]> git.proxmox.com Git - mirror_qemu.git/commitdiff
projects / mirror_qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00e5e9d)
crypto: ensure we use a predictable TLS priority setting
authorDaniel P. Berrangé <berrange@redhat.com>
Wed, 28 Feb 2018 14:04:38 +0000 (14:04 +0000)
committerDaniel P. Berrangé <berrange@redhat.com>
Fri, 6 Apr 2018 10:28:31 +0000 (11:28 +0100)
The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
tests/test-crypto-tlssession.c patch | blob | blame | history
tests/test-io-channel-tls.c patch | blob | blame | history

diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index 1a4a066d76c8597bfd06ca091e8082e35e4da916..82f21c27f270bc10f9e72e0beec33b6024d87df4 100644 (file)
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                      "server" : "client"),
         "dir", certdir,
         "verify-peer", "yes",
+        "priority", "NORMAL",
         /* We skip initial sanity checks here because we
          * want to make sure that problems are being
          * detected at the TLS session validation stage,
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index 32743b2c9637beb99601d269293106d6656d2c8b..bb88ee870f0e26a9f8f3052631c3261dc0507191 100644 (file)
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                      "server" : "client"),
         "dir", certdir,
         "verify-peer", "yes",
+        "priority", "NORMAL",
         /* We skip initial sanity checks here because we
          * want to make sure that problems are being
          * detected at the TLS session validation stage,
QEMU mirror