[libvirt] Query regarding no_verify in uri
Matthias Bolte
matthias.bolte at googlemail.com
Fri Feb 26 20:15:32 UTC 2010
2010/2/26 Sharadha Prabhakar (3P) <sharadha.prabhakar at citrix.com>:
> Hi Daniel,
> I've submitted my XenAPI driver in 2parts before sometime with all the
> changes you had suggested. The following is possibly the only one that's not
> handled.
>
>> + curl_easy_setopt(curl, CURLOPT_POST, 1);
>> + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
>> + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len);
>> + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
>> + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
>
>>You shouldn't disable SSL verification here. It should be on by default.
>>For consistency with other libvirt drivers, you may wish to allow your
>>xenapi:/// uri to have an optional 'no_verify=1' parameter to turn
>>off SSL verification. It should always be verifying by default though.
>
> For now I have enabled verify SSL. I'm not sure about how libvirt hands
> Over the no_verify=1 part that the user types in the URI to my driver.
> virDrvOpen only receives the URI elements from 'conn' parameter.
> I couldn't find this information embedded in 'conn'?
> Could you explain how to get this information?
> Regards,
> Sharadha
>
See esxOpen and esxUtil_ParseQuery for an example how the ESX driver
implements this.
Matthias
More information about the libvir-list
mailing list