On Wed, Jun 08, 2016 at 12:58:05PM +0200, Peter Krempa wrote: > On Mon, Jun 06, 2016 at 16:08:57 +0100, Daniel Berrange wrote: > > Currently libvirt calls gnutls_set_default_priority() > > which on old systems resolves to "NORMAL" while new > > systems it resolves to "@SYSTEM". Either way, this > > is a global default that is identical across all apps. > > > > We want to allow distros to flexibility to define a > > custom default string for libvirt priority, so add > > a --tls-priority=STRING flag to configure to enable > > this to be set. > > > > It is expected that distros would use this when creating > > RPM/Deb/etc packages, according to their preferred crypto > > handling policies. > > > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > > --- > > configure.ac | 10 ++++++++++ > > src/rpc/virnettlscontext.c | 6 +++--- > > 2 files changed, 13 insertions(+), 3 deletions(-) > > > > diff --git a/configure.ac b/configure.ac > > index 42eaa82..c4fc8be 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS]) > > AC_SUBST([GNUTLS_LIBS]) > > > > > > +AC_ARG_WITH([tls-priority], > > + [AS_HELP_STRING([--with-tls-priority], > > + [set the default TLS session priority string @<:@default=NORMAL@:>@])], > > + [], > > + [with_tls_priority=NORMAL]) > > + > > +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"], > > + [TLS default priority string]) > > + > > + > > dnl PolicyKit library > > POLKIT_CFLAGS= > > POLKIT_LIBS= > > I think the setting should also be added to the "Configuration summary" > section in configure output. Good idea, will do that. > > diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c > > ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list