Re: [libvirt] [PATCH 3/9] configure: allow setting default TLS priority string
On Wed, Jun 08, 2016 at 12:58:05PM +0200, Peter Krempa wrote:
On Mon, Jun 06, 2016 at 16:08:57 +0100, Daniel Berrange wrote:
> Currently libvirt calls gnutls_set_default_priority()
> which on old systems resolves to "NORMAL" while new
> systems it resolves to "@SYSTEM". Either way, this
> is a global default that is identical across all apps.
>
> We want to allow distros to flexibility to define a
> custom default string for libvirt priority, so add
> a --tls-priority=STRING flag to configure to enable
> this to be set.
>
> It is expected that distros would use this when creating
> RPM/Deb/etc packages, according to their preferred crypto
> handling policies.
>
> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
> ---
> configure.ac | 10 ++++++++++
> src/rpc/virnettlscontext.c | 6 +++---
> 2 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 42eaa82..c4fc8be 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS])
> AC_SUBST([GNUTLS_LIBS])
>
>
> +AC_ARG_WITH([tls-priority],
> + [AS_HELP_STRING([--with-tls-priority],
> + [set the default TLS session priority string @<:@default=NORMAL@:>@])],
> + [],
> + [with_tls_priority=NORMAL])
> +
> +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
> + [TLS default priority string])
> +
> +
> dnl PolicyKit library
> POLKIT_CFLAGS=
> POLKIT_LIBS=
I think the setting should also be added to the "Configuration summary"
section in configure output.
Good idea, will do that.
> diff --git a/src/rpc/virnettlscontext.c
b/src/rpc/virnettlscontext.c
ACK
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|