90 lines
2.7 KiB
Diff
90 lines
2.7 KiB
Diff
From a2541de206b3560fdfadf5dfada2cac1b69c09a1 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Tue, 25 Jun 2024 11:12:56 +0100
|
|
Subject: [PATCH] lib/uri.c: Allow tls-verify-peer to be overridden in URIs
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Older versions of libnbd didn't always check the server certificate.
|
|
Since some clients might be depending on this, allow
|
|
?tls-verify-peer=false in URIs to skip this check.
|
|
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit 75641c6b30155abce272f60cf3518a65654aa401)
|
|
(cherry picked from commit b12466821fc534fb68d5b8e695832ee03496e0af)
|
|
---
|
|
generator/API.ml | 5 +++++
|
|
lib/uri.c | 32 ++++++++++++++++++++++++++++++++
|
|
2 files changed, 37 insertions(+)
|
|
|
|
diff --git a/generator/API.ml b/generator/API.ml
|
|
index c4547615..f2752f25 100644
|
|
--- a/generator/API.ml
|
|
+++ b/generator/API.ml
|
|
@@ -1994,6 +1994,11 @@ Note this is not allowed by default - see next section.
|
|
Set the PSK file. See L<nbd_set_tls_psk_file(3)>. Note
|
|
this is not allowed by default - see next section.
|
|
|
|
+=item B<tls-verify-peer=false>
|
|
+
|
|
+Do not verify the server certificate. See L<nbd_set_tls_verify_peer(3)>.
|
|
+The default is C<true>.
|
|
+
|
|
=back
|
|
|
|
=head2 Disable URI features
|
|
diff --git a/lib/uri.c b/lib/uri.c
|
|
index 0c8e87cf..969e88be 100644
|
|
--- a/lib/uri.c
|
|
+++ b/lib/uri.c
|
|
@@ -150,6 +150,31 @@ parse_uri_queries (const char *query_raw, uri_query_list *list)
|
|
return -1;
|
|
}
|
|
|
|
+/* Similar to nbdkit_parse_bool */
|
|
+int
|
|
+parse_bool (const char *param, const char *value)
|
|
+{
|
|
+ if (!strcmp (value, "1") ||
|
|
+ !strcasecmp (value, "true") ||
|
|
+ !strcasecmp (value, "t") ||
|
|
+ !strcasecmp (value, "yes") ||
|
|
+ !strcasecmp (value, "y") ||
|
|
+ !strcasecmp (value, "on"))
|
|
+ return 1;
|
|
+
|
|
+ if (!strcmp (value, "0") ||
|
|
+ !strcasecmp (value, "false") ||
|
|
+ !strcasecmp (value, "f") ||
|
|
+ !strcasecmp (value, "no") ||
|
|
+ !strcasecmp (value, "n") ||
|
|
+ !strcasecmp (value, "off"))
|
|
+ return 0;
|
|
+
|
|
+ set_error (EINVAL, "could not parse %s parameter, expecting %s=true|false",
|
|
+ param, param);
|
|
+ return -1;
|
|
+}
|
|
+
|
|
int
|
|
nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
|
|
{
|
|
@@ -298,6 +323,13 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
|
|
if (nbd_unlocked_set_tls_psk_file (h, queries.ptr[i].value) == -1)
|
|
goto cleanup;
|
|
}
|
|
+ else if (strcasecmp (queries.ptr[i].name, "tls-verify-peer") == 0) {
|
|
+ int v = parse_bool ("tls-verify-peer", queries.ptr[i].value);
|
|
+ if (v == -1)
|
|
+ goto cleanup;
|
|
+ if (nbd_unlocked_set_tls_verify_peer (h, v) == -1)
|
|
+ goto cleanup;
|
|
+ }
|
|
}
|
|
|
|
/* Username. */
|
|
--
|
|
2.43.0
|
|
|