From: Matthew Booth <mbooth@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org
Subject: [Qemu-devel] [PATCH 2/4] curl: Add sslverify option
Date: Thu, 8 May 2014 09:42:18 +0100 [thread overview]
Message-ID: <1399538540-5076-3-git-send-email-mbooth@redhat.com> (raw)
In-Reply-To: <1399538540-5076-1-git-send-email-mbooth@redhat.com>
This allows qemu to use images over https with a self-signed certificate. It
defaults to verifying the certificate.
Signed-off-by: Matthew Booth <mbooth@redhat.com>
---
block/curl.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index e31b6f3..8cf0a3e 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -23,6 +23,7 @@
*/
#include "qemu-common.h"
#include "block/block_int.h"
+#include "qapi/qmp/qbool.h"
#include <curl/curl.h>
// #define DEBUG
@@ -54,6 +55,7 @@
#define CURL_BLOCK_OPT_URL "url"
#define CURL_BLOCK_OPT_READAHEAD "readahead"
+#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
struct BDRVCURLState;
@@ -91,6 +93,7 @@ typedef struct BDRVCURLState {
CURLState states[CURL_NUM_STATES];
char *url;
size_t readahead_size;
+ bool sslverify;
bool accept_range;
} BDRVCURLState;
@@ -357,6 +360,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
return NULL;
}
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+ curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, s->sslverify);
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
@@ -450,6 +454,26 @@ static void curl_parse_filename(const char *filename, QDict *options,
memcmp(opt, CURL_BLOCK_OPT_READAHEAD, key_len) == 0) {
qdict_put(options, CURL_BLOCK_OPT_READAHEAD,
qstring_from_str(value));
+ } else if (key_len == strlen(CURL_BLOCK_OPT_SSLVERIFY) &&
+ memcmp(opt, CURL_BLOCK_OPT_SSLVERIFY,
+ key_len) == 0) {
+ size_t value_len = opt_len - (value - opt);
+
+ int sslverify;
+ if (value_len == strlen("on") &&
+ memcmp(value, "on", value_len) == 0) {
+ sslverify = 1;
+ } else if (value_len == strlen("off") &&
+ memcmp(value, "off", value_len) == 0) {
+ sslverify = 0;
+ } else {
+ error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+ CURL_BLOCK_OPT_SSLVERIFY, "'on' or 'off'");
+ goto out;
+ }
+
+ qdict_put(options, CURL_BLOCK_OPT_SSLVERIFY,
+ qbool_from_int(sslverify));
} else {
*equals = '\0';
error_set(errp, QERR_INVALID_PARAMETER, opt);
@@ -481,6 +505,11 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_SIZE,
.help = "Readahead size",
},
+ {
+ .name = CURL_BLOCK_OPT_SSLVERIFY,
+ .type = QEMU_OPT_BOOL,
+ .help = "Verify SSL certificate"
+ },
{ /* end of list */ }
},
};
@@ -517,6 +546,8 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
goto out_noclean;
}
+ s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
if (file == NULL) {
error_setg(errp, "curl block driver requires an 'url' option");
--
1.9.0
next prev parent reply other threads:[~2014-05-08 8:43 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-08 8:42 [Qemu-devel] Curl updates Matthew Booth
2014-05-08 8:42 ` [Qemu-devel] [PATCH 1/4] curl: Fix parsing of readahead option from filename Matthew Booth
2014-05-13 17:29 ` Eric Blake
2014-05-14 16:00 ` Matthew Booth
2014-05-14 16:55 ` Eric Blake
2014-05-08 8:42 ` Matthew Booth [this message]
2014-05-08 8:42 ` [Qemu-devel] [PATCH 3/4] curl: Add usage documentation Matthew Booth
2014-05-08 8:42 ` [Qemu-devel] [PATCH 4/4] curl: Fix build when curl_multi_socket_action isn't available Matthew Booth
2014-05-13 19:47 ` [Qemu-devel] Curl updates Eric Blake
2014-05-14 7:48 ` Kevin Wolf
2014-05-14 12:59 ` Eric Blake
2014-05-14 16:08 ` Matthew Booth
2014-05-14 16:43 ` Kevin Wolf
2014-05-14 21:20 ` Matthew Booth
2014-05-14 21:36 ` Eric Blake
2014-05-14 16:59 ` Eric Blake
2014-05-14 16:06 ` Matthew Booth
2014-05-14 17:02 ` Eric Blake
2014-05-14 20:45 ` Matthew Booth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1399538540-5076-3-git-send-email-mbooth@redhat.com \
--to=mbooth@redhat.com \
--cc=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.