Commit 057ad0b4 authored Feb 28, 2018 by Daniel P. Berrangé

crypto: ensure we use a predictable TLS priority setting



The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

parent 00e5e9df

tests/test-crypto-tlssession.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
		"server" : "client"),
		"dir", certdir,
		"verify-peer", "yes",
		"priority", "NORMAL",
		/* We skip initial sanity checks here because we
		* want to make sure that problems are being
		* detected at the TLS session validation stage,

tests/test-io-channel-tls.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
		"server" : "client"),
		"dir", certdir,
		"verify-peer", "yes",
		"priority", "NORMAL",
		/* We skip initial sanity checks here because we
		* want to make sure that problems are being
		* detected at the TLS session validation stage,