Re: [PATCH 3/9] configure: allow setting default TLS priority string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 08, 2016 at 12:58:05PM +0200, Peter Krempa wrote:
> On Mon, Jun 06, 2016 at 16:08:57 +0100, Daniel Berrange wrote:
> > Currently libvirt calls gnutls_set_default_priority()
> > which on old systems resolves to "NORMAL" while new
> > systems it resolves to "@SYSTEM". Either way, this
> > is a global default that is identical across all apps.
> > 
> > We want to allow distros to flexibility to define a
> > custom default string for libvirt priority, so add
> > a --tls-priority=STRING  flag to configure to enable
> > this to be set.
> > 
> > It is expected that distros would use this when creating
> > RPM/Deb/etc packages, according to their preferred crypto
> > handling policies.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> > ---
> >  configure.ac               | 10 ++++++++++
> >  src/rpc/virnettlscontext.c |  6 +++---
> >  2 files changed, 13 insertions(+), 3 deletions(-)
> > 
> > diff --git a/configure.ac b/configure.ac
> > index 42eaa82..c4fc8be 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS])
> >  AC_SUBST([GNUTLS_LIBS])
> >  
> >  
> > +AC_ARG_WITH([tls-priority],
> > +  [AS_HELP_STRING([--with-tls-priority],
> > +    [set the default TLS session priority string @<:@default=NORMAL@:>@])],
> > +  [],
> > +  [with_tls_priority=NORMAL])
> > +
> > +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
> > +		   [TLS default priority string])
> > +
> > +
> >  dnl PolicyKit library
> >  POLKIT_CFLAGS=
> >  POLKIT_LIBS=
> 
> I think the setting should also be added to the "Configuration summary"
> section in configure output.

Good idea, will do that.

> > diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
> 
> ACK

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]