[libvirt] [PATCH 3/3] qemu: command: Implement ssl verification configuration
Peter Krempa
pkrempa at redhat.com
Thu Apr 27 17:04:25 UTC 2017
Allow disabling of SSL certificate validation for HTTPS and FTPS drives
in qemu.
---
src/qemu/qemu_command.c | 27 ++++++++++++++++++++--
.../qemuxml2argv-disk-drive-network-http.args | 2 +-
.../qemuxml2argv-disk-drive-network-http.xml | 1 +
3 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 980559859..a54b48eaf 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1537,14 +1537,37 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
case VIR_STORAGE_NET_PROTOCOL_ISCSI:
case VIR_STORAGE_NET_PROTOCOL_FTP:
- case VIR_STORAGE_NET_PROTOCOL_FTPS:
case VIR_STORAGE_NET_PROTOCOL_TFTP:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_LAST:
break;
- case VIR_STORAGE_NET_PROTOCOL_HTTP:
+ case VIR_STORAGE_NET_PROTOCOL_FTPS:
+ if (disk->src->sslverify != 0) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCK_CURL_OPTIONS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu does not support ssl options"));
+ goto cleanup;
+ }
+
+ virBufferAsprintf(buf, "file.sslverify=%s,",
+ virTristateSwitchTypeToString(disk->src->sslverify));
+ }
+ break;
+
case VIR_STORAGE_NET_PROTOCOL_HTTPS:
+ if (disk->src->sslverify != 0) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCK_CURL_OPTIONS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu does not support ssl options"));
+ goto cleanup;
+ }
+
+ virBufferAsprintf(buf, "file.sslverify=%s,",
+ virTristateSwitchTypeToString(disk->src->sslverify));
+ }
+ /* fallthrough */
+ case VIR_STORAGE_NET_PROTOCOL_HTTP:
if (disk->src->ncookies > 0) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCK_CURL_OPTIONS)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args
index fb4a3506f..e1bfd42a8 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args
@@ -30,7 +30,7 @@ file.cookie=test=testcookievalue; test2=blurb,format=raw,if=none,\
id=drive-virtio-disk2' \
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,\
id=virtio-disk2 \
--drive 'file=https://example.org:1234/test4.img,\
+-drive 'file=https://example.org:1234/test4.img,file.sslverify=off,\
file.cookie=test=testcookievalue; test2=blurb,format=raw,if=none,\
id=drive-virtio-disk3' \
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,\
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml
index c5da23604..114480024 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml
@@ -47,6 +47,7 @@
<cookie name='test'>testcookievalue</cookie>
<cookie name='test2'>blurb</cookie>
</cookies>
+ <ssl verify='no'/>
</source>
<target dev='vdd' bus='virtio'/>
</disk>
--
2.12.2
More information about the libvir-list
mailing list