[Qemu-devel] [PATCH 2/3] curl: Add sslverify option

Wed, 30 Apr 2014 05:59:59 -0700 

This allows qemu to use images over https with a self-signed certificate. It
defaults to verifying the certificate.

Signed-off-by: Matthew Booth <mbo...@redhat.com>
---
 block/curl.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/block/curl.c b/block/curl.c
index 2a03924..8731f63 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -23,6 +23,7 @@
  */
 #include "qemu-common.h"
 #include "block/block_int.h"
+#include "qapi/qmp/qbool.h"
 #include <curl/curl.h>
 
 // #define DEBUG
@@ -88,6 +89,7 @@ typedef struct BDRVCURLState {
     CURLState states[CURL_NUM_STATES];
     char *url;
     size_t readahead_size;
+    bool sslverify;
     bool accept_range;
 } BDRVCURLState;
 
@@ -354,6 +356,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
             return NULL;
         }
         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, s->sslverify);
         curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
         curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
                          (void *)curl_read_cb);
@@ -397,6 +400,7 @@ static void curl_parse_filename(const char *filename, QDict 
*options,
                                 Error **errp)
 {
     #define READAHEAD "readahead"
+    #define SSLVERIFY "sslverify"
 
     char *file;
     char *end;
@@ -434,6 +438,22 @@ static void curl_parse_filename(const char *filename, 
QDict *options,
                 /* This is redundant after the first iteration */
                 *end = '\0';
                 qdict_put(options, READAHEAD, qstring_from_str(value));
+            } else if (memcmp(opt_start, SSLVERIFY, equals - opt_start) == 0) {
+                /* This is redundant after the first iteration */
+                *end = '\0';
+
+                int sslverify;
+                if (memcmp(value, "on", strlen("on")) == 0) {
+                    sslverify = 1;
+                } else if (memcmp(value, "off", strlen("off")) == 0) {
+                    sslverify = 0;
+                } else {
+                    error_set(errp, QERR_INVALID_PARAMETER_VALUE, SSLVERIFY,
+                              "'on' or 'off'");
+                    goto out;
+                }
+
+                qdict_put(options, SSLVERIFY, qbool_from_int(sslverify));
             } else {
                 break;
             }
@@ -447,6 +467,7 @@ static void curl_parse_filename(const char *filename, QDict 
*options,
 
     qdict_put(options, "url", qstring_from_str(file));
 
+out:
     g_free(file);
 }
 
@@ -464,6 +485,11 @@ static QemuOptsList runtime_opts = {
             .type = QEMU_OPT_SIZE,
             .help = "Readahead size",
         },
+        {
+            .name = "sslverify",
+            .type = QEMU_OPT_BOOL,
+            .help = "Verify SSL certificate"
+        },
         { /* end of list */ }
     },
 };
@@ -499,6 +525,8 @@ static int curl_open(BlockDriverState *bs, QDict *options, 
int flags,
         goto out_noclean;
     }
 
+    s->sslverify = qemu_opt_get_bool(opts, "sslverify", true);
+
     file = qemu_opt_get(opts, "url");
     if (file == NULL) {
         error_setg(errp, "curl block driver requires an 'url' option");
-- 
1.9.0

Reply via email to