On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
We are building with GnuTLS everywhere because GnuTLS is widely available. In addition after recent patches Libvirt relies on GnuTLS' PRNG.
This second sentance isn't true AFAIK - we still have fallback to /dev/urandom - GNUTLS is merely the first choice. None the less I think its desirable to make GNUTLS mandatory since it is on all the platforms we care about and I prefer that we can assume a good crypto impl all the time. This mostly frees us from worrying about fallback impls which have higher risk of security problems.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- configure.ac | 2 -- m4/virt-gnutls.m4 | 4 ---- 2 files changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac index 5378e49c0b..e25bf0a6ec 100644 --- a/configure.ac +++ b/configure.ac @@ -216,7 +216,6 @@ fi # RPC, we don't need several libraries. if test "$with_remote" = "no" ; then with_libvirtd=no - with_gnutls=no with_ssh2=no with_sasl=no with_libssh=no @@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS LIBVIRT_ARG_FIREWALLD LIBVIRT_ARG_FUSE LIBVIRT_ARG_GLUSTER -LIBVIRT_ARG_GNUTLS LIBVIRT_ARG_HAL LIBVIRT_ARG_LIBPCAP LIBVIRT_ARG_LIBSSH diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index 426a1a0348..6829ca55cf 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -17,10 +17,6 @@ dnl License along with this library. If not, see dnl <http://www.gnu.org/licenses/>. dnl
-AC_DEFUN([LIBVIRT_ARG_GNUTLS],[ - LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0]) -]) - AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
-- 2.16.4
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|