From 8dfb796080de822bf0525ae8c83f7b704abe9375 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 6 Jun 2016 16:02:22 +0100
Subject: [PATCH] Use @SYSTEM priority for TLS on Fedora >= 21

In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 libvirt.spec.in | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index b93a53c02e..ee6162e7ee 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -206,6 +206,12 @@
     %define enable_werror --disable-werror
 %endif
 
+%if 0%{?fedora} >= 21
+    %define tls_priority "@SYSTEM"
+%else
+    %define tls_priority "NORMAL"
+%endif
+
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
@@ -1152,6 +1158,7 @@ rm -f po/stamp-po
            %{arg_packager_version} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
+           --with-tls-priority=%{tls_priority} \
            %{?arg_loader_nvram} \
            %{?enable_werror} \
            --enable-expensive-tests \