[Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting
@ 2018-02-28 14:06 Daniel P. Berrangé
  2018-02-28 14:46 ` Eric Blake
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel P. Berrangé @ 2018-02-28 14:06 UTC (permalink / raw)
  To: qemu-devel

The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 tests/test-crypto-tlssession.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index 1a4a066d76..82f21c27f2 100644
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                      "server" : "client"),
         "dir", certdir,
         "verify-peer", "yes",
+        "priority", "NORMAL",
         /* We skip initial sanity checks here because we
          * want to make sure that problems are being
          * detected at the TLS session validation stage,
-- 
2.14.3

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting
  2018-02-28 14:06 [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting Daniel P. Berrangé
@ 2018-02-28 14:46 ` Eric Blake
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Blake @ 2018-02-28 14:46 UTC (permalink / raw)
  To: Daniel P. Berrangé, qemu-devel

On 02/28/2018 08:06 AM, Daniel P. Berrangé wrote:
> The TLS test cert generation relies on a fixed set of algorithms that are
> only usable under GNUTLS' default priority setting. When building QEMU
> with a custom distro specific priority setting, this can cause the TLS
> tests to fail. By forcing the tests to always use "NORMAL" priority we
> can make them more robust.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   tests/test-crypto-tlssession.c | 1 +
>   1 file changed, 1 insertion(+)

Reviewed-by: Eric Blake <eblake@redhat.com>

> 
> diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
> index 1a4a066d76..82f21c27f2 100644
> --- a/tests/test-crypto-tlssession.c
> +++ b/tests/test-crypto-tlssession.c
> @@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
>                        "server" : "client"),
>           "dir", certdir,
>           "verify-peer", "yes",
> +        "priority", "NORMAL",
>           /* We skip initial sanity checks here because we
>            * want to make sure that problems are being
>            * detected at the TLS session validation stage,
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-02-28 14:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-28 14:06 [Qemu-devel] [PATCH] crypto: ensure we use a predictable TLS priority setting Daniel P. Berrangé
2018-02-28 14:46 ` Eric Blake

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).