[libvirt] [PATCH 3/9] configure: allow setting default TLS priority string
Peter Krempa
pkrempa at redhat.com
Wed Jun 8 10:58:05 UTC 2016
On Mon, Jun 06, 2016 at 16:08:57 +0100, Daniel Berrange wrote:
> Currently libvirt calls gnutls_set_default_priority()
> which on old systems resolves to "NORMAL" while new
> systems it resolves to "@SYSTEM". Either way, this
> is a global default that is identical across all apps.
>
> We want to allow distros to flexibility to define a
> custom default string for libvirt priority, so add
> a --tls-priority=STRING flag to configure to enable
> this to be set.
>
> It is expected that distros would use this when creating
> RPM/Deb/etc packages, according to their preferred crypto
> handling policies.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> configure.ac | 10 ++++++++++
> src/rpc/virnettlscontext.c | 6 +++---
> 2 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 42eaa82..c4fc8be 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1277,6 +1277,16 @@ AC_SUBST([GNUTLS_CFLAGS])
> AC_SUBST([GNUTLS_LIBS])
>
>
> +AC_ARG_WITH([tls-priority],
> + [AS_HELP_STRING([--with-tls-priority],
> + [set the default TLS session priority string @<:@default=NORMAL@:>@])],
> + [],
> + [with_tls_priority=NORMAL])
> +
> +AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
> + [TLS default priority string])
> +
> +
> dnl PolicyKit library
> POLKIT_CFLAGS=
> POLKIT_LIBS=
I think the setting should also be added to the "Configuration summary"
section in configure output.
> diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
ACK
More information about the libvir-list
mailing list