feature add --no-verify-ssl for skip ssl cert verification

yandex-cloud · Oct 21, 2024 · 9b068a3 · 9b068a3
1 parent c620de7
commit 9b068a3
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/internal/backend_s3.go b/internal/backend_s3.go
@@ -296,7 +296,7 @@ func (s *S3Backend) detectBucketLocationByHEAD() (err error, isAws bool) {
 
 	allowFails := 3
 	for i := 0; i < allowFails; i++ {
-		resp, err = http.DefaultTransport.RoundTrip(req)
+		resp, err = s.S3.Config.HTTPClient.Transport.RoundTrip(req)
 		if err != nil {
 			return
 		}

diff --git a/internal/cfg/conf_s3.go b/internal/cfg/conf_s3.go
@@ -17,6 +17,7 @@ package cfg
 
 import (
 	"crypto/md5"
+	`crypto/tls`
 	"encoding/base64"
 	"fmt"
 	"net/http"
@@ -104,11 +105,19 @@ func (c *S3Config) Init() *S3Config {
 }
 
 func (c *S3Config) ToAwsConfig(flags *FlagStorage) (*aws.Config, error) {
+	tr := &defaultHTTPTransport
+	if flags.NoVerifySSL {
+		if tr.TLSClientConfig != nil {
+			tr.TLSClientConfig.InsecureSkipVerify = true
+		} else {
+			tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		}
+	}
 	awsConfig := (&aws.Config{
 		Region: &c.Region,
 		Logger: GetLogger("s3"),
 	}).WithHTTPClient(&http.Client{
-		Transport: &defaultHTTPTransport,
+		Transport: tr,
 		Timeout:   flags.HTTPTimeout,
 	})
 	if flags.DebugS3 {

diff --git a/internal/cfg/config.go b/internal/cfg/config.go
@@ -105,6 +105,7 @@ type FlagStorage struct {
 	DropPatchConflicts    bool
 	PreferPatchUploads    bool
 	NoPreloadDir          bool
+	NoVerifySSL           bool
 
 	// Debugging
 	DebugMain  bool

diff --git a/internal/cfg/flags.go b/internal/cfg/flags.go
@@ -317,6 +317,11 @@ MISC OPTIONS:
 			Value: 300 * time.Second,
 			Usage: "Maximum delay for AWS SDK retries of throttled requests.",
 		},
+
+		cli.BoolFlag{
+			Name:  "no-verify-ssl",
+			Usage: "skip verify check ssl for s3",
+		},
 	}
 
 	tuningFlags := []cli.Flag{
@@ -888,6 +893,7 @@ func PopulateFlags(c *cli.Context) (ret *FlagStorage) {
 		DropPatchConflicts:     c.Bool("drop-patch-conflicts"),
 		PreferPatchUploads:     c.Bool("prefer-patch-uploads"),
 		NoPreloadDir:           c.Bool("no-preload-dir"),
+		NoVerifySSL:            c.Bool("no-verify-ssl"),
 
 		// Common Backend Config
 		Endpoint:               c.String("endpoint"),