Re: [libvirt] [PATCH] Introduce gnutls_priority config option

On Thu, May 19, 2016 at 10:36:26AM +0100, Daniel P. Berrange wrote: > On Wed, May 18, 2016 at 01:54:47PM +0200, Ján Tomko wrote: > > The defaults provided by gnutls_set_default_priority are not configurable > > at runtime. Introduce a new config option to libvirt.conf that will > > be passed to gnutls_priority_set. > > > > One of the possible options is "@SYSTEM", where gnutls will get the settings > > from /etc/gnutls/default-priorities. > > > > Note that the /etc/libvirt/libvirt.conf file is only used by libvirt > > processes running as root, for regular users the file in > > $XDG_CONFIG_HOME or ~/.config is used. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1333404 > > NACK, per that bug this is supposed to be configurable systemwide for > gnutls. We need to investigate why Jaroslav could not get that to work, > since we don't want to be adding custom application specific TLS config > for every part of the virt stack that uses TLS (libvirt, gtk-vnc, spice-gtk, > spice, qemu, etc). I could not get it to work either. Using "NORMAL" either directly or via gnutls_set_default_priority, the default-settings file is ignored. Skimming through gnutls code, I assumed this was intentional.