git.proxmox.com Git - mirror

author	Daniel P. Berrange <berrange@redhat.com>
	Mon, 6 Jun 2016 09:05:06 +0000 (10:05 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Mon, 4 Jul 2016 14:53:19 +0000 (15:53 +0100)
commit	a1c5e949ddc3234dcb85a44b9cb9312cd9f3522f
tree	64d6aca0612b3ab851f97fa028a4445876901290	tree
parent	13f12430d48b62e2304e0e5a7c607279af68b98a	commit \| diff

crypto: allow default TLS priority to be chosen at build time

Modern gnutls can use a global config file to control the
crypto priority settings for TLS connections. For example
the priority string "@SYSTEM" instructs gnutls to find the
priority setting named "SYSTEM" in the global config file.

Latest gnutls GIT codebase gained the ability to reference
multiple priority strings in the config file, with the first
one that is found to existing winning. This means it is now
possible to configure QEMU out of the box with a default
priority of "@QEMU,SYSTEM", which says to look for the
settings "QEMU" first, and if not found, use the "SYSTEM"
settings.

To make use of this facility, we introduce the ability to
set the QEMU default priority at build time via a new
configure argument. It is anticipated that distro vendors
will set this when building QEMU to a suitable value for
use with distro crypto policy setup. eg current Fedora
would run

./configure --tls-priority=@SYSTEM

while future Fedora would run

./configure --tls-priority=@QEMU,SYSTEM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

configure		diff \| blob \| blame \| history
crypto/tlssession.c		diff \| blob \| blame \| history