[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] failure to build on rawhide



Nikos Mavrogiannopoulos <nmav gnutls org> writes:

> On 05/23/2011 11:54 AM, Daniel P. Berrange wrote:
>
>>> Try gnutls_priority_set.  What did you use 
>>> gnutls_certificate_type_set_priority for?  It is rare to really
>>> need it, a call to gnutls_set_default_priority() is usually
>>> sufficient.
>> Agreed, our current use of gnutls_certificate_type_set_priority is
>> bogus and can/should be removed, leaving just set_default_priority
>> calls.
>
> If you expect random (other than gnutls/openssl/nss) TLS implementations
> to connect to you (or you plan to connect to them), then the
> set_default_priority() might not be enough. I tried to sketch the
> reasons at:
> http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.html#Compatibility-Issues
>
> In those cases you might want to have some options configurable.

Yes, it would be nice if libvirt had a configuration knob for user to
specify the priority string.

However, as I understand it, libvirt only talks to its own
implementation, and doesn't need to be compatible with any browser SSL
legacy.  So you probably don't need to use any compatibility settings at
all.

/Simon


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]