qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priorit

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting
Date: Wed, 28 Feb 2018 08:46:38 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 
On 02/28/2018 08:06 AM, Daniel P. Berrangé wrote:

The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.

Signed-off-by: Daniel P. Berrangé <address@hidden>
---
  tests/test-crypto-tlssession.c | 1 +
  1 file changed, 1 insertion(+)


Reviewed-by: Eric Blake <address@hidden>



diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index 1a4a066d76..82f21c27f2 100644
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -75,6 +75,7 @@ static QCryptoTLSCreds 
*test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                       "server" : "client"),
          "dir", certdir,
          "verify-peer", "yes",
+        "priority", "NORMAL",
          /* We skip initial sanity checks here because we
           * want to make sure that problems are being
           * detected at the TLS session validation stage,



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]