extern/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2024-11-29 11:55:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add option to disable server certificate verification.

Browse Source 
The option name mirrors the 'wget' option (also `--no-check-certificate`). The cURL equivalent is called `--insecure`, which is a bit unclear.

Put in the "developers" section in documentation with proper warnings.

Fixes #168
This commit is contained in:
klauspost 2015-10-29 16:42:25 +01:00
parent 1b95718460
commit b872ff0237
2 changed files with 37 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/content/docs.md
View File

@ -294,6 +294,18 @@ here which are used for testing. These start with remote name eg
Write cpu profile to file. This can be analysed with `go tool pprof`. Write cpu profile to file. This can be analysed with `go tool pprof`.
### --no-check-certificate=true/false ###
`--no-check-certificate` controls whether a client verifies the
server's certificate chain and host name.
If `--no-check-certificate` is true, TLS accepts any certificate
presented by the server and any host name in that certificate.
In this mode, TLS is susceptible to man-in-the-middle attacks.
This option defaults to `false`.
**This should be used only for testing.**
Filtering Filtering
--------- ---------

12
fs/config.go
View File

@ -17,6 +17,7 @@ import (
"strings" "strings"
"time" "time"
"crypto/tls"
"github.com/Unknwon/goconfig" "github.com/Unknwon/goconfig"
"github.com/mreiferson/go-httpclient" "github.com/mreiferson/go-httpclient"
"github.com/spf13/pflag" "github.com/spf13/pflag"
@ -53,6 +54,7 @@ var (
timeout = pflag.DurationP("timeout", "", 5*60*time.Second, "IO idle timeout") timeout = pflag.DurationP("timeout", "", 5*60*time.Second, "IO idle timeout")
dumpHeaders = pflag.BoolP("dump-headers", "", false, "Dump HTTP headers - may contain sensitive info") dumpHeaders = pflag.BoolP("dump-headers", "", false, "Dump HTTP headers - may contain sensitive info")
dumpBodies = pflag.BoolP("dump-bodies", "", false, "Dump HTTP headers and bodies - may contain sensitive info") dumpBodies = pflag.BoolP("dump-bodies", "", false, "Dump HTTP headers and bodies - may contain sensitive info")
skipVerify = pflag.BoolP("no-check-certificate", "", false, "Do not verify the server SSL certificate. Insecure.")
bwLimit SizeSuffix bwLimit SizeSuffix
) )
@ -161,6 +163,7 @@ type ConfigInfo struct {
DumpHeaders bool DumpHeaders bool
DumpBodies bool DumpBodies bool
Filter *Filter Filter *Filter
InsecureSkipVerify bool // Skip server certificate verification
} }
// Transport returns an http.RoundTripper with the correct timeouts // Transport returns an http.RoundTripper with the correct timeouts
@ -187,6 +190,14 @@ func (ci *ConfigInfo) Transport() http.RoundTripper {
// ReadWriteTimeout, if non-zero, will set a deadline for every Read and // ReadWriteTimeout, if non-zero, will set a deadline for every Read and
// Write operation on the request connection. // Write operation on the request connection.
ReadWriteTimeout: ci.Timeout, ReadWriteTimeout: ci.Timeout,
// InsecureSkipVerify controls whether a client verifies the
// server's certificate chain and host name.
// If InsecureSkipVerify is true, TLS accepts any certificate
// presented by the server and any host name in that certificate.
// In this mode, TLS is susceptible to man-in-the-middle attacks.
// This should be used only for testing.
TLSClientConfig: &tls.Config{InsecureSkipVerify: ci.InsecureSkipVerify},
} }
if ci.DumpHeaders || ci.DumpBodies { if ci.DumpHeaders || ci.DumpBodies {
return NewLoggedTransport(t, ci.DumpBodies) return NewLoggedTransport(t, ci.DumpBodies)
@ -239,6 +250,7 @@ func LoadConfig() {
Config.SizeOnly = *sizeOnly Config.SizeOnly = *sizeOnly
Config.DumpHeaders = *dumpHeaders Config.DumpHeaders = *dumpHeaders
Config.DumpBodies = *dumpBodies Config.DumpBodies = *dumpBodies
Config.InsecureSkipVerify = *skipVerify
ConfigPath = *configFile ConfigPath = *configFile