On Mon, Jun 06, 2016 at 16:09:02 +0100, Daniel Berrange wrote:
Support reading the TLS priority from the client configuration file via the "tls_priority" config option, eg
$ cat $HOME/.config/libvirt/libvirt.conf tls_priority="NORMAL:-VERS-SSL3.0"
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/remote/remote_driver.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index b42d1d1..367f46e 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -638,6 +638,7 @@ static int doRemoteOpen(virConnectPtr conn, struct private_data *priv, virConnectAuthPtr auth ATTRIBUTE_UNUSED, + virConfPtr conf, unsigned int flags) { char *transport_str = NULL; @@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn, /* Connect to the remote service. */ switch (transport) { case trans_tls: + if (conf && !tls_priority) { + virConfValuePtr val = virConfGetValue(conf, "tls_priority");
This does not copy the string ...
+ if (val) { + if (val->type != VIR_CONF_STRING) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("Config file 'tls_priority' must be a string")); + goto failed; + } + tls_priority = val->str;
... so make sure you copy it here due to the previously requested change.
+ } + } + #ifdef WITH_GNUTLS priv->tls = virNetTLSContextNewClientPath(pkipath, geteuid() != 0 ? true : false,
ACK