|
Daniel P. Berrangé |
29249a |
From 11e1a77f98b2663a6fb0b640bff2ceedc6fc79f8 Mon Sep 17 00:00:00 2001
|
|
Daniel P. Berrangé |
29249a |
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
Daniel P. Berrangé |
29249a |
Date: Wed, 28 Feb 2018 14:04:38 +0000
|
|
Daniel P. Berrangé |
29249a |
Subject: [PATCH] crypto: ensure we use a predictable TLS priority setting
|
|
Daniel P. Berrangé |
29249a |
MIME-Version: 1.0
|
|
Daniel P. Berrangé |
29249a |
Content-Type: text/plain; charset=UTF-8
|
|
Daniel P. Berrangé |
29249a |
Content-Transfer-Encoding: 8bit
|
|
Daniel P. Berrangé |
29249a |
|
|
Daniel P. Berrangé |
29249a |
The TLS test cert generation relies on a fixed set of algorithms that are
|
|
Daniel P. Berrangé |
29249a |
only usable under GNUTLS' default priority setting. When building QEMU
|
|
Daniel P. Berrangé |
29249a |
with a custom distro specific priority setting, this can cause the TLS
|
|
Daniel P. Berrangé |
29249a |
tests to fail. By forcing the tests to always use "NORMAL" priority we
|
|
Daniel P. Berrangé |
29249a |
can make them more robust.
|
|
Daniel P. Berrangé |
29249a |
|
|
Daniel P. Berrangé |
29249a |
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Daniel P. Berrangé |
29249a |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Daniel P. Berrangé |
29249a |
---
|
|
Daniel P. Berrangé |
29249a |
tests/test-crypto-tlssession.c | 1 +
|
|
Daniel P. Berrangé |
29249a |
tests/test-io-channel-tls.c | 1 +
|
|
Daniel P. Berrangé |
29249a |
2 files changed, 2 insertions(+)
|
|
Daniel P. Berrangé |
29249a |
|
|
Daniel P. Berrangé |
29249a |
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
|
|
Daniel P. Berrangé |
29249a |
index 1a4a066d76..82f21c27f2 100644
|
|
Daniel P. Berrangé |
29249a |
--- a/tests/test-crypto-tlssession.c
|
|
Daniel P. Berrangé |
29249a |
+++ b/tests/test-crypto-tlssession.c
|
|
Daniel P. Berrangé |
29249a |
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
|
|
Daniel P. Berrangé |
29249a |
"server" : "client"),
|
|
Daniel P. Berrangé |
29249a |
"dir", certdir,
|
|
Daniel P. Berrangé |
29249a |
"verify-peer", "yes",
|
|
Daniel P. Berrangé |
29249a |
+ "priority", "NORMAL",
|
|
Daniel P. Berrangé |
29249a |
/* We skip initial sanity checks here because we
|
|
Daniel P. Berrangé |
29249a |
* want to make sure that problems are being
|
|
Daniel P. Berrangé |
29249a |
* detected at the TLS session validation stage,
|
|
Daniel P. Berrangé |
29249a |
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
|
|
Daniel P. Berrangé |
29249a |
index a210d01ba5..47ba603e8d 100644
|
|
Daniel P. Berrangé |
29249a |
--- a/tests/test-io-channel-tls.c
|
|
Daniel P. Berrangé |
29249a |
+++ b/tests/test-io-channel-tls.c
|
|
Daniel P. Berrangé |
29249a |
@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
|
|
Daniel P. Berrangé |
29249a |
"server" : "client"),
|
|
Daniel P. Berrangé |
29249a |
"dir", certdir,
|
|
Daniel P. Berrangé |
29249a |
"verify-peer", "yes",
|
|
Daniel P. Berrangé |
29249a |
+ "priority", "NORMAL",
|
|
Daniel P. Berrangé |
29249a |
/* We skip initial sanity checks here because we
|
|
Daniel P. Berrangé |
29249a |
* want to make sure that problems are being
|
|
Daniel P. Berrangé |
29249a |
* detected at the TLS session validation stage,
|
|
Daniel P. Berrangé |
29249a |
--
|
|
Daniel P. Berrangé |
29249a |
2.14.3
|
|
Daniel P. Berrangé |
29249a |
|