rgw: add "rgw_verify_ssl" config

http_client whether try to verify ssl when sent https request

Signed-off-by: Shasha Lu <lu.shasha@eisoo.com>

doc/radosgw/config-ref.rst

@@ -385,6 +385,13 @@ Ceph configuration file, the default value will be set automatically.
 :Default: ``-1``
 
 
+``rgw verify ssl``
+
+:Description: Verify SSL certificates while making requests.
+:Type: Boolean
+:Default: ``true``
+
+
 Regions
 =======
 

src/common/config_opts.h

@@ -1545,6 +1545,7 @@ OPTION(rgw_op_thread_suicide_timeout, OPT_INT, 0)
 OPTION(rgw_thread_pool_size, OPT_INT, 100)
 OPTION(rgw_num_control_oids, OPT_INT, 8)
 OPTION(rgw_num_rados_handles, OPT_U32, 1)
+OPTION(rgw_verify_ssl, OPT_BOOL, true) // should http_client try to verify ssl when sent https request
 
 /* The following are tunables for caches of RGW NFS (and other file
  * client) objects.

src/rgw/rgw_http_client.cc

@@ -355,6 +355,11 @@ int RGWHTTPClient::init_request(const char *method, const char *url, rgw_http_re
   if (has_send_len) {
     curl_easy_setopt(easy_handle, CURLOPT_INFILESIZE, (void *)send_len); 
   }
+  if (!verify_ssl) {
+    curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYPEER, 0L);
+    curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYHOST, 0L);
+    dout(20) << "ssl verification is set to off" << dendl;
+  }
   curl_easy_setopt(easy_handle, CURLOPT_PRIVATE, (void *)req_data);
 
   return 0;

src/rgw/rgw_http_client.h

@@ -93,7 +93,7 @@ public:
       http_status(HTTP_STATUS_NOSTATUS),
       req_data(nullptr),
       user_info(nullptr),
-      verify_ssl(true),
+      verify_ssl(cct->_conf->rgw_verify_ssl),
       cct(cct) {
   }