[PATCH 13/30] conf: Add support for modifying ssl validation for https/ftps disks

Ján Tomko jtomko at redhat.com
Thu Mar 12 16:57:24 UTC 2020


On a Monday in 2020, Peter Krempa wrote:
>To allow turning of verification of SSL cerificates add a new element

turning off

><ssl> to the disk source XML which will allow configuring the validation
>process using the 'verify' attribute.
>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
> docs/formatdomain.html.in                     |  9 ++++
> docs/schemas/domaincommon.rng                 | 51 ++++++++++++++++++-
> src/conf/domain_conf.c                        | 18 +++++++
> src/util/virstoragefile.c                     |  1 +
> src/util/virstoragefile.h                     |  1 +
> .../disk-network-http.xml                     |  9 ++++
> 6 files changed, 87 insertions(+), 2 deletions(-)
>
>diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>index 7e7771725c..8f503f6967 100644
>--- a/docs/formatdomain.html.in
>+++ b/docs/formatdomain.html.in
>@@ -2857,6 +2857,7 @@
>     <driver name='qemu' type='raw'/>
>     <source protocol="https" name="url_path">
>       <host name="hostname" port="443"/>
>+      <ssl verify="no"/>
>     </source>
>     <target dev='hdf' bus='ide' tray='open'/>
>     <readonly/>
>@@ -3383,6 +3384,14 @@
>             The <code>offset</code> and <code>size</code> values are in bytes.
>             <span class="since">Since 6.1.0</span>
>           </dd>
>+          <dt><code>ssl</code></dt>
>+          <dd>
>+            For <code>https</code> and <code>ftps</code> accessed storage it's
>+            possible to tweak the SSL transport parameters with this element.
>+            The <code>verify</code> attribute allows to turn on or of SSL

or off

>+            certificate validation. Supported values are <code>yes</code> and
>+            <code>no</code>. <span class="since">Since 6.1.0</span>

6.2.0

>+          </dd>
>         </dl>
>
>         <p>
>@@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf,
>
>     virStorageSourceInitiatorFormatXML(&src->initiator, childBuf);
>
>+    if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT)
>+        virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n",
>+                          virTristateBoolTypeToString(src->sslverify));
>+

Multi-line body without braces.

>     return 0;
> }
>

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200312/d508a737/attachment-0001.sig>


More information about the libvir-list mailing list