In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
libvirt.spec.in | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8b88eef..2d138b0 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -208,6 +208,12 @@
%define enable_werror --disable-werror
%endif
+%if 0%{?fedora} >= 21
+ %define tls_priority "@SYSTEM"
+%else
+ %define tls_priority "NORMAL"
+%endif
+
Summary: Library providing a simple virtualization API
Name: libvirt
@@ -1164,6 +1170,7 @@ rm -f po/stamp-po
%{arg_packager_version} \
--with-qemu-user=%{qemu_user} \
--with-qemu-group=%{qemu_group} \
+ --with-tls-priority=%{tls_priority} \
%{?arg_loader_nvram} \
%{?enable_werror} \
--enable-expensive-tests \
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list