From patchwork Thu Jun 6 06:25:56 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fam Zheng X-Patchwork-Id: 249287 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 3DA552C02F1 for ; Thu, 6 Jun 2013 16:32:28 +1000 (EST) Received: from localhost ([::1]:48361 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkTkI-0002Ax-Bg for incoming@patchwork.ozlabs.org; Thu, 06 Jun 2013 02:32:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41727) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkTfO-00029x-T2 for qemu-devel@nongnu.org; Thu, 06 Jun 2013 02:27:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UkTfI-0004Se-FA for qemu-devel@nongnu.org; Thu, 06 Jun 2013 02:27:22 -0400 Received: from mx1.redhat.com ([209.132.183.28]:14453) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkTfI-0004SZ-6v for qemu-devel@nongnu.org; Thu, 06 Jun 2013 02:27:16 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r566RF7W025757 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 6 Jun 2013 02:27:15 -0400 Received: from localhost.nay.redhat.com ([10.66.7.14]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r566Qh5Q009870; Thu, 6 Jun 2013 02:27:13 -0400 From: Fam Zheng To: qemu-devel@nongnu.org Date: Thu, 6 Jun 2013 14:25:56 +0800 Message-Id: <1370499959-8916-11-git-send-email-famz@redhat.com> In-Reply-To: <1370499959-8916-1-git-send-email-famz@redhat.com> References: <1370499959-8916-1-git-send-email-famz@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: kwolf@redhat.com, jcody@redhat.com, Fam Zheng , rjones@redhat.com, stefanha@redhat.com Subject: [Qemu-devel] [PATCH v7 10/13] curl: introduce ssl_no_cert runtime option. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Added an option to let curl disable ssl certificate check. Signed-off-by: Fam Zheng --- block/curl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/block/curl.c b/block/curl.c index 6e893d0..e067417 100644 --- a/block/curl.c +++ b/block/curl.c @@ -95,6 +95,8 @@ typedef struct BDRVCURLState { int cache_quota; /* Whether http server accept range in header */ bool accept_range; + /* Whether certificated ssl only */ + bool ssl_no_cert; } BDRVCURLState; static void curl_clean_state(CURLState *s); @@ -339,6 +341,8 @@ static CURLState *curl_init_state(BDRVCURLState *s) curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1); curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg); curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1); + curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER, + s->ssl_no_cert ? 0 : 1); /* Restrict supported protocols to avoid security issues in the more * obscure protocols. For example, do not allow POP3/SMTP/IMAP see @@ -429,7 +433,12 @@ static QemuOptsList runtime_opts = { .type = QEMU_OPT_SIZE, .help = "Readahead size", }, - { /* end of list */ } + { + .name = "ssl_no_cert", + .type = QEMU_OPT_BOOL, + .help = "SSL certificate check", + }, + { /* End of list */ } }, }; @@ -467,6 +476,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags) goto out_noclean; } + s->ssl_no_cert = qemu_opt_get_bool(opts, "ssl_no_cert", true); if (!inited) { curl_global_init(CURL_GLOBAL_ALL); inited = 1;