@@ -95,6 +95,8 @@ typedef struct BDRVCURLState {
int cache_quota;
/* Whether http server accept range in header */
bool accept_range;
+ /* Whether certificated ssl only */
+ bool ssl_no_cert;
} BDRVCURLState;
static void curl_clean_state(CURLState *s);
@@ -339,6 +341,8 @@ static CURLState *curl_init_state(BDRVCURLState *s)
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg);
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1);
+ curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
+ s->ssl_no_cert ? 0 : 1);
/* Restrict supported protocols to avoid security issues in the more
* obscure protocols. For example, do not allow POP3/SMTP/IMAP see
@@ -429,7 +433,12 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_SIZE,
.help = "Readahead size",
},
- { /* end of list */ }
+ {
+ .name = "ssl_no_cert",
+ .type = QEMU_OPT_BOOL,
+ .help = "SSL certificate check",
+ },
+ { /* End of list */ }
},
};
@@ -467,6 +476,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags)
goto out_noclean;
}
+ s->ssl_no_cert = qemu_opt_get_bool(opts, "ssl_no_cert", true);
if (!inited) {
curl_global_init(CURL_GLOBAL_ALL);
inited = 1;
Added an option to let curl disable ssl certificate check. Signed-off-by: Fam Zheng <famz@redhat.com> --- block/curl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)