4 files changed, 28 insertions, 9 deletions

diff --git a/man/en/sos-report.1 b/man/en/sos-report.1
index 1e626e09..7a6813c2 100644
--- a/man/en/sos-report.1
+++ b/man/en/sos-report.1
@@ -35,6 +35,7 @@ sosreport \- Collect and package diagnostic and support data
           [--encrypt-pass PASS]\fR
           [--upload] [--upload-url url] [--upload-user user]\fR
           [--upload-directory dir] [--upload-pass pass]\fR
+          [--upload-no-ssl-verify] [--upload-method]\fR
           [--experimental]\fR
           [-h|--help]\fR
 
@@ -367,7 +368,14 @@ Specify the HTTP method to use for uploading to the provided --upload-url. Valid
 values are 'auto' (default), 'put', or 'post'. The use of 'auto' will default to
 the method required by the policy-default upload location, if one exists.
 
-This option has no effect on upload methods other than HTTPS.
+This option has no effect on upload protocols other than HTTPS.
+.TP
+.B \--upload-no-ssl-verify
+Disable SSL verification for HTTPS uploads. This may be used to allow uploading
+to locations that have self-signed certificates, or certificates that are otherwise
+untrusted by the local system.
+
+Default behavior is to perform SSL verification against all upload locations.
 .TP
 .B \--experimental
 Enable plugins marked as experimental. Experimental plugins may not have
diff --git a/sos/collector/__init__.py b/sos/collector/__init__.py
index e9f06c35..5d1c599a 100644
--- a/sos/collector/__init__.py
+++ b/sos/collector/__init__.py
@@ -101,7 +101,8 @@ class SoSCollector(SoSComponent):
         'upload_directory': None,
         'upload_user': None,
         'upload_pass': None,
-        'upload_method': 'auto'
+        'upload_method': 'auto',
+        'upload_no_ssl_verify': False
     }
 
     def __init__(self, parser, parsed_args, cmdline_args):
@@ -368,7 +369,10 @@ class SoSCollector(SoSComponent):
         collect_grp.add_argument("--upload-method", default='auto',
                                  choices=['auto', 'put', 'post'],
                                  help="HTTP method to use for uploading")
-
+        collect_grp.add_argument("--upload-no-ssl-verify", default=False,
+                                 action='store_true',
+                                 help="Disable SSL verification for upload url"
+                                 )
         # Group the cleaner options together
         cleaner_grp = parser.add_argument_group(
             'Cleaner/Masking Options',
diff --git a/sos/policies/distros/__init__.py b/sos/policies/distros/__init__.py
index b9a4d0d8..4268688c 100644
--- a/sos/policies/distros/__init__.py
+++ b/sos/policies/distros/__init__.py
@@ -373,7 +373,7 @@ class LinuxPolicy(Policy):
         """
         raise NotImplementedError("SFTP support is not yet implemented")
 
-    def _upload_https_put(self, archive):
+    def _upload_https_put(self, archive, verify=True):
         """If upload_https() needs to use requests.put(), use this method.
 
         Policies should override this method instead of the base upload_https()
@@ -381,14 +381,15 @@ class LinuxPolicy(Policy):
         :param archive:     The open archive file object
         """
         return requests.put(self.get_upload_url(), data=archive,
-                            auth=self.get_upload_https_auth())
+                            auth=self.get_upload_https_auth(),
+                            verify=verify)
 
     def _get_upload_headers(self):
         """Define any needed headers to be passed with the POST request here
         """
         return {}
 
-    def _upload_https_post(self, archive):
+    def _upload_https_post(self, archive, verify=True):
         """If upload_https() needs to use requests.post(), use this method.
 
         Policies should override this method instead of the base upload_https()
@@ -400,7 +401,8 @@ class LinuxPolicy(Policy):
                      self._get_upload_headers())
         }
         return requests.post(self.get_upload_url(), files=files,
-                             auth=self.get_upload_https_auth())
+                             auth=self.get_upload_https_auth(),
+                             verify=verify)
 
     def upload_https(self):
         """Attempts to upload the archive to an HTTPS location.
@@ -419,10 +421,11 @@ class LinuxPolicy(Policy):
                 method = self._upload_method
             else:
                 method = self.commons['cmdlineopts'].upload_method
+            verify = self.commons['cmdlineopts'].upload_no_ssl_verify is False
             if method == 'put':
-                r = self._upload_https_put(arc)
+                r = self._upload_https_put(arc, verify)
             else:
-                r = self._upload_https_post(arc)
+                r = self._upload_https_post(arc, verify)
             if r.status_code != 201:
                 if r.status_code == 401:
                     raise Exception(
diff --git a/sos/report/__init__.py b/sos/report/__init__.py
index 64e414a6..90ba2970 100644
--- a/sos/report/__init__.py
+++ b/sos/report/__init__.py
@@ -119,6 +119,7 @@ class SoSReport(SoSComponent):
         'upload_user': None,
         'upload_pass': None,
         'upload_method': 'auto',
+        'upload_no_ssl_verify': False,
         'add_preset': '',
         'del_preset': ''
     }
@@ -303,6 +304,9 @@ class SoSReport(SoSComponent):
         report_grp.add_argument("--upload-method", default='auto',
                                 choices=['auto', 'put', 'post'],
                                 help="HTTP method to use for uploading")
+        report_grp.add_argument("--upload-no-ssl-verify", default=False,
+                                action='store_true',
+                                help="Disable SSL verification for upload url")
 
         # Group to make add/del preset exclusive
         preset_grp = report_grp.add_mutually_exclusive_group()