From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46376) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WiJun-0007fk-Vi for qemu-devel@nongnu.org; Thu, 08 May 2014 04:43:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WiJub-0003DQ-Go for qemu-devel@nongnu.org; Thu, 08 May 2014 04:42:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54842) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WiJub-0003DL-9H for qemu-devel@nongnu.org; Thu, 08 May 2014 04:42:41 -0400 From: Matthew Booth Date: Thu, 8 May 2014 09:42:18 +0100 Message-Id: <1399538540-5076-3-git-send-email-mbooth@redhat.com> In-Reply-To: <1399538540-5076-1-git-send-email-mbooth@redhat.com> References: <1399538540-5076-1-git-send-email-mbooth@redhat.com> Subject: [Qemu-devel] [PATCH 2/4] curl: Add sslverify option List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, peter.maydell@linaro.org This allows qemu to use images over https with a self-signed certificate. It defaults to verifying the certificate. Signed-off-by: Matthew Booth --- block/curl.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/block/curl.c b/block/curl.c index e31b6f3..8cf0a3e 100644 --- a/block/curl.c +++ b/block/curl.c @@ -23,6 +23,7 @@ */ #include "qemu-common.h" #include "block/block_int.h" +#include "qapi/qmp/qbool.h" #include // #define DEBUG @@ -54,6 +55,7 @@ #define CURL_BLOCK_OPT_URL "url" #define CURL_BLOCK_OPT_READAHEAD "readahead" +#define CURL_BLOCK_OPT_SSLVERIFY "sslverify" struct BDRVCURLState; @@ -91,6 +93,7 @@ typedef struct BDRVCURLState { CURLState states[CURL_NUM_STATES]; char *url; size_t readahead_size; + bool sslverify; bool accept_range; } BDRVCURLState; @@ -357,6 +360,7 @@ static CURLState *curl_init_state(BDRVCURLState *s) return NULL; } curl_easy_setopt(state->curl, CURLOPT_URL, s->url); + curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, s->sslverify); curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5); curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION, (void *)curl_read_cb); @@ -450,6 +454,26 @@ static void curl_parse_filename(const char *filename, QDict *options, memcmp(opt, CURL_BLOCK_OPT_READAHEAD, key_len) == 0) { qdict_put(options, CURL_BLOCK_OPT_READAHEAD, qstring_from_str(value)); + } else if (key_len == strlen(CURL_BLOCK_OPT_SSLVERIFY) && + memcmp(opt, CURL_BLOCK_OPT_SSLVERIFY, + key_len) == 0) { + size_t value_len = opt_len - (value - opt); + + int sslverify; + if (value_len == strlen("on") && + memcmp(value, "on", value_len) == 0) { + sslverify = 1; + } else if (value_len == strlen("off") && + memcmp(value, "off", value_len) == 0) { + sslverify = 0; + } else { + error_set(errp, QERR_INVALID_PARAMETER_VALUE, + CURL_BLOCK_OPT_SSLVERIFY, "'on' or 'off'"); + goto out; + } + + qdict_put(options, CURL_BLOCK_OPT_SSLVERIFY, + qbool_from_int(sslverify)); } else { *equals = '\0'; error_set(errp, QERR_INVALID_PARAMETER, opt); @@ -481,6 +505,11 @@ static QemuOptsList runtime_opts = { .type = QEMU_OPT_SIZE, .help = "Readahead size", }, + { + .name = CURL_BLOCK_OPT_SSLVERIFY, + .type = QEMU_OPT_BOOL, + .help = "Verify SSL certificate" + }, { /* end of list */ } }, }; @@ -517,6 +546,8 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags, goto out_noclean; } + s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true); + file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL); if (file == NULL) { error_setg(errp, "curl block driver requires an 'url' option"); -- 1.9.0