From nobody Mon Apr 29 04:43:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1493377897486434.6592578495447;
 Fri, 28 Apr 2017 04:11:37 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EA1C64E4F5;
	Fri, 28 Apr 2017 11:11:35 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C41D28FBF0;
	Fri, 28 Apr 2017 11:11:35 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 719C518523D3;
	Fri, 28 Apr 2017 11:11:35 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v3SBAW3D004430 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 28 Apr 2017 07:10:32 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 7FA199533A; Fri, 28 Apr 2017 11:10:32 +0000 (UTC)
Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com
 [10.34.129.47])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D5B7B9533D;
	Fri, 28 Apr 2017 11:10:31 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EA1C64E4F5
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com EA1C64E4F5
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 28 Apr 2017 13:10:24 +0200
Message-Id: 
 <182e3f16f10b7d1624fee376ac83845b00fadffb.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH v2 1/4] qemu: capabilities: Add capability for the
	sslverify curl driver option
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Fri, 28 Apr 2017 11:11:36 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The option allows setting verifiaction of the SSL certificate for HTTPS
and FTPS based disks.
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 +
 3 files changed, 4 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index d34790768..2536ac09d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -365,6 +365,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
               "block-write-threshold",
               "query-named-block-nodes",
               "cpu-cache",
+              "block-curl-sslverify",
     );


@@ -1719,6 +1720,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjec=
tPropsUSBNECXHCI[] =3D {
 static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] =3D {
     { "blockdev-add/arg-type/options/+gluster/debug-level", QEMU_CAPS_GLUS=
TER_DEBUG_LEVEL},
     { "blockdev-add/arg-type/+gluster/debug", QEMU_CAPS_GLUSTER_DEBUG_LEVE=
L},
+    { "blockdev-add/arg-type/+https/sslverify", QEMU_CAPS_BLOCK_CURL_SSLVE=
RIFY},
 };

 struct virQEMUCapsObjectTypeProps {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 47649c945..c582f765c 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -402,6 +402,7 @@ typedef enum {
     QEMU_CAPS_BLOCK_WRITE_THRESHOLD, /* BLOCK_WRITE_THRESHOLD event */
     QEMU_CAPS_QUERY_NAMED_BLOCK_NODES, /* qmp query-named-block-nodes */
     QEMU_CAPS_CPU_CACHE, /* -cpu supports host-cache-info and l3-cache pro=
perties */
+    QEMU_CAPS_BLOCK_CURL_SSLVERIFY, /* sslverify and other curl driver opt=
ions */

     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_2.9.0.x86_64.xml
index fccb469fe..d56893d87 100644
--- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
@@ -209,6 +209,7 @@
   <flag name=3D'block-write-threshold'/>
   <flag name=3D'query-named-block-nodes'/>
   <flag name=3D'cpu-cache'/>
+  <flag name=3D'block-curl-sslverify'/>
   <version>2009000</version>
   <kvmVersion>0</kvmVersion>
   <package> (v2.9.0)</package>
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 04:43:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1493377886772838.7540075452376;
 Fri, 28 Apr 2017 04:11:26 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E6B6867ECB;
	Fri, 28 Apr 2017 11:11:24 +0000 (UTC)
Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C1E258B32C;
	Fri, 28 Apr 2017 11:11:24 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7138F5ED66;
	Fri, 28 Apr 2017 11:11:24 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v3SBAXMu004438 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 28 Apr 2017 07:10:33 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 734DD9533A; Fri, 28 Apr 2017 11:10:33 +0000 (UTC)
Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com
 [10.34.129.47])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C9E5378352;
	Fri, 28 Apr 2017 11:10:32 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E6B6867ECB
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E6B6867ECB
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 28 Apr 2017 13:10:25 +0200
Message-Id: 
 <7c4a6a410b076b1d8b5d4be850282c565dc5f446.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH v2 2/4] conf: Use only one temporary string in
	virDomainDiskSourceParse
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Fri, 28 Apr 2017 11:11:25 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

---
 src/conf/domain_conf.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5a736c853..c40a5a7a6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7526,7 +7526,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
                          virStorageSourcePtr src)
 {
     int ret =3D -1;
-    char *protocol =3D NULL;
+    char *tmp =3D NULL;
     xmlNodePtr saveNode =3D ctxt->node;

     ctxt->node =3D node;
@@ -7542,17 +7542,18 @@ virDomainDiskSourceParse(xmlNodePtr node,
         src->path =3D virXMLPropString(node, "dir");
         break;
     case VIR_STORAGE_TYPE_NETWORK:
-        if (!(protocol =3D virXMLPropString(node, "protocol"))) {
+        if (!(tmp =3D virXMLPropString(node, "protocol"))) {
             virReportError(VIR_ERR_XML_ERROR, "%s",
                            _("missing network source protocol type"));
             goto cleanup;
         }

-        if ((src->protocol =3D virStorageNetProtocolTypeFromString(protoco=
l)) <=3D 0) {
+        if ((src->protocol =3D virStorageNetProtocolTypeFromString(tmp)) <=
=3D 0) {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("unknown protocol type '%s'"), protocol);
+                           _("unknown protocol type '%s'"), tmp);
             goto cleanup;
         }
+        VIR_FREE(tmp);

         if (!(src->path =3D virXMLPropString(node, "name")) &&
             src->protocol !=3D VIR_STORAGE_NET_PROTOCOL_NBD) {
@@ -7565,7 +7566,6 @@ virDomainDiskSourceParse(xmlNodePtr node,
          * as a part of the path. This is hard to work with when dealing w=
ith
          * relative names. Split out the volume into a separate variable */
         if (src->path && src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_GLU=
STER) {
-            char *tmp;
             if (!(tmp =3D strchr(src->path, '/')) ||
                 tmp =3D=3D src->path) {
                 virReportError(VIR_ERR_XML_ERROR,
@@ -7580,6 +7580,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
                 goto cleanup;

             tmp[0] =3D '\0';
+            tmp =3D NULL;
         }

         /* snapshot currently works only for remote disks */
@@ -7612,7 +7613,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
     ret =3D 0;

  cleanup:
-    VIR_FREE(protocol);
+    VIR_FREE(tmp);
     ctxt->node =3D saveNode;
     return ret;
 }
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 04:43:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 149337788000748.7599782138941;
 Fri, 28 Apr 2017 04:11:20 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 360AA804E2;
	Fri, 28 Apr 2017 11:11:18 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9817778352;
	Fri, 28 Apr 2017 11:11:17 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7187818523D2;
	Fri, 28 Apr 2017 11:11:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v3SBAYlp004445 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 28 Apr 2017 07:10:34 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 689809533B; Fri, 28 Apr 2017 11:10:34 +0000 (UTC)
Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com
 [10.34.129.47])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BEBE078352;
	Fri, 28 Apr 2017 11:10:33 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 360AA804E2
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 360AA804E2
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 28 Apr 2017 13:10:26 +0200
Message-Id: 
 <088a8c610ea8efc92f01cb893390124bb7c60fce.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH v2 3/4] conf: Add support for modifying ssl
	validation for https/ftps disks
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Fri, 28 Apr 2017 11:11:19 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

To allow turning of verification of SSL cerificates add a new element
<ssl> to the disk source XML which will allow configuring the validation
process using the 'verify' attribute.
---
 docs/formatdomain.html.in                          |  9 +++++
 docs/schemas/domaincommon.rng                      | 47 ++++++++++++++++++=
+++-
 src/conf/domain_conf.c                             | 21 +++++++++-
 src/util/virstoragefile.h                          |  1 +
 .../generic-disk-network-http.xml                  |  9 +++++
 5 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 03961fb4b..f3bf63d6c 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2288,6 +2288,7 @@
     &lt;driver name=3D'qemu' type=3D'raw'/&gt;
     &lt;source protocol=3D"https" name=3D"url_path"&gt;
       &lt;host name=3D"hostname" port=3D"443"/&gt;
+      &lt;ssl verify=3D"no"/&gt;
     &lt;/source&gt;
     &lt;target dev=3D'hdf' bus=3D'ide' tray=3D'open'/&gt;
     &lt;readonly/&gt;
@@ -2628,6 +2629,14 @@
             protocol. Supported for 'rbd' <span class=3D"since">since 1.2.=
11
             (QEMU only).</span>
           </dd>
+          <dt><code>ssl</code></dt>
+          <dd>
+            For <code>https</code> and <code>ftps</code> accessed storage =
it's
+            possible to tweak the SSL transport parameters with this eleme=
nt.
+            The <code>verify</code> attribute allows to turn on or of SSL
+            certificate validation. Supported values are <code>yes</code> =
and
+            <code>no</code>. <span class=3D"since">Since 3.3.0</span>
+          </dd>
         </dl>

         <p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 6367c059c..ef09fa831 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1556,12 +1556,37 @@
     </element>
   </define>

+  <define name=3D"diskSourceNetworkProtocolSSLVerify">
+    <element name=3D"ssl">
+      <attribute name=3D"verify">
+        <ref name=3D"virYesNo"/>
+      </attribute>
+      <empty/>
+    </element>
+  </define>
+
+  <define name=3D"diskSourceNetworkProtocolHTTPS">
+    <element name=3D"source">
+      <interleave>
+        <attribute name=3D"protocol">
+          <choice>
+            <value>https</value>
+          </choice>
+        </attribute>
+        <attribute name=3D"name"/>
+        <ref name=3D"diskSourceNetworkHost"/>
+        <optional>
+          <ref name=3D"diskSourceNetworkProtocolSSLVerify"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
   <define name=3D"diskSourceNetworkProtocolHTTP">
     <element name=3D"source">
       <attribute name=3D"protocol">
         <choice>
           <value>http</value>
-          <value>https</value>
         </choice>
       </attribute>
       <attribute name=3D"name"/>
@@ -1569,6 +1594,23 @@
     </element>
   </define>

+  <define name=3D"diskSourceNetworkProtocolFTPS">
+    <element name=3D"source">
+      <interleave>
+        <attribute name=3D"protocol">
+          <choice>
+            <value>ftps</value>
+          </choice>
+        </attribute>
+        <attribute name=3D"name"/>
+        <ref name=3D"diskSourceNetworkHost"/>
+        <optional>
+          <ref name=3D"diskSourceNetworkProtocolSSLVerify"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
   <define name=3D"diskSourceNetworkProtocolSimple">
     <element name=3D"source">
       <attribute name=3D"protocol">
@@ -1576,7 +1618,6 @@
           <value>sheepdog</value>
           <value>iscsi</value>
           <value>ftp</value>
-          <value>ftps</value>
           <value>tftp</value>
         </choice>
       </attribute>
@@ -1622,6 +1663,8 @@
       <ref name=3D"diskSourceNetworkProtocolGluster"/>
       <ref name=3D"diskSourceNetworkProtocolRBD"/>
       <ref name=3D"diskSourceNetworkProtocolHTTP"/>
+      <ref name=3D"diskSourceNetworkProtocolHTTPS"/>
+      <ref name=3D"diskSourceNetworkProtocolFTPS"/>
       <ref name=3D"diskSourceNetworkProtocolSimple"/>
     </choice>
   </define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c40a5a7a6..ec45d89b7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7591,6 +7591,20 @@ virDomainDiskSourceParse(xmlNodePtr node,

         if (virDomainStorageHostParse(node, &src->hosts, &src->nhosts) < 0)
             goto cleanup;
+
+        if ((src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_HTTPS ||
+             src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_FTPS) &&
+            (tmp =3D virXPathString("string(./ssl/@verify)", ctxt))) {
+            int verify;
+            if ((verify =3D virTristateBoolTypeFromString(tmp)) < 0) {
+                virReportError(VIR_ERR_XML_ERROR,
+                               _("invalid ssl verify mode '%s'"), tmp);
+                goto cleanup;
+            }
+            VIR_FREE(tmp);
+
+            src->sslverify =3D verify;
+        }
         break;
     case VIR_STORAGE_TYPE_VOLUME:
         if (virDomainDiskSourcePoolDefParse(node, &src->srcpool) < 0)
@@ -20788,7 +20802,8 @@ virDomainDiskSourceFormatNetwork(virBufferPtr buf,

     VIR_FREE(path);

-    if (src->nhosts =3D=3D 0 && !src->snapshot && !src->configFile) {
+    if (src->nhosts =3D=3D 0 && !src->snapshot && !src->configFile &&
+        src->sslverify =3D=3D VIR_TRISTATE_BOOL_ABSENT) {
         virBufferAddLit(buf, "/>\n");
     } else {
         virBufferAddLit(buf, ">\n");
@@ -20810,6 +20825,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr buf,
         virBufferEscapeString(buf, "<snapshot name=3D'%s'/>\n", src->snaps=
hot);
         virBufferEscapeString(buf, "<config file=3D'%s'/>\n", src->configF=
ile);

+        if (src->sslverify !=3D VIR_TRISTATE_BOOL_ABSENT)
+            virBufferAsprintf(buf, "<ssl verify=3D'%s'/>\n",
+                              virTristateBoolTypeToString(src->sslverify));
+
         virBufferAdjustIndent(buf, -2);
         virBufferAddLit(buf, "</source>\n");
     }
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 9ebfc1108..e995b97fe 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -238,6 +238,7 @@ struct _virStorageSource {
     virStorageSourcePoolDefPtr srcpool;
     virStorageAuthDefPtr auth;
     virStorageEncryptionPtr encryption;
+    virTristateBool sslverify;

     char *driverName;
     int format; /* virStorageFileFormat in domain backing chains, but
diff --git a/tests/genericxml2xmlindata/generic-disk-network-http.xml b/tes=
ts/genericxml2xmlindata/generic-disk-network-http.xml
index 51c779502..2448af727 100644
--- a/tests/genericxml2xmlindata/generic-disk-network-http.xml
+++ b/tests/genericxml2xmlindata/generic-disk-network-http.xml
@@ -25,6 +25,7 @@
       <driver name=3D'qemu' type=3D'raw'/>
       <source protocol=3D'https' name=3D'test2.img'>
         <host name=3D'example.org'/>
+        <ssl verify=3D'no'/>
       </source>
       <target dev=3D'vdb' bus=3D'virtio'/>
     </disk>
@@ -35,6 +36,14 @@
       </source>
       <target dev=3D'vdc' bus=3D'virtio'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'https' name=3D'test4.img'>
+        <host name=3D'example.org' port=3D'1234'/>
+        <ssl verify=3D'yes'/>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
     <controller type=3D'usb' index=3D'0'/>
     <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
     <input type=3D'mouse' bus=3D'ps2'/>
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 04:43:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1493377899287512.218346910363;
 Fri, 28 Apr 2017 04:11:39 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 8E384A794;
	Fri, 28 Apr 2017 11:11:37 +0000 (UTC)
Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5A8888EE5C;
	Fri, 28 Apr 2017 11:11:37 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 061EA5ED63;
	Fri, 28 Apr 2017 11:11:37 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v3SBAZIR004450 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 28 Apr 2017 07:10:35 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5C54F9533B; Fri, 28 Apr 2017 11:10:35 +0000 (UTC)
Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com
 [10.34.129.47])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B390778352;
	Fri, 28 Apr 2017 11:10:34 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8E384A794
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 8E384A794
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 28 Apr 2017 13:10:27 +0200
Message-Id: 
 <d154d67abf42b17d1abf8372385cbee6243efc15.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
In-Reply-To: <cover.1493377776.git.pkrempa@redhat.com>
References: <cover.1493377776.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH v2 4/4] qemu: command: Implement ssl verification
	configuration
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Fri, 28 Apr 2017 11:11:38 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Allow disabling of SSL certificate validation for HTTPS and FTPS drives
in qemu.
---
 src/qemu/qemu_command.c                            | 22 +++++++--
 .../qemuxml2argv-disk-drive-network-http.args      | 37 +++++++++++++++
 .../qemuxml2argv-disk-drive-network-http.xml       | 52 ++++++++++++++++++=
++++
 3 files changed, 107 insertions(+), 4 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
http.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
http.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 196716a6f..2c4704aa6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1528,10 +1528,24 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
     }
     virBufferAddLit(buf, ",");

-    if (disk->src->type =3D=3D VIR_STORAGE_TYPE_NETWORK &&
-        disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_GLUSTER) {
-        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_GLUSTER_DEBUG_LEVEL))
-            virBufferAsprintf(buf, "file.debug=3D%d,", cfg->glusterDebugLe=
vel);
+    if (disk->src->type =3D=3D VIR_STORAGE_TYPE_NETWORK) {
+        if ((disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_FTPS ||
+             disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_HTTPS) &&
+            disk->src->sslverify !=3D VIR_TRISTATE_BOOL_ABSENT) {
+            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCK_CURL_SSLVERIFY))=
 {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("can't set SSL verification for https/ftp=
s disks"));
+                goto cleanup;
+            }
+
+            virBufferAsprintf(buf, "file.sslverify=3D%s,",
+                              virTristateSwitchTypeToString(disk->src->ssl=
verify));
+        }
+
+        if (disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_GLUSTER) {
+            if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_GLUSTER_DEBUG_LEVEL))
+                virBufferAsprintf(buf, "file.debug=3D%d,", cfg->glusterDeb=
ugLevel);
+        }
     }

     if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.ar=
gs b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args
new file mode 100644
index 000000000..e1bfd42a8
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.args
@@ -0,0 +1,37 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=3Dhttp://example.org:80/test.img,format=3Draw,if=3Dnone,\
+id=3Ddrive-virtio-disk0 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\
+id=3Dvirtio-disk0 \
+-drive file=3Dhttps://example.org:443/test2.img,format=3Draw,if=3Dnone,\
+id=3Ddrive-virtio-disk1 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\
+id=3Dvirtio-disk1 \
+-drive 'file=3Dhttp://example.org:1234/test3.img,\
+file.cookie=3Dtest=3Dtestcookievalue; test2=3Dblurb,format=3Draw,if=3Dnone=
,\
+id=3Ddrive-virtio-disk2' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk2,\
+id=3Dvirtio-disk2 \
+-drive 'file=3Dhttps://example.org:1234/test4.img,file.sslverify=3Doff,\
+file.cookie=3Dtest=3Dtestcookievalue; test2=3Dblurb,format=3Draw,if=3Dnone=
,\
+id=3Ddrive-virtio-disk3' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk3,\
+id=3Dvirtio-disk3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xm=
l b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml
new file mode 100644
index 000000000..50bd6a0e0
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-http.xml
@@ -0,0 +1,52 @@
+<domain type=3D'qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219136</memory>
+  <currentMemory unit=3D'KiB'>219136</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i686</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'http' name=3D'test.img'>
+        <host name=3D'example.org'/>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'https' name=3D'test2.img'>
+        <host name=3D'example.org'/>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'http' name=3D'test3.img'>
+        <host name=3D'example.org' port=3D'1234'/>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'https' name=3D'test4.img'>
+        <host name=3D'example.org' port=3D'1234'/>
+        <ssl verify=3D'no'/>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list