Re: [PATCH 13/30] conf: Add support for modifying ssl validation for https/ftps disks

To allow turning of verification of SSL cerificates add a new element

<ssl> to the disk source XML which will allow configuring the validation process using the 'verify' attribute. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- docs/formatdomain.html.in | 9 ++++ docs/schemas/domaincommon.rng | 51 ++++++++++++++++++- src/conf/domain_conf.c | 18 +++++++ src/util/virstoragefile.c | 1 + src/util/virstoragefile.h | 1 + .../disk-network-http.xml | 9 ++++ 6 files changed, 87 insertions(+), 2 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 7e7771725c..8f503f6967 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2857,6 +2857,7 @@ &lt;driver name='qemu' type='raw'/&gt; &lt;source protocol="https" name="url_path"&gt; &lt;host name="hostname" port="443"/&gt; + &lt;ssl verify="no"/&gt; &lt;/source&gt; &lt;target dev='hdf' bus='ide' tray='open'/&gt; &lt;readonly/&gt; @@ -3383,6 +3384,14 @@ The <code>offset</code> and <code>size</code> values are in bytes. <span class="since">Since 6.1.0</span> </dd> + <dt><code>ssl</code></dt> + <dd> + For <code>https</code> and <code>ftps</code> accessed storage it's + possible to tweak the SSL transport parameters with this element. + The <code>verify</code> attribute allows to turn on or of SSL

+ certificate validation. Supported values are <code>yes</code> and + <code>no</code>. <span class="since">Since 6.1.0</span>

+ </dd> </dl> <p> @@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virStorageSourceInitiatorFormatXML(&src->initiator, childBuf); + if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n", + virTristateBoolTypeToString(src->sslverify)); +

return 0; }