This allows qemu to use images over https with a self-signed certificate. It
defaults to verifying the certificate.
Signed-off-by: Matthew Booth <mbo...@redhat.com>
---
block/curl.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index 4de6856..e427e52 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -23,6 +23,7 @@
*/
#include "qemu-common.h"
#include "block/block_int.h"
+#include "qapi/qmp/qbool.h"
#include <curl/curl.h>
// #define DEBUG
@@ -54,6 +55,7 @@
#define CURL_BLOCK_OPT_URL "url"
#define CURL_BLOCK_OPT_READAHEAD "readahead"
+#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
struct BDRVCURLState;
@@ -91,6 +93,7 @@ typedef struct BDRVCURLState {
CURLState states[CURL_NUM_STATES];
char *url;
size_t readahead_size;
+ bool sslverify;
bool accept_range;
} BDRVCURLState;
@@ -357,6 +360,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
return NULL;
}
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+ curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, s->sslverify);
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
@@ -440,6 +444,27 @@ static void curl_parse_filename(const char *filename,
QDict *options,
*end = '\0';
qdict_put(options, CURL_BLOCK_OPT_READAHEAD,
qstring_from_str(value));
+ } else if (opt_len == strlen(CURL_BLOCK_OPT_SSLVERIFY) &&
+ memcmp(opt_start, CURL_BLOCK_OPT_SSLVERIFY,
+ opt_len) == 0) {
+ /* This is redundant after the first iteration */
+ *end = '\0';
+
+ int sslverify;
+ if (value_len == strlen("on") &&
+ memcmp(value, "on", value_len) == 0) {
+ sslverify = 1;
+ } else if (value_len == strlen("off") &&
+ memcmp(value, "off", value_len) == 0) {
+ sslverify = 0;
+ } else {
+ error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+ CURL_BLOCK_OPT_SSLVERIFY, "'on' or 'off'");
+ goto out;
+ }
+
+ qdict_put(options, CURL_BLOCK_OPT_SSLVERIFY,
+ qbool_from_int(sslverify));
} else {
/* Unknown option */
break;
@@ -454,6 +479,7 @@ static void curl_parse_filename(const char *filename, QDict
*options,
qdict_put(options, CURL_BLOCK_OPT_URL, qstring_from_str(file));
+out:
g_free(file);
}
@@ -471,6 +497,11 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_SIZE,
.help = "Readahead size",
},
+ {
+ .name = CURL_BLOCK_OPT_SSLVERIFY,
+ .type = QEMU_OPT_BOOL,
+ .help = "Verify SSL certificate"
+ },
{ /* end of list */ }
},
};
@@ -507,6 +538,8 @@ static int curl_open(BlockDriverState *bs, QDict *options,
int flags,
goto out_noclean;
}
+ s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
if (file == NULL) {
error_setg(errp, "curl block driver requires an 'url' option");
--
1.9.0
