Re: [PATCH 8/9] remote: allow TLS priority to be customized

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 06, 2016 at 16:09:02 +0100, Daniel Berrange wrote:
> Support reading the TLS priority from the client configuration
> file via the "tls_priority" config option, eg
> 
>  $ cat $HOME/.config/libvirt/libvirt.conf
>  tls_priority="NORMAL:-VERS-SSL3.0"
> 
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  src/remote/remote_driver.c | 17 +++++++++++++++--
>  1 file changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index b42d1d1..367f46e 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -638,6 +638,7 @@ static int
>  doRemoteOpen(virConnectPtr conn,
>               struct private_data *priv,
>               virConnectAuthPtr auth ATTRIBUTE_UNUSED,
> +             virConfPtr conf,
>               unsigned int flags)
>  {
>      char *transport_str = NULL;
> @@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn,
>      /* Connect to the remote service. */
>      switch (transport) {
>      case trans_tls:
> +        if (conf && !tls_priority) {
> +            virConfValuePtr val = virConfGetValue(conf, "tls_priority");

This does not copy the string ...

> +            if (val) {
> +                if (val->type != VIR_CONF_STRING) {
> +                    virReportError(VIR_ERR_INVALID_ARG, "%s",
> +                                   _("Config file 'tls_priority' must be a string"));
> +                    goto failed;
> +                }
> +                tls_priority = val->str;

... so make sure you copy it here due to the previously requested
change.

> +            }
> +        }
> +
>  #ifdef WITH_GNUTLS
>          priv->tls = virNetTLSContextNewClientPath(pkipath,
>                                                    geteuid() != 0 ? true : false,

ACK

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]