File libvirt-remote-allow-TLS-priority-to-be-customized.patch of Package libvirt

From 9ed87f39336bb1ad06573ebab94ed949650c4d6a Mon Sep 17 00:00:00 2001
Message-Id: <9ed87f39336bb1ad06573ebab94ed949650c4d6a@dist-git>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 27 Sep 2016 13:46:01 +0200
Subject: [PATCH] remote: allow TLS priority to be customized
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://bugzilla.redhat.com/show_bug.cgi?id=1333415

Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg

 $ cat $HOME/.config/libvirt/libvirt.conf
 tls_priority="NORMAL:-VERS-SSL3.0"

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 6d310c9cffa08ed7e1ea2d57113929dc831702bf)
Signed-off-by: Ján Tomko <jtomko@redhat.com>

Conflicts:
  Pass NULL to doRemoteOpen in remoteOpenSecondaryDriver
    for non-remote connections.
---
 src/remote/remote_driver.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 2d5a8e9..0174d83 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -409,6 +409,7 @@ static int
 doRemoteOpen(virConnectPtr conn,
              struct private_data *priv,
              virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+             virConfPtr conf,
              unsigned int flags)
 {
     char *transport_str = NULL;
@@ -605,6 +606,19 @@ doRemoteOpen(virConnectPtr conn,
     /* Connect to the remote service. */
     switch (transport) {
     case trans_tls:
+        if (conf && !tls_priority) {
+            virConfValuePtr val = virConfGetValue(conf, "tls_priority");
+            if (val) {
+                if (val->type != VIR_CONF_STRING) {
+                    virReportError(VIR_ERR_INVALID_ARG, "%s",
+                                   _("Config file 'tls_priority' must be a string"));
+                    goto failed;
+                }
+                if (!(tls_priority = strdup(val->str)))
+                    goto no_memory;
+            }
+        }
+
         priv->tls = virNetTLSContextNewClientPath(pkipath,
                                                   geteuid() != 0 ? true : false,
                                                   tls_priority,
@@ -931,7 +945,7 @@ remoteOpenSecondaryDriver(virConnectPtr conn,
     if (flags & VIR_CONNECT_RO)
         rflags |= VIR_DRV_OPEN_REMOTE_RO;
 
-    ret = doRemoteOpen(conn, *priv, auth, rflags);
+    ret = doRemoteOpen(conn, *priv, auth, NULL, rflags);
     if (ret != VIR_DRV_OPEN_SUCCESS) {
         remoteDriverUnlock(*priv);
         VIR_FREE(*priv);
@@ -946,7 +960,7 @@ remoteOpenSecondaryDriver(virConnectPtr conn,
 static virDrvOpenStatus
 remoteOpen (virConnectPtr conn,
             virConnectAuthPtr auth,
-            virConfPtr conf ATTRIBUTE_UNUSED,
+            virConfPtr conf,
             unsigned int flags)
 {
     struct private_data *priv;
@@ -1003,7 +1017,7 @@ remoteOpen (virConnectPtr conn,
 #endif
     }
 
-    ret = doRemoteOpen(conn, priv, auth, rflags);
+    ret = doRemoteOpen(conn, priv, auth, conf, rflags);
     if (ret != VIR_DRV_OPEN_SUCCESS) {
         conn->privateData = NULL;
         remoteDriverUnlock(priv);
-- 
2.10.1
Places

File libvirt-remote-allow-TLS-priority-to-be-customized.patch of Package libvirt

Places
