@@ -78,6 +78,7 @@ class Config(object):

     gpg_decrypt = "%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s"

     use_https = False

     ca_certs_file = ""

+    check_ssl_certificate = True

     bucket_location = "US"

     default_mime_type = "binary/octet-stream"

     guess_mime_type = True

@@ -20,6 +20,24 @@ class http_connection(object):

     context_set = False

     @staticmethod

+    def _ssl_unverified_context():

+        context = None

+        try:

+            context = ssl._create_unverified_context()

+        except AttributeError: # no ssl._create_unverified_context()

+            pass

+        return context

+

+    @staticmethod

+    def _ssl_verified_context(cafile):

+        context = None

+        try:

+            context = ssl.create_default_context(cafile=cafile)

+        except AttributeError: # no ssl.create_default_context

+            pass

+        return context

+

+    @staticmethod

     def _ssl_context():

         if http_connection.context_set:

             return http_connection.context

@@ -29,23 +47,21 @@ class http_connection(object):

         if cafile == "":

             cafile = None

         debug(u"Using ca_certs_file %s" % cafile)

-        try:

-            http_connection.context = ssl.create_default_context(cafile=cafile)

-            http_connection.context_set = True

-        except AttributeError: # no ssl.create_default_context

-            try:

-                http_connection.context = ssl._create_unverified_context()

-            except AttributeError: # no ssl._create_unverified_context()

-                pass

+        if cfg.check_ssl_certificate:

+            context = http_connection._ssl_verified_context(cafile)

+        else:

+            context = http_connection._ssl_unverified_context()

+

+        http_connection.context = context

         http_connection.context_set = True

-        return http_connection.context

+        return context

     @staticmethod

     def _https_connection(hostname):

         try:

             context = http_connection._ssl_context()

-            conn = httplib.HTTPSConnection(hostname, context=http_connection.context)

+            conn = httplib.HTTPSConnection(hostname, context=context)

         except TypeError:

             conn = httplib.HTTPSConnection(hostname)

         return conn

@@ -2223,6 +2223,8 @@ def main():

     optparser.add_option(      "--cache-file", dest="cache_file", action="store", default="",  metavar="FILE", help="Cache FILE containing local source MD5 values")

     optparser.add_option("-q", "--quiet", dest="quiet", action="store_true", default=False, help="Silence output on stdout")

     optparser.add_option("--ca-certs", dest="ca_certs_file", action="store", default=None, help="Path to SSL CA certificate FILE (instead of system default)")

+    optparser.add_option("--check-certificate", dest="check_ssl_certificate", action="store_true", help="Check SSL certificate validity")

+    optparser.add_option("--no-check-certificate", dest="check_ssl_certificate", action="store_false", help="Check SSL certificate validity")

     optparser.set_usage(optparser.usage + " COMMAND [parameters]")

     optparser.set_description('S3cmd is a tool for managing objects in '+