diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 7e7771725c..bc34aef605 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2857,6 +2857,7 @@
<driver name='qemu' type='raw'/>
<source protocol="https" name="url_path">
<host name="hostname" port="443"/>
+ <ssl verify="no"/>
</source>
<target dev='hdf' bus='ide' tray='open'/>
<readonly/>
@@ -3383,6 +3384,14 @@
The offset
and size
values are in bytes.
Since 6.1.0
+
ssl
+
+ For https
and ftps
accessed storage it's
+ possible to tweak the SSL transport parameters with this element.
+ The verify
attribute allows to turn on or off SSL
+ certificate validation. Supported values are yes
and
+ no
. Since 6.2.0
+
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 529a98fc05..d179a25ee6 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1808,12 +1808,39 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ https
+
+
+
+
+
+
+
+
+
+
+
+
+
+
http
- https
@@ -1825,13 +1852,31 @@
+
+
+
+
+ ftps
+
+
+
+
+
+
+
+
+
+
+
+
+
+
sheepdog
ftp
- ftps
tftp
@@ -1909,6 +1954,8 @@
+
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f8a8d133ba..50646fc440 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9350,6 +9350,7 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node,
g_autofree char *protocol = NULL;
g_autofree char *haveTLS = NULL;
g_autofree char *tlsCfg = NULL;
+ g_autofree char *sslverifystr = NULL;
if (!(protocol = virXMLPropString(node, "protocol"))) {
virReportError(VIR_ERR_XML_ERROR, "%s",
@@ -9422,6 +9423,19 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node,
virStorageSourceInitiatorParseXML(ctxt, &src->initiator);
+ if ((src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS ||
+ src->protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) &&
+ (sslverifystr = virXPathString("string(./ssl/@verify)", ctxt))) {
+ int verify;
+ if ((verify = virTristateBoolTypeFromString(sslverifystr)) < 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("invalid ssl verify mode '%s'"), sslverifystr);
+ return -1;
+ }
+
+ src->sslverify = verify;
+ }
+
return 0;
}
@@ -24531,6 +24545,11 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf,
virStorageSourceInitiatorFormatXML(&src->initiator, childBuf);
+ if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) {
+ virBufferAsprintf(childBuf, " \n",
+ virTristateBoolTypeToString(src->sslverify));
+ }
+
return 0;
}
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index b133cf17f1..ca91fc65ba 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2270,6 +2270,7 @@ virStorageSourceCopy(const virStorageSource *src,
def->cachemode = src->cachemode;
def->discard = src->discard;
def->detect_zeroes = src->detect_zeroes;
+ def->sslverify = src->sslverify;
/* storage driver metadata are not copied */
def->drv = NULL;
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 9af7b4f226..49718b51d8 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -281,6 +281,7 @@ struct _virStorageSource {
virStorageEncryptionPtr encryption;
bool encryptionInherited;
virStoragePRDefPtr pr;
+ virTristateBool sslverify;
virStorageSourceNVMeDefPtr nvme; /* type == VIR_STORAGE_TYPE_NVME */
diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml
index fde1222fd0..bdcc1977f2 100644
--- a/tests/genericxml2xmlindata/disk-network-http.xml
+++ b/tests/genericxml2xmlindata/disk-network-http.xml
@@ -25,6 +25,7 @@
+
@@ -35,6 +36,14 @@
+
+
+
+
+
+
+
+