[libvirt] [PATCH 6/9] remote: allow TLS protocol/cipher priority override in URI
Peter Krempa
pkrempa at redhat.com
Wed Jun 8 11:22:41 UTC 2016
On Mon, Jun 06, 2016 at 16:09:00 +0100, Daniel Berrange wrote:
> Add support for a "tls_priority" URI parameter in remote
> driver URIs. eg
>
> qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> docs/remote.html.in | 13 +++++++++++++
> src/remote/remote_driver.c | 5 ++++-
> 2 files changed, 17 insertions(+), 1 deletion(-)
[...]
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 219cf47..5f02169 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
[...]
> @@ -774,6 +775,7 @@ doRemoteOpen(virConnectPtr conn,
> EXTRACT_URI_ARG_STR("pkipath", pkipath);
> EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
> EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
> + EXTRACT_URI_ARG_STR("tls_priority", tls_priority);
This copies the string from the URI.
>
> EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
> EXTRACT_URI_ARG_BOOL("no_verify", verify);
> @@ -845,12 +847,13 @@ doRemoteOpen(virConnectPtr conn,
> #ifdef WITH_GNUTLS
> priv->tls = virNetTLSContextNewClientPath(pkipath,
> geteuid() != 0 ? true : false,
> - NULL,
> + tls_priority,
> sanity, verify);
> if (!priv->tls)
> goto failed;
> priv->is_secure = 1;
> #else
> + (void)tls_priority;
> (void)sanity;
> (void)verify;
> virReportError(VIR_ERR_INVALID_ARG, "%s",
So tls_priority is leaked in doRemoteOpen.
ACK with the above fixed.
More information about the libvir-list
mailing list