See 2/2 for explanation. Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1]. But that would require bumping minimal required version to gnutls-3.6.0 and I'm not sure how available it is in OSes we support. Therefore, for now let's stick with patch 2/2. 1: https://www.gnutls.org/manual/html_node/Parameter-generation.html Michal Prívozník (2): virnettlscontext: Drop gnutls_dh_set_prime_bits() virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2() src/rpc/virnettlscontext.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) -- 2.32.0
On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote: >See 2/2 for explanation. > >Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1]. >But that would require bumping minimal required version to gnutls-3.6.0 >and I'm not sure how available it is in OSes we support. Therefore, for As far as I can tell from repology.org all the major distros have 3.6.x in more than one version and definitely all those that we have in the CI, so I'd say bump that. >now let's stick with patch 2/2. > >1: https://www.gnutls.org/manual/html_node/Parameter-generation.html > >Michal Prívozník (2): > virnettlscontext: Drop gnutls_dh_set_prime_bits() > virnettlscontext: Don't pass static key length to > gnutls_dh_params_generate2() > > src/rpc/virnettlscontext.c | 15 ++++++++++----- > 1 file changed, 10 insertions(+), 5 deletions(-) > >-- >2.32.0 >
On a Wednesday in 2021, Martin Kletzander wrote: >On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote: >>See 2/2 for explanation. >> >>Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1]. >>But that would require bumping minimal required version to gnutls-3.6.0 >>and I'm not sure how available it is in OSes we support. Therefore, for > >As far as I can tell from repology.org all the major distros have 3.6.x >in more than one version and definitely all those that we have in the >CI, so I'd say bump that. > There's Ubuntu 18.04 with 3.5.18. But we could #ifndef the old code out and use the pre-generated parameters on every other distro, as recommended. Jano
On Wed, Dec 22, 2021 at 02:14:59PM +0100, Ján Tomko wrote: >On a Wednesday in 2021, Martin Kletzander wrote: >>On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote: >>>See 2/2 for explanation. >>> >>>Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1]. >>>But that would require bumping minimal required version to gnutls-3.6.0 >>>and I'm not sure how available it is in OSes we support. Therefore, for >> >>As far as I can tell from repology.org all the major distros have 3.6.x >>in more than one version and definitely all those that we have in the >>CI, so I'd say bump that. >> > >There's Ubuntu 18.04 with 3.5.18. > And we consider only LTS, so we can drop that in April when 20.04 is out for 2 years. I finally found the exact spelling in docs/platform.rst (available online at https://libvirt.org/platforms.html as well) which I always struggle to find. >But we could #ifndef the old code out and use the pre-generated >parameters on every other distro, as recommended. > Since counting the bits is so discouraged I would also prefer this option with the hopes for us remembering to remove that. Actually, can we have like a commit hook that would check current date against some file in the repository and just let us know that there might be something to remove? O:-) >Jano
© 2016 - 2024 Red Hat, Inc.