Re: [libvirt] [PATCH 8/9] remote: allow TLS priority to be customized
On Mon, Jun 06, 2016 at 16:09:02 +0100, Daniel Berrange wrote:
Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg
$ cat $HOME/.config/libvirt/libvirt.conf
tls_priority="NORMAL:-VERS-SSL3.0"
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/remote/remote_driver.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index b42d1d1..367f46e 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -638,6 +638,7 @@ static int
doRemoteOpen(virConnectPtr conn,
struct private_data *priv,
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ virConfPtr conf,
unsigned int flags)
{
char *transport_str = NULL;
@@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn,
/* Connect to the remote service. */
switch (transport) {
case trans_tls:
+ if (conf && !tls_priority) {
+ virConfValuePtr val = virConfGetValue(conf, "tls_priority");
This does not copy the string ...
+ if (val) {
+ if (val->type != VIR_CONF_STRING) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("Config file 'tls_priority' must be a
string"));
+ goto failed;
+ }
+ tls_priority = val->str;
... so make sure you copy it here due to the previously requested
change.
+ }
+ }
+
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
ACK