Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg
$ cat $HOME/.config/libvirt/libvirt.conf
tls_priority="NORMAL:-VERS-SSL3.0"
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/remote/remote_driver.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index b42d1d1..367f46e 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -638,6 +638,7 @@ static int
doRemoteOpen(virConnectPtr conn,
struct private_data *priv,
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ virConfPtr conf,
unsigned int flags)
{
char *transport_str = NULL;
@@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn,
/* Connect to the remote service. */
switch (transport) {
case trans_tls:
+ if (conf && !tls_priority) {
+ virConfValuePtr val = virConfGetValue(conf, "tls_priority");
+ if (val) {
+ if (val->type != VIR_CONF_STRING) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("Config file 'tls_priority' must be a string"));
+ goto failed;
+ }
+ tls_priority = val->str;
+ }
+ }
+
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
@@ -1179,7 +1192,7 @@ remoteAllocPrivateData(void)
static virDrvOpenStatus
remoteConnectOpen(virConnectPtr conn,
virConnectAuthPtr auth,
- virConfPtr conf ATTRIBUTE_UNUSED,
+ virConfPtr conf,
unsigned int flags)
{
struct private_data *priv;
@@ -1238,7 +1251,7 @@ remoteConnectOpen(virConnectPtr conn,
#endif
}
- ret = doRemoteOpen(conn, priv, auth, rflags);
+ ret = doRemoteOpen(conn, priv, auth, conf, rflags);
if (ret != VIR_DRV_OPEN_SUCCESS) {
conn->privateData = NULL;
remoteDriverUnlock(priv);
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list