External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

remote: warn on low SSF

Browse Source 
Prepare for deprecating old kerberos ciphers by warning users
with a SSF lower than 112.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Ján Tomko 2019-01-16 16:29:44 +01:00
parent 1c06334608
commit de7288ae97
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/remote/remote_driver.c
View File

@ -4186,6 +4186,11 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
_("negotiation SSF %d was not strong enough"), ssf); _("negotiation SSF %d was not strong enough"), ssf);
goto cleanup; goto cleanup;
} }
if (ssf < SSF_WARNING_LEVEL) {
VIR_WARN("negotiation SSF %d lower than %d will be deprecated. "
"Please upgrade your ciphers.",
ssf, SSF_WARNING_LEVEL);
}
priv->is_secure = 1; priv->is_secure = 1;
} }

2
src/remote/remote_driver.h
View File

@ -39,3 +39,5 @@ unsigned long remoteVersion(void);
#define LIBVIRT_CLIENTCERT LIBVIRT_PKI_DIR "/libvirt/clientcert.pem" #define LIBVIRT_CLIENTCERT LIBVIRT_PKI_DIR "/libvirt/clientcert.pem"
#define LIBVIRT_SERVERKEY LIBVIRT_PKI_DIR "/libvirt/private/serverkey.pem" #define LIBVIRT_SERVERKEY LIBVIRT_PKI_DIR "/libvirt/private/serverkey.pem"
#define LIBVIRT_SERVERCERT LIBVIRT_PKI_DIR "/libvirt/servercert.pem" #define LIBVIRT_SERVERCERT LIBVIRT_PKI_DIR "/libvirt/servercert.pem"
#define SSF_WARNING_LEVEL 112