From 4a93faa2eec8077edb4c35a20b6b66bc610a6e4a Mon Sep 17 00:00:00 2001 From: Jiffin Tony Thottan Date: Mon, 19 Oct 2020 23:42:58 +0530 Subject: [PATCH] rgw: add seperate option for verify ssl for vault KMS engine Signed-off-by: Jiffin Tony Thottan --- src/common/options/rgw.yaml.in | 9 +++++++++ src/rgw/rgw_kms.cc | 2 ++ 2 files changed, 11 insertions(+) diff --git a/src/common/options/rgw.yaml.in b/src/common/options/rgw.yaml.in index 9a7398d5f6dcf..a14953594feed 100644 --- a/src/common/options/rgw.yaml.in +++ b/src/common/options/rgw.yaml.in @@ -2376,6 +2376,15 @@ options: - rgw_crypt_vault_auth - rgw_crypt_vault_addr with_legacy: true +# Enable TLS authentication rgw and vault +- name: rgw_crypt_vault_verify_ssl + type: bool + level: advanced + desc: Should RGW verify the vault server SSL certificate. + default: true + services: + - rgw + with_legacy: true - name: rgw_crypt_kmip_addr type: str level: advanced diff --git a/src/rgw/rgw_kms.cc b/src/rgw/rgw_kms.cc index 8542d483d4827..92c593ed64097 100644 --- a/src/rgw/rgw_kms.cc +++ b/src/rgw/rgw_kms.cc @@ -252,6 +252,8 @@ protected: secret_req.append_header("X-Vault-Namespace", vault_namespace); } + secret_req.set_verify_ssl(cct->_conf->rgw_crypt_vault_verify_ssl); + res = secret_req.process(null_yield); if (res < 0) { ldout(cct, 0) << "ERROR: Request to Vault failed with error " << res << dendl; -- 2.39.5