633bb6795b410974dc3a61cdc162bfaf15e52)
---
 src/rgw/rgw_http_client.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/rgw/rgw_http_client.cc b/src/rgw/rgw_http_client.cc
index ada99307ea383..47e434407936b 100644
--- a/src/rgw/rgw_http_client.cc
+++ b/src/rgw/rgw_http_client.cc
@@ -316,6 +316,17 @@ std::ostream& RGWHTTPClient::gen_prefix(std::ostream& out) const
 
 void RGWHTTPClient::init()
 {
+  char* ca_bundle = std::getenv("CURL_CA_BUNDLE");
+  if (ca_bundle) {
+    size_t ca_bundle_len = strlen(ca_bundle);
+    size_t max_len = PATH_MAX + NAME_MAX;
+    if (ca_bundle_len > max_len) {
+      ldout(cct, 0) << "ERROR: " << __func__ << "(): CURL_CA_BUNDLE length exceeds the allowed maximum (" << max_len << " chars)" << dendl;
+    } else {
+      set_ca_path(ca_bundle);
+    }
+  }
+
   auto pos = url.find("://");
   if (pos == string::npos) {
     host = url;
-- 
2.39.5