[libvirt] [PATCH 6/9] remote: allow TLS protocol/cipher priority override in URI
Add support for a "tls_priority" URI parameter in remote
driver URIs. eg
qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/remote.html.in | 13 +++++++++++++
src/remote/remote_driver.c | 5 ++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 638fdae..9b132f1 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -230,6 +230,19 @@ Note that parameter values must be
</tr>
<tr>
<td>
+ <code>tls_priority</code>
+ </td>
+ <td> tls </td>
+ <td>
+ A vaid GNUTLS priority string
+</td>
+ </tr>
+ <tr>
+ <td colspan="2"/>
+ <td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code>
</td>
+ </tr>
+ <tr>
+ <td>
<code>command</code>
</td>
<td> ssh, ext </td>
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 219cf47..5f02169 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -652,6 +652,7 @@ doRemoteOpen(virConnectPtr conn,
#ifndef WIN32
char *daemonPath = NULL;
#endif
+ char *tls_priority = NULL;
/* We handle *ALL* URIs here. The caller has rejected any
* URIs we don't care about */
@@ -774,6 +775,7 @@ doRemoteOpen(virConnectPtr conn,
EXTRACT_URI_ARG_STR("pkipath", pkipath);
EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
+ EXTRACT_URI_ARG_STR("tls_priority", tls_priority);
EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
EXTRACT_URI_ARG_BOOL("no_verify", verify);
@@ -845,12 +847,13 @@ doRemoteOpen(virConnectPtr conn,
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
- NULL,
+ tls_priority,
sanity, verify);
if (!priv->tls)
goto failed;
priv->is_secure = 1;
#else
+ (void)tls_priority;
(void)sanity;
(void)verify;
virReportError(VIR_ERR_INVALID_ARG, "%s",
--
2.5.5