rpms / qemu

Clone
Source Code
GIT

Blame 0001-crypto-ensure-we-use-a-predictable-TLS-priority-sett.patch

el4 el5 el6 eln epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main private-bonzini-demo private-bonzini-demo-f20 private-bonzini-el6 private-bonzini-mpath private-bonzini-tcmalloc private-ehabkost-fixing-exclusivearch private-glommer-merge rawhide
  1.   6269069f2710198b3cfd71399ef79e8fdb56bc61
  2.   0001-crypto-ensure-we-use-a-predictable-TLS-priority-sett.patch
Blob History Raw
29249a7 
From 11e1a77f98b2663a6fb0b640bff2ceedc6fc79f8 Mon Sep 17 00:00:00 2001
29249a7 
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
29249a7 
Date: Wed, 28 Feb 2018 14:04:38 +0000
29249a7 
Subject: [PATCH] crypto: ensure we use a predictable TLS priority setting
29249a7 
MIME-Version: 1.0
29249a7 
Content-Type: text/plain; charset=UTF-8
29249a7 
Content-Transfer-Encoding: 8bit
29249a7
29249a7 
The TLS test cert generation relies on a fixed set of algorithms that are
29249a7 
only usable under GNUTLS' default priority setting. When building QEMU
29249a7 
with a custom distro specific priority setting, this can cause the TLS
29249a7 
tests to fail. By forcing the tests to always use "NORMAL" priority we
29249a7 
can make them more robust.
29249a7
29249a7 
Reviewed-by: Eric Blake <eblake@redhat.com>
29249a7 
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
29249a7 
---
29249a7 
 tests/test-crypto-tlssession.c | 1 +
29249a7 
 tests/test-io-channel-tls.c    | 1 +
29249a7 
 2 files changed, 2 insertions(+)
29249a7
29249a7 
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
29249a7 
index 1a4a066d76..82f21c27f2 100644
29249a7 
--- a/tests/test-crypto-tlssession.c
29249a7 
+++ b/tests/test-crypto-tlssession.c
29249a7 
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
29249a7 
                      "server" : "client"),
29249a7 
         "dir", certdir,
29249a7 
         "verify-peer", "yes",
29249a7 
+        "priority", "NORMAL",
29249a7 
         /* We skip initial sanity checks here because we
29249a7 
          * want to make sure that problems are being
29249a7 
          * detected at the TLS session validation stage,
29249a7 
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
29249a7 
index a210d01ba5..47ba603e8d 100644
29249a7 
--- a/tests/test-io-channel-tls.c
29249a7 
+++ b/tests/test-io-channel-tls.c
29249a7 
@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
29249a7 
                      "server" : "client"),
29249a7 
         "dir", certdir,
29249a7 
         "verify-peer", "yes",
29249a7 
+        "priority", "NORMAL",
29249a7 
         /* We skip initial sanity checks here because we
29249a7 
          * want to make sure that problems are being
29249a7 
          * detected at the TLS session validation stage,
29249a7 
--
29249a7 
2.14.3
29249a7
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.