tests/virnettlscontexttest.c | 4 ++-- tests/virnettlssessiontest.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)
When generating certificates we rely on GNUTLS' built-in default setup
for the ciphers used in the certs. We then currently run with the distro
specific TLS priority setup which can be much stronger, to the extent
that the certificates we generate are considered untrustworthy. We don't
care about the quality of the ciphers we use in the test suite, so just
force the priority to "NORMAL" which should ensure our certs are
accepted by GNUTLS.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/virnettlscontexttest.c | 4 ++--
tests/virnettlssessiontest.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 089c10e964..86647f3014 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -72,7 +72,7 @@ static int testTLSContextInit(const void *opaque)
data->crt,
KEYFILE,
NULL,
- NULL,
+ "NORMAL",
true,
true);
} else {
@@ -80,7 +80,7 @@ static int testTLSContextInit(const void *opaque)
NULL,
data->crt,
KEYFILE,
- NULL,
+ "NORMAL",
true,
true);
}
diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
index 6d639e5b16..7e85607181 100644
--- a/tests/virnettlssessiontest.c
+++ b/tests/virnettlssessiontest.c
@@ -113,7 +113,7 @@ static int testTLSSessionInit(const void *opaque)
data->servercrt,
KEYFILE,
data->wildcards,
- NULL,
+ "NORMAL",
false,
true);
@@ -121,7 +121,7 @@ static int testTLSSessionInit(const void *opaque)
NULL,
data->clientcrt,
KEYFILE,
- NULL,
+ "NORMAL",
false,
true);
--
2.14.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-listOn Mon, Mar 05, 2018 at 01:28:24PM +0000, Daniel P. Berrangé wrote:
> When generating certificates we rely on GNUTLS' built-in default setup
> for the ciphers used in the certs. We then currently run with the distro
> specific TLS priority setup which can be much stronger, to the extent
> that the certificates we generate are considered untrustworthy. We don't
> care about the quality of the ciphers we use in the test suite, so just
> force the priority to "NORMAL" which should ensure our certs are
> accepted by GNUTLS.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
Pushing this as a build fix, since our CentOS CI is broken now it has
pulled in latest rawhide packages.
> tests/virnettlscontexttest.c | 4 ++--
> tests/virnettlssessiontest.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index 089c10e964..86647f3014 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -72,7 +72,7 @@ static int testTLSContextInit(const void *opaque)
> data->crt,
> KEYFILE,
> NULL,
> - NULL,
> + "NORMAL",
> true,
> true);
> } else {
> @@ -80,7 +80,7 @@ static int testTLSContextInit(const void *opaque)
> NULL,
> data->crt,
> KEYFILE,
> - NULL,
> + "NORMAL",
> true,
> true);
> }
> diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
> index 6d639e5b16..7e85607181 100644
> --- a/tests/virnettlssessiontest.c
> +++ b/tests/virnettlssessiontest.c
> @@ -113,7 +113,7 @@ static int testTLSSessionInit(const void *opaque)
> data->servercrt,
> KEYFILE,
> data->wildcards,
> - NULL,
> + "NORMAL",
> false,
> true);
>
> @@ -121,7 +121,7 @@ static int testTLSSessionInit(const void *opaque)
> NULL,
> data->clientcrt,
> KEYFILE,
> - NULL,
> + "NORMAL",
> false,
> true);
>
> --
> 2.14.3
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.