mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2026-04-25 13:26:00 +03:00
[GH-ISSUE #640] unclear if certs validation is occuring? #364
Labels
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/s3fs-fuse#364
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @quadgnim on GitHub (Sep 14, 2017).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/640
I noticed in https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs.cpp, line 4938 indicates the cert validation logic is commented out. Can anyone verify if this is being done elsewhere, and if not, why is it commented out, is there a problem with it? to protect from man in the middle attacks, we'd very much like to see cert validation against the s3 endpoint ocuring. Is this in the plans to enable soon?
@ggtakec commented on GitHub (Sep 17, 2017):
@quadgnim
This comment is outdated.
(We will delete comments at a later date.)
By default we are checking with CURLOPT_SSL_VERIFYHOST.
https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/curl.cpp#L1589
If you do not want to check, please specify ssl_verify_hostname = 0.
Currently, even if "." (Period) is included in the bucket name, it will work if you set use_path_request_style.
https://github.com/s3fs-fuse/s3fs-fuse/wiki/FAQ#q-https-connecting-failed-if-bucket-name-includes-dod
@gaul commented on GitHub (Mar 15, 2019):
As demonstrated by S3Proxy unit tests, SSL validation occurs and we specifically need to disable it for this self-signed certificate. Please reopen if I misunderstand this issue.