[libvirt] [PATCH 8/9] remote: allow TLS priority to be customized
Peter Krempa
pkrempa at redhat.com
Wed Jun 8 11:38:42 UTC 2016
On Mon, Jun 06, 2016 at 16:09:02 +0100, Daniel Berrange wrote:
> Support reading the TLS priority from the client configuration
> file via the "tls_priority" config option, eg
>
> $ cat $HOME/.config/libvirt/libvirt.conf
> tls_priority="NORMAL:-VERS-SSL3.0"
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/remote/remote_driver.c | 17 +++++++++++++++--
> 1 file changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index b42d1d1..367f46e 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -638,6 +638,7 @@ static int
> doRemoteOpen(virConnectPtr conn,
> struct private_data *priv,
> virConnectAuthPtr auth ATTRIBUTE_UNUSED,
> + virConfPtr conf,
> unsigned int flags)
> {
> char *transport_str = NULL;
> @@ -844,6 +845,18 @@ doRemoteOpen(virConnectPtr conn,
> /* Connect to the remote service. */
> switch (transport) {
> case trans_tls:
> + if (conf && !tls_priority) {
> + virConfValuePtr val = virConfGetValue(conf, "tls_priority");
This does not copy the string ...
> + if (val) {
> + if (val->type != VIR_CONF_STRING) {
> + virReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("Config file 'tls_priority' must be a string"));
> + goto failed;
> + }
> + tls_priority = val->str;
... so make sure you copy it here due to the previously requested
change.
> + }
> + }
> +
> #ifdef WITH_GNUTLS
> priv->tls = virNetTLSContextNewClientPath(pkipath,
> geteuid() != 0 ? true : false,
ACK
More information about the libvir-list
mailing list