diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 9202cd3107..9b1b69bb4d 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2653,7 +2653,9 @@ paravirtualized driver is specified via the ``disk`` element.
be enabled by setting the ``tls`` attribute to ``yes``. For the QEMU
hypervisor, usage of a TLS environment can also be globally controlled on
the host by the ``nbd_tls`` and ``nbd_tls_x509_cert_dir`` in
- /etc/libvirt/qemu.conf. ('tls' :since:`Since 4.5.0` )
+ /etc/libvirt/qemu.conf. ('tls' :since:`Since 4.5.0` ) :since:`Since 8.2.0`
+ the optional attribute ``tlsHostname`` can be used to override the
+ expected host name of the NBD server used for TLS certificate verification.
For protocols ``http`` and ``https`` an optional attribute ``query``
specifies the query string. ( :since:`Since 6.2.0` )
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 964b0c9e2f..9c1b64a644 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2071,6 +2071,9 @@
+
+
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 58fe24a8c1..e0dfc9e45f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8301,6 +8301,8 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node,
&src->haveTLS) < 0)
return -1;
+ src->tlsHostname = virXMLPropString(node, "tlsHostname");
+
if (flags & VIR_DOMAIN_DEF_PARSE_STATUS) {
int value;
if (virXMLPropInt(node, "tlsFromConfig", 10, VIR_XML_PROP_NONE,
@@ -23052,6 +23054,7 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf,
src->tlsFromConfig))
virBufferAsprintf(attrBuf, " tls='%s'",
virTristateBoolTypeToString(src->haveTLS));
+ virBufferEscapeString(attrBuf, " tlsHostname='%s'", src->tlsHostname);
if (flags & VIR_DOMAIN_DEF_FORMAT_STATUS)
virBufferAsprintf(attrBuf, " tlsFromConfig='%d'", src->tlsFromConfig);
diff --git a/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-6.2.0.err b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-6.2.0.err
new file mode 100644
index 0000000000..685926157f
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-6.2.0.err
@@ -0,0 +1 @@
+unsupported configuration: 'tlsHostname' field is not supported by this QEMU
diff --git a/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args
new file mode 100644
index 0000000000..870ec42482
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args
@@ -0,0 +1,38 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram \
+-accel tcg \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
+-object '{"qom-type":"secret","id":"objlibvirt-1-storage_tls0-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \
+-object '{"qom-type":"tls-creds-x509","id":"objlibvirt-1-storage_tls0","dir":"/etc/pki/libvirt-nbd/dummy,path","endpoint":"client","verify-peer":true,"passwordid":"objlibvirt-1-storage_tls0-secret0"}' \
+-blockdev '{"driver":"nbd","server":{"type":"inet","host":"example.com","port":"1234"},"tls-creds":"objlibvirt-1-storage_tls0","tls-hostname":"test-hostname","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x7","drive":"libvirt-1-format","id":"virtio-disk3","bootindex":1,"write-cache":"on"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.xml b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.xml
new file mode 100644
index 0000000000..48425d2dd7
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-tlsx509-nbd-hostname.xml
@@ -0,0 +1,31 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 7e1167e60e..e7fecb24d3 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1391,6 +1391,8 @@ mymain(void)
DO_TEST_CAPS_VER("disk-network-tlsx509-nbd", "5.2.0");
DO_TEST_CAPS_VER("disk-network-tlsx509-vxhs", "4.1.0");
DO_TEST_CAPS_LATEST("disk-network-tlsx509-nbd");
+ DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-tlsx509-nbd-hostname", "6.2.0");
+ DO_TEST_CAPS_LATEST("disk-network-tlsx509-nbd-hostname");
DO_TEST_CAPS_VER("disk-network-tlsx509-vxhs", "5.0.0");
DO_TEST_CAPS_LATEST("disk-network-http");
driver.config->vxhsTLS = 0;
diff --git a/tests/qemuxml2xmloutdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.xml
new file mode 100644
index 0000000000..216236582b
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.xml
@@ -0,0 +1,37 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ qemu64
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 2174965784..31917e5238 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -346,6 +346,7 @@ mymain(void)
DO_TEST_NOCAPS("disk-network-vxhs");
DO_TEST_CAPS_LATEST("disk-network-nfs");
DO_TEST_NOCAPS("disk-network-tlsx509-nbd");
+ DO_TEST_CAPS_LATEST("disk-network-tlsx509-nbd-hostname");
DO_TEST_NOCAPS("disk-network-tlsx509-vxhs");
DO_TEST("disk-nvme", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_QCOW2_LUKS);
DO_TEST_CAPS_LATEST("disk-vhostuser");