When generating certificates we rely on GNUTLS' built-in default setup for the ciphers used in the certs. We then currently run with the distro specific TLS priority setup which can be much stronger, to the extent that the certificates we generate are considered untrustworthy. We don't care about the quality of the ciphers we use in the test suite, so just force the priority to "NORMAL" which should ensure our certs are accepted by GNUTLS. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- tests/virnettlscontexttest.c | 4 ++-- tests/virnettlssessiontest.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 089c10e964..86647f3014 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -72,7 +72,7 @@ static int testTLSContextInit(const void *opaque) data->crt, KEYFILE, NULL, - NULL, + "NORMAL", true, true); } else { @@ -80,7 +80,7 @@ static int testTLSContextInit(const void *opaque) NULL, data->crt, KEYFILE, - NULL, + "NORMAL", true, true); } diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index 6d639e5b16..7e85607181 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -113,7 +113,7 @@ static int testTLSSessionInit(const void *opaque) data->servercrt, KEYFILE, data->wildcards, - NULL, + "NORMAL", false, true); @@ -121,7 +121,7 @@ static int testTLSSessionInit(const void *opaque) NULL, data->clientcrt, KEYFILE, - NULL, + "NORMAL", false, true); -- 2.14.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list