[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v5] crypto: Implement TLS Pre-Shared Keys (PSK).
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-block] [PATCH v5] crypto: Implement TLS Pre-Shared Keys (PSK). |
|
Date: |
Fri, 29 Jun 2018 18:03:43 +0100 |
|
User-agent: |
Mutt/1.10.0 (2018-05-17) |
On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> diff --git a/crypto/tlssession.c b/crypto/tlssession.c
> index 96a02deb69..50df64e0a9 100644
> --- a/crypto/tlssession.c
> +++ b/crypto/tlssession.c
> @@ -21,6 +21,7 @@
> #include "qemu/osdep.h"
> #include "crypto/tlssession.h"
> #include "crypto/tlscredsanon.h"
> +#include "crypto/tlscredspsk.h"
> #include "crypto/tlscredsx509.h"
> #include "qapi/error.h"
> #include "qemu/acl.h"
> @@ -88,6 +89,8 @@ qcrypto_tls_session_pull(void *opaque, void *buf, size_t
> len)
> return session->readFunc(buf, len, session->opaque);
> }
>
> +#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
> +#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
Unfortunately in testing this I learn ECDHE-PSK is only supported when
using GNUTLS >= 3.0, so can you make this conditional based on
GNUTLS_VERSION_MAJOR >= 3
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|