Re: [PATCH] Introduce gnutls_priority config option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 19, 2016 at 10:36:26AM +0100, Daniel P. Berrange wrote:
> On Wed, May 18, 2016 at 01:54:47PM +0200, Ján Tomko wrote:
> > The defaults provided by gnutls_set_default_priority are not configurable
> > at runtime. Introduce a new config option to libvirt.conf that will
> > be passed to gnutls_priority_set.
> > 
> > One of the possible options is "@SYSTEM", where gnutls will get the settings
> > from /etc/gnutls/default-priorities.
> > 
> > Note that the /etc/libvirt/libvirt.conf file is only used by libvirt
> > processes running as root, for regular users the file in
> > $XDG_CONFIG_HOME or ~/.config is used.
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1333404
> 
> NACK,  per that bug this is supposed to be configurable systemwide for
> gnutls. We need to investigate why Jaroslav could not get that to work,
> since we don't want to be adding custom application specific TLS config
> for every part of the virt stack that uses TLS (libvirt, gtk-vnc, spice-gtk,
> spice, qemu, etc).

I could not get it to work either.
Using "NORMAL" either directly or via gnutls_set_default_priority,
the default-settings file is ignored.

Skimming through gnutls code, I assumed this was intentional.

Jan

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]