[PATCH 9/9] Use @SYSTEM priority for TLS on Fedora >= 21

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 libvirt.spec.in | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8b88eef..2d138b0 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -208,6 +208,12 @@
     %define enable_werror --disable-werror
 %endif
 
+%if 0%{?fedora} >= 21
+    %define tls_priority "@SYSTEM"
+%else
+    %define tls_priority "NORMAL"
+%endif
+
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
@@ -1164,6 +1170,7 @@ rm -f po/stamp-po
            %{arg_packager_version} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
+	   --with-tls-priority=%{tls_priority} \
            %{?arg_loader_nvram} \
            %{?enable_werror} \
            --enable-expensive-tests \
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]