On Mon, Jun 06, 2016 at 16:08:57 +0100, Daniel Berrange wrote: > Currently libvirt calls gnutls_set_default_priority() > which on old systems resolves to "NORMAL" while new > systems it resolves to "@SYSTEM". Either way, this > is a global default that is identical across all apps. > > We want to allow distros to flexibility to define a > custom default string for libvirt priority, so add > a --tls-priority=STRING flag to configure to enable > this to be set. > > It is expected that distros would use this when creating > RPM/Deb/etc packages, according to their preferred crypto > handling policies. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > configure.ac | 10 ++++++++++ > src/rpc/virnettlscontext.c | 6 +++--- > 2 files changed, 13 insertions(+), 3 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 42eaa82..c4fc8be 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS]) > AC_SUBST([GNUTLS_LIBS]) > > > +AC_ARG_WITH([tls-priority], > + [AS_HELP_STRING([--with-tls-priority], > + [set the default TLS session priority string @<:@default=NORMAL@:>@])], > + [], > + [with_tls_priority=NORMAL]) > + > +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"], > + [TLS default priority string]) > + > + > dnl PolicyKit library > POLKIT_CFLAGS= > POLKIT_LIBS= I think the setting should also be added to the "Configuration summary" section in configure output. > diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c ACK -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list