[PATCH 13/30] conf: Add support for modifying ssl validation for https/ftps disks
Ján Tomko
jtomko at redhat.com
Thu Mar 12 16:57:24 UTC 2020
On a Monday in 2020, Peter Krempa wrote:
>To allow turning of verification of SSL cerificates add a new element
turning off
><ssl> to the disk source XML which will allow configuring the validation
>process using the 'verify' attribute.
>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
> docs/formatdomain.html.in | 9 ++++
> docs/schemas/domaincommon.rng | 51 ++++++++++++++++++-
> src/conf/domain_conf.c | 18 +++++++
> src/util/virstoragefile.c | 1 +
> src/util/virstoragefile.h | 1 +
> .../disk-network-http.xml | 9 ++++
> 6 files changed, 87 insertions(+), 2 deletions(-)
>
>diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>index 7e7771725c..8f503f6967 100644
>--- a/docs/formatdomain.html.in
>+++ b/docs/formatdomain.html.in
>@@ -2857,6 +2857,7 @@
> <driver name='qemu' type='raw'/>
> <source protocol="https" name="url_path">
> <host name="hostname" port="443"/>
>+ <ssl verify="no"/>
> </source>
> <target dev='hdf' bus='ide' tray='open'/>
> <readonly/>
>@@ -3383,6 +3384,14 @@
> The <code>offset</code> and <code>size</code> values are in bytes.
> <span class="since">Since 6.1.0</span>
> </dd>
>+ <dt><code>ssl</code></dt>
>+ <dd>
>+ For <code>https</code> and <code>ftps</code> accessed storage it's
>+ possible to tweak the SSL transport parameters with this element.
>+ The <code>verify</code> attribute allows to turn on or of SSL
or off
>+ certificate validation. Supported values are <code>yes</code> and
>+ <code>no</code>. <span class="since">Since 6.1.0</span>
6.2.0
>+ </dd>
> </dl>
>
> <p>
>@@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf,
>
> virStorageSourceInitiatorFormatXML(&src->initiator, childBuf);
>
>+ if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT)
>+ virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n",
>+ virTristateBoolTypeToString(src->sslverify));
>+
Multi-line body without braces.
> return 0;
> }
>
Reviewed-by: Ján Tomko <jtomko at redhat.com>
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200312/d508a737/attachment-0001.sig>
More information about the libvir-list
mailing list