Re: [libvirt] [PATCH 3/9] configure: allow setting default TLS priority string

Currently libvirt calls gnutls_set_default_priority() which on old systems resolves to "NORMAL" while new systems it resolves to "@SYSTEM". Either way, this is a global default that is identical across all apps. We want to allow distros to flexibility to define a custom default string for libvirt priority, so add a --tls-priority=STRING flag to configure to enable this to be set. It is expected that distros would use this when creating RPM/Deb/etc packages, according to their preferred crypto handling policies. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- configure.ac | 10 ++++++++++ src/rpc/virnettlscontext.c | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 42eaa82..c4fc8be 100644 --- a/configure.ac +++ b/configure.ac @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_LIBS]) +AC_ARG_WITH([tls-priority], + [AS_HELP_STRING([--with-tls-priority], + [set the default TLS session priority string @<:@default=NORMAL@:>@])], + [], + [with_tls_priority=NORMAL]) + +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"], + [TLS default priority string]) + + dnl PolicyKit library POLKIT_CFLAGS= POLKIT_LIBS=

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c