[PATCH 8/9] remote: allow TLS priority to be customized

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg

 $ cat $HOME/.config/libvirt/libvirt.conf
 tls_priority="NORMAL:-VERS-SSL3.0"

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/remote/remote_driver.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index b42d1d1..367f46e 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -638,6 +638,7 @@ static int
 doRemoteOpen(virConnectPtr conn,
              struct private_data *priv,
              virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+             virConfPtr conf,
              unsigned int flags)
 {
     char *transport_str = NULL;
@@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn,
     /* Connect to the remote service. */
     switch (transport) {
     case trans_tls:
+        if (conf && !tls_priority) {
+            virConfValuePtr val = virConfGetValue(conf, "tls_priority");
+            if (val) {
+                if (val->type != VIR_CONF_STRING) {
+                    virReportError(VIR_ERR_INVALID_ARG, "%s",
+                                   _("Config file 'tls_priority' must be a string"));
+                    goto failed;
+                }
+                tls_priority = val->str;
+            }
+        }
+
 #ifdef WITH_GNUTLS
         priv->tls = virNetTLSContextNewClientPath(pkipath,
                                                   geteuid() != 0 ? true : false,
@@ -1179,7 +1192,7 @@ remoteAllocPrivateData(void)
 static virDrvOpenStatus
 remoteConnectOpen(virConnectPtr conn,
                   virConnectAuthPtr auth,
-                  virConfPtr conf ATTRIBUTE_UNUSED,
+                  virConfPtr conf,
                   unsigned int flags)
 {
     struct private_data *priv;
@@ -1238,7 +1251,7 @@ remoteConnectOpen(virConnectPtr conn,
 #endif
     }
 
-    ret = doRemoteOpen(conn, priv, auth, rflags);
+    ret = doRemoteOpen(conn, priv, auth, conf, rflags);
     if (ret != VIR_DRV_OPEN_SUCCESS) {
         conn->privateData = NULL;
         remoteDriverUnlock(priv);
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]