[Qemu-devel] [PATCH 2/4] curl: Add sslverify option

Thu, 08 May 2014 01:46:24 -0700 

This allows qemu to use images over https with a self-signed certificate. It
defaults to verifying the certificate.

Signed-off-by: Matthew Booth <mbo...@redhat.com>
---
 block/curl.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/block/curl.c b/block/curl.c
index e31b6f3..8cf0a3e 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -23,6 +23,7 @@
  */
 #include "qemu-common.h"
 #include "block/block_int.h"
+#include "qapi/qmp/qbool.h"
 #include <curl/curl.h>
 
 // #define DEBUG
@@ -54,6 +55,7 @@
 
 #define CURL_BLOCK_OPT_URL       "url"
 #define CURL_BLOCK_OPT_READAHEAD "readahead"
+#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
 
 struct BDRVCURLState;
 
@@ -91,6 +93,7 @@ typedef struct BDRVCURLState {
     CURLState states[CURL_NUM_STATES];
     char *url;
     size_t readahead_size;
+    bool sslverify;
     bool accept_range;
 } BDRVCURLState;
 
@@ -357,6 +360,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
             return NULL;
         }
         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, s->sslverify);
         curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
         curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
                          (void *)curl_read_cb);
@@ -450,6 +454,26 @@ static void curl_parse_filename(const char *filename, 
QDict *options,
                     memcmp(opt, CURL_BLOCK_OPT_READAHEAD, key_len) == 0) {
                     qdict_put(options, CURL_BLOCK_OPT_READAHEAD,
                               qstring_from_str(value));
+                } else if (key_len == strlen(CURL_BLOCK_OPT_SSLVERIFY) &&
+                           memcmp(opt, CURL_BLOCK_OPT_SSLVERIFY,
+                                  key_len) == 0) {
+                    size_t value_len = opt_len - (value - opt);
+
+                    int sslverify;
+                    if (value_len == strlen("on") &&
+                        memcmp(value, "on", value_len) == 0) {
+                        sslverify = 1;
+                    } else if (value_len == strlen("off") &&
+                               memcmp(value, "off", value_len) == 0) {
+                        sslverify = 0;
+                    } else {
+                        error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+                                  CURL_BLOCK_OPT_SSLVERIFY, "'on' or 'off'");
+                        goto out;
+                    }
+
+                    qdict_put(options, CURL_BLOCK_OPT_SSLVERIFY,
+                              qbool_from_int(sslverify));
                 } else {
                     *equals = '\0';
                     error_set(errp, QERR_INVALID_PARAMETER, opt);
@@ -481,6 +505,11 @@ static QemuOptsList runtime_opts = {
             .type = QEMU_OPT_SIZE,
             .help = "Readahead size",
         },
+        {
+            .name = CURL_BLOCK_OPT_SSLVERIFY,
+            .type = QEMU_OPT_BOOL,
+            .help = "Verify SSL certificate"
+        },
         { /* end of list */ }
     },
 };
@@ -517,6 +546,8 @@ static int curl_open(BlockDriverState *bs, QDict *options, 
int flags,
         goto out_noclean;
     }
 
+    s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+
     file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
     if (file == NULL) {
         error_setg(errp, "curl block driver requires an 'url' option");
-- 
1.9.0

Reply via email to