[PR #2797] [MERGED] Add security warnings for disabled SSL verification options #2796

New issue

Closed

opened 2026-03-04 02:07:20 +03:00 by kerem · 0 comments

kerem commented

2026-03-04 02:07:20 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/s3fs-fuse/s3fs-fuse/pull/2797
Author: @CarstenGrohmann
Created: 2/1/2026
Status: ✅ Merged
Merged: 2/25/2026
Merged by: @gaul

Base: master ← Head: add_cert_warning

📝 Commits (2)

3dd25ab Add security warnings for disabled SSL verification
6d51ae6 Fix ssl_verify_hostname documentation to match code

📊 Changes

5 files changed (+32 additions, -11 deletions)

View changed files

📝 doc/man/s3fs.1.in (+13 -4)
📝 src/curl.cpp (+3 -3)
📝 src/curl.h (+1 -0)
📝 src/s3fs_help.cpp (+6 -4)
📝 src/s3fs_util.cpp (+9 -0)

📄 Description

This PR improves user awareness when SSL/TLS verification is disabled via no_check_certificate or ssl_verify_hostname=0. Previously, these security-critical options had minimal or no warnings, making it easy to accidentally deploy insecure configurations to production.

Changes:

Add startup warnings (WARN level) when SSL verification is disabled
Add debug logging when SSL options are in effect during connections
Add IsCertCheck() getter to S3fsCurl class
Update man page and help text with MITM attack warnings
Fix ssl_verify_hostname documentation: default is "1", not "2"

Additionally, the documentation now explicitly warns:

WARNING: This makes the connection vulnerable to man-in-the-middle attacks. Only use this option for testing. Do not use in production environments.

Documentation Fix:

The ssl_verify_hostname option was documented with default="2", but the code defaults to 1 and only accepts values 0 or 1. This has been corrected to default="1" with descriptions for both values.

Discussion:

What do you think about converting ssl_verify_hostname=0 to a boolean option like no_ssl_verify_hostname?

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/s3fs-fuse/s3fs-fuse/pull/2797 **Author:** [@CarstenGrohmann](https://github.com/CarstenGrohmann) **Created:** 2/1/2026 **Status:** ✅ Merged **Merged:** 2/25/2026 **Merged by:** [@gaul](https://github.com/gaul) **Base:** `master` ← **Head:** `add_cert_warning` --- ### 📝 Commits (2) - [`3dd25ab`](https://github.com/s3fs-fuse/s3fs-fuse/commit/3dd25abd29f0fd97ae270ff5729bd5e73b350342) Add security warnings for disabled SSL verification - [`6d51ae6`](https://github.com/s3fs-fuse/s3fs-fuse/commit/6d51ae6799533e5ccff318f3303e08a907266c8d) Fix ssl_verify_hostname documentation to match code ### 📊 Changes **5 files changed** (+32 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `doc/man/s3fs.1.in` (+13 -4) 📝 `src/curl.cpp` (+3 -3) 📝 `src/curl.h` (+1 -0) 📝 `src/s3fs_help.cpp` (+6 -4) 📝 `src/s3fs_util.cpp` (+9 -0) </details> ### 📄 Description This PR improves user awareness when SSL/TLS verification is disabled via `no_check_certificate` or `ssl_verify_hostname=0`. Previously, these security-critical options had minimal or no warnings, making it easy to accidentally deploy insecure configurations to production. **Changes:** - Add startup warnings (WARN level) when SSL verification is disabled - Add debug logging when SSL options are in effect during connections - Add `IsCertCheck()` getter to `S3fsCurl` class - Update man page and help text with MITM attack warnings - Fix `ssl_verify_hostname` documentation: default is "1", not "2" Additionally, the documentation now explicitly warns: WARNING: This makes the connection vulnerable to man-in-the-middle attacks. Only use this option for testing. Do not use in production environments. **Documentation Fix:** The ssl_verify_hostname option was documented with default="2", but the code defaults to 1 and only accepts values 0 or 1. This has been corrected to default="1" with descriptions for both values. **Discussion:** What do you think about converting `ssl_verify_hostname=0` to a boolean option like `no_ssl_verify_hostname`? --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>