Add option to disable SSL verification

README.md

@@ -78,6 +78,8 @@ Options:
     	Initialize gops agent
   -install
     	Install completion for s5cmd command
+  -no-verify
+    	Don't verify SSL certificates
   -numworkers int
     	Number of worker goroutines. Negative numbers mean multiples of the CPU core count. (default 256)
   -r int

complete/complete.go

@@ -202,7 +202,7 @@ func s3predictor(a cmp.Args) []string {
 	}
 
 	// Quickly create a new session with defaults
-	ses, err := core.NewAwsSession(-1, "", "")
+	ses, err := core.NewAwsSession(-1, "", "", false)
 	if err != nil {
 		return nil
 	}

core/s3.go

@@ -3,6 +3,7 @@ package core
 import (
 	"context"
 	"errors"
+	"net/http"
 	"path"
 	"regexp"
 	"strings"
@@ -197,5 +198,11 @@ func GetSessionForBucket(svc *s3.S3, bucket string) (*session.Session, error) {
 
 	endpointURL := svc.Endpoint
 
-	return NewAwsSession(-1, endpointURL, *o.LocationConstraint)
+	noVerifySSL := false
+	transport, ok := svc.Config.HTTPClient.Transport.(*http.Transport)
+	if ok {
+		noVerifySSL = transport.TLSClientConfig.InsecureSkipVerify
+	}
+
+	return NewAwsSession(-1, endpointURL, *o.LocationConstraint, noVerifySSL)
 }

core/worker.go

@@ -2,8 +2,10 @@ package core
 
 import (
 	"context"
+	"crypto/tls"
 	"io"
 	"log"
+	"net/http"
 	"os"
 	"strconv"
 	"sync"
@@ -28,6 +30,7 @@ type WorkerPoolParams struct {
 	DownloadConcurrency    int
 	Retries                int
 	EndpointURL            string
+	NoVerifySSL            bool
 }
 
 // WorkerPool is the state of our worker pool.
@@ -56,7 +59,7 @@ type WorkerParams struct {
 }
 
 // NewAwsSession initializes a new AWS session with region fallback and custom options
-func NewAwsSession(maxRetries int, endpointURL string, region string) (*session.Session, error) {
+func NewAwsSession(maxRetries int, endpointURL string, region string, noVerifySSL bool) (*session.Session, error) {
 	newSession := func(c *aws.Config) (*session.Session, error) {
 		useSharedConfig := session.SharedConfigEnable
 
@@ -77,6 +80,12 @@ func NewAwsSession(maxRetries int, endpointURL string, region string) (*session.
 		verboseLog("Setting Endpoint to %s on AWS Config", endpointURL)
 	}
 
+	if noVerifySSL {
+		awsCfg = awsCfg.WithHTTPClient(&http.Client{Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}})
+	}
+
 	if region != "" {
 		awsCfg = awsCfg.WithRegion(region)
 		return newSession(awsCfg)
@@ -96,7 +105,7 @@ func NewAwsSession(maxRetries int, endpointURL string, region string) (*session.
 
 // NewWorkerPool creates a new worker pool and start the workers.
 func NewWorkerPool(ctx context.Context, params *WorkerPoolParams, st *stats.Stats) *WorkerPool {
-	ses, err := NewAwsSession(params.Retries, params.EndpointURL, "")
+	ses, err := NewAwsSession(params.Retries, params.EndpointURL, "", params.NoVerifySSL)
 	if err != nil {
 		log.Fatal(err)
 	}

s5cmd.go

@@ -56,6 +56,7 @@ func main() {
 		dlPartSize    int
 		dlConcurrency int
 		retries       int
+		noVerify      bool
 	)
 
 	flag.StringVar(&cmdFile, "f", "", "Commands-file or - for stdin")
@@ -70,6 +71,7 @@ func main() {
 	showVersion := flag.Bool("version", false, "Prints current version")
 	gops := flag.Bool("gops", false, "Initialize gops agent")
 	verbose := flag.Bool("vv", false, "Verbose output")
+	flag.BoolVar(&noVerify, "no-verify", false, "Don't verify SSL certificates")
 
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, "%v\n\n", core.UsageLine())
@@ -181,6 +183,7 @@ func main() {
 			DownloadConcurrency:    dlConcurrency,
 			Retries:                retries,
 			EndpointURL:            endpointURL,
+			NoVerifySSL:            noVerify,
 		}, &s)
 	if cmdMode {
 		wp.RunCmd(cmd)