On a Monday in 2020, Peter Krempa wrote:
To allow turning of verification of SSL cerificates add a new element
turning off
<ssl> to the disk source XML which will allow configuring the validation
process using the 'verify' attribute.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
docs/formatdomain.html.in | 9 ++++
docs/schemas/domaincommon.rng | 51 ++++++++++++++++++-
src/conf/domain_conf.c | 18 +++++++
src/util/virstoragefile.c | 1 +
src/util/virstoragefile.h | 1 +
.../disk-network-http.xml | 9 ++++
6 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 7e7771725c..8f503f6967 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2857,6 +2857,7 @@
<driver name='qemu' type='raw'/>
<source protocol="https" name="url_path">
<host name="hostname" port="443"/>
+ <ssl verify="no"/>
</source>
<target dev='hdf' bus='ide' tray='open'/>
<readonly/>
@@ -3383,6 +3384,14 @@
The <code>offset</code> and <code>size</code> values are in bytes.
<span class="since">Since 6.1.0</span>
</dd>
+ <dt><code>ssl</code></dt>
+ <dd>
+ For <code>https</code> and <code>ftps</code> accessed storage it's
+ possible to tweak the SSL transport parameters with this element.
+ The <code>verify</code> attribute allows to turn on or of SSL
or off
+ certificate validation. Supported values are <code>yes</code> and + <code>no</code>. <span class="since">Since 6.1.0</span>
6.2.0
+ </dd>
</dl>
<p>
@@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf,
virStorageSourceInitiatorFormatXML(&src->initiator, childBuf);
+ if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT)
+ virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n",
+ virTristateBoolTypeToString(src->sslverify));
+
Multi-line body without braces.
return 0;
}
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: PGP signature
