External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

configure: allow setting default TLS priority string

Browse Source 
Currently libvirt calls gnutls_set_default_priority()
which on old systems resolves to "NORMAL" while new
systems it resolves to "@SYSTEM". Either way, this
is a global default that is identical across all apps.

We want to allow distros to flexibility to define a
custom default string for libvirt priority, so add
a --tls-priority=STRING  flag to configure to enable
this to be set.

It is expected that distros would use this when creating
RPM/Deb/etc packages, according to their preferred crypto
handling policies.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2016-06-03 17:31:48 +01:00
parent 20c5ded9d0
commit cbb2e91ecc
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@ -1276,6 +1276,16 @@ AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS]) AC_SUBST([GNUTLS_LIBS])
AC_ARG_WITH([tls-priority],
[AS_HELP_STRING([--with-tls-priority],
[set the default TLS session priority string @<:@default=NORMAL@:>@])],
[],
[with_tls_priority=NORMAL])
AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
[TLS default priority string])
dnl PolicyKit library dnl PolicyKit library
POLKIT_CFLAGS= POLKIT_CFLAGS=
POLKIT_LIBS= POLKIT_LIBS=
@ -2874,6 +2884,7 @@ AC_MSG_NOTICE([ Default Editor: $DEFAULT_EDITOR])
AC_MSG_NOTICE([ Loader/NVRAM: $with_loader_nvram]) AC_MSG_NOTICE([ Loader/NVRAM: $with_loader_nvram])
AC_MSG_NOTICE([ virt-login-shell: $with_login_shell]) AC_MSG_NOTICE([ virt-login-shell: $with_login_shell])
AC_MSG_NOTICE([virt-host-validate: $with_host_validate]) AC_MSG_NOTICE([virt-host-validate: $with_host_validate])
AC_MSG_NOTICE([ TLS priority: $with_tls_priority])
AC_MSG_NOTICE([]) AC_MSG_NOTICE([])
AC_MSG_NOTICE([Developer Tools]) AC_MSG_NOTICE([Developer Tools])
AC_MSG_NOTICE([]) AC_MSG_NOTICE([])

6
src/rpc/virnettlscontext.c
View File

@ -1197,10 +1197,10 @@ virNetTLSSessionPtr virNetTLSSessionNew(virNetTLSContextPtr ctxt,
/* avoid calling all the priority functions, since the defaults /* avoid calling all the priority functions, since the defaults
* are adequate. * are adequate.
*/ */
if ((err = gnutls_set_default_priority(sess->session)) != 0) { if ((err = gnutls_priority_set_direct(sess->session, TLS_PRIORITY, NULL)) != 0) {
virReportError(VIR_ERR_SYSTEM_ERROR, virReportError(VIR_ERR_SYSTEM_ERROR,
_("Failed to set TLS session priority %s"), _("Failed to set TLS session priority to %s: %s"),
gnutls_strerror(err)); TLS_PRIORITY, gnutls_strerror(err));
goto error; goto error;
} }