From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 3/3] crypto: ensure we use a predictable TLS priority setting
Date: Fri, 6 Apr 2018 14:30:46 +0100 [thread overview]
Message-ID: <20180406133046.5682-4-berrange@redhat.com> (raw)
In-Reply-To: <20180406133046.5682-1-berrange@redhat.com>
The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/test-crypto-tlssession.c | 1 +
tests/test-io-channel-tls.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index 1a4a066d76..82f21c27f2 100644
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
"server" : "client"),
"dir", certdir,
"verify-peer", "yes",
+ "priority", "NORMAL",
/* We skip initial sanity checks here because we
* want to make sure that problems are being
* detected at the TLS session validation stage,
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index 32743b2c96..bb88ee870f 100644
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
"server" : "client"),
"dir", certdir,
"verify-peer", "yes",
+ "priority", "NORMAL",
/* We skip initial sanity checks here because we
* want to make sure that problems are being
* detected at the TLS session validation stage,
--
2.14.3
next prev parent reply other threads:[~2018-04-06 13:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-06 13:30 [Qemu-devel] [PULL for-2.12 0/3] Qcrypto next patches Daniel P. Berrangé
2018-04-06 13:30 ` [Qemu-devel] [PULL 1/3] docs: update information for TLS certificate management Daniel P. Berrangé
2018-04-06 13:30 ` [Qemu-devel] [PULL 2/3] docs: Document -object tls-creds-x509 priority=xxx Daniel P. Berrangé
2018-04-06 13:30 ` Daniel P. Berrangé [this message]
2018-04-06 18:13 ` [Qemu-devel] [PULL for-2.12 0/3] Qcrypto next patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180406133046.5682-4-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).