qemu/block
Richard W.M. Jones 637fa44ab8 curl: Make sslverify=off disable host as well as peer verification.
The sslverify setting is supposed to turn off all TLS certificate
checks in libcurl.  However because of the way we use it, it only
turns off peer certificate authenticity checks
(CURLOPT_SSL_VERIFYPEER).  This patch makes it also turn off the check
that the server name in the certificate is the same as the server
you're connecting to (CURLOPT_SSL_VERIFYHOST).

We can use Google's server at 8.8.8.8 which happens to have a bad TLS
certificate to demonstrate this:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

With this patch applied, qemu-img connects to the server regardless of
the bad certificate:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found

(The 404 error is expected because 8.8.8.8 is not actually serving a
file called "/foo".)

Of course the default (without sslverify=off) remains to always check
the certificate:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

Further information about the two settings is available here:

https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20180914095622.19698-1-rjones@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-09-24 23:46:05 -04:00
..
accounting.c block/accounting: introduce latency histogram 2018-03-19 14:58:37 -05:00
backup.c block/backup: make function variables consistently named 2018-08-31 16:28:33 +02:00
blkdebug.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
blklogwrites.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
blkreplay.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
blkverify.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
block-backend.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
bochs.c
cloop.c
commit.c block/commit: utilize job_exit shim 2018-08-31 16:28:33 +02:00
copy-on-read.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
create.c jobs: utilize job_exit shim 2018-08-31 16:28:33 +02:00
crypto.c luks: Allow share-rw=on 2018-08-15 12:50:39 +02:00
crypto.h block/crypto: Simplify block_crypto_{open,create}_opts_init() 2018-06-29 14:20:56 +02:00
curl.c curl: Make sslverify=off disable host as well as peer verification. 2018-09-24 23:46:05 -04:00
dirty-bitmap.c dirty-bitmap: fix double lock on bitmap enabling 2018-07-04 02:12:49 -04:00
dmg-bz2.c
dmg.c
dmg.h
file-posix.c file-posix: Fix write_zeroes with unmap on block devices 2018-07-30 15:35:37 +02:00
file-win32.c block: Prefix file driver trace points with "file_" 2018-07-10 16:01:51 +02:00
gluster.c block: Fix typos in comments (found by codespell) 2018-07-23 16:50:43 +02:00
io.c block: Use common write req handling in truncate 2018-07-10 16:46:22 +02:00
iscsi-opts.c
iscsi.c block: Add copy offloading trace points 2018-07-10 16:01:52 +02:00
linux-aio.c linux-aio: properly bubble up errors from initialization 2018-06-27 13:06:34 +01:00
Makefile.objs block: Add blklogwrites 2018-07-05 10:29:19 +02:00
mirror.c block/mirror: utilize job_exit shim 2018-08-31 16:28:33 +02:00
nbd-client.c nbd/client: Add x-dirty-bitmap to query bitmap from server 2018-07-02 15:27:38 -05:00
nbd-client.h nbd/client: Add x-dirty-bitmap to query bitmap from server 2018-07-02 15:27:38 -05:00
nbd.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
nfs.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
null.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
nvme.c nvme: simplify plug/unplug 2018-08-15 10:12:35 +08:00
parallels.c parallels: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
parallels.h
qapi.c block/qapi: Fix memory leak in qmp_query_blockstats() 2018-08-15 12:50:39 +02:00
qcow2-bitmap.c qcow2: add overlap check for bitmap directory 2018-07-09 19:43:24 +02:00
qcow2-cache.c qcow2: Allow configuring the L2 slice size 2018-02-13 17:00:00 +01:00
qcow2-cluster.c qcow2: Free allocated clusters on write error 2018-06-29 14:20:56 +02:00
qcow2-refcount.c Block layer patches: 2018-07-10 17:28:29 +01:00
qcow2-snapshot.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
qcow2.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
qcow2.h qcow2: add overlap check for bitmap directory 2018-07-09 19:43:24 +02:00
qcow.c qcow: fix a reference leak 2018-07-30 15:35:37 +02:00
qed-check.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed-cluster.c
qed-l2-cache.c
qed-table.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
qed.h
quorum.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
raw-format.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
rbd.c block/rbd: Attempt to parse legacy filenames 2018-09-24 23:46:05 -04:00
replication.c replication: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
sheepdog.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
snapshot.c block: make .bdrv_close optional 2018-08-15 12:50:39 +02:00
ssh.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
stream.c jobs: utilize job_exit shim 2018-08-31 16:28:33 +02:00
throttle-groups.c throttle-groups: Don't allow timers without throttled requests 2018-08-15 12:50:39 +02:00
throttle.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
trace-events block: Add copy offloading trace points 2018-07-10 16:01:52 +02:00
vdi.c vdi: Use definitions from "qemu/units.h" 2018-07-02 14:45:23 +02:00
vhdx-endian.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
vhdx-log.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
vhdx.c block: Fix typos in comments (found by codespell) 2018-07-23 16:50:43 +02:00
vhdx.h
vmdk.c vmdk: Fix possible segfault with non-VMDK backing 2018-07-09 19:43:24 +02:00
vpc.c block: Factor out qobject_input_visitor_new_flat_confused() 2018-06-15 14:49:44 +02:00
vvfat.c block/vvfat: Disable debug message by default 2018-07-23 16:50:43 +02:00
vxhs.c block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
win32-aio.c file-win32: Switch to byte-based callbacks 2018-05-15 16:11:41 +02:00
write-threshold.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00