1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH v2] crypto: ensure we use a predictable TLS priority setting

Daniel P. Berrangé posted 1 patch 7 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20180228184947.12317-1-berrange@redhat.com
Test checkpatch passed
Test docker-build@min-glib passed
Test docker-mingw@fedora passed
Test docker-quick@centos6 passed
Test ppcbe passed
Test ppcle passed
Test s390x passed
tests/test-crypto-tlssession.c | 1 +
tests/test-io-channel-tls.c    | 1 +
2 files changed, 2 insertions(+)
[Qemu-devel] [PATCH v2] crypto: ensure we use a predictable TLS priority setting
Posted by Daniel P. Berrangé 7 years, 7 months ago 
The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

Changed in v2:

 - Fix both test cases which use TLS creds !

 tests/test-crypto-tlssession.c | 1 +
 tests/test-io-channel-tls.c    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index 1a4a066d76..82f21c27f2 100644
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                      "server" : "client"),
         "dir", certdir,
         "verify-peer", "yes",
+        "priority", "NORMAL",
         /* We skip initial sanity checks here because we
          * want to make sure that problems are being
          * detected at the TLS session validation stage,
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index a210d01ba5..47ba603e8d 100644
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                      "server" : "client"),
         "dir", certdir,
         "verify-peer", "yes",
+        "priority", "NORMAL",
         /* We skip initial sanity checks here because we
          * want to make sure that problems are being
          * detected at the TLS session validation stage,
-- 
2.14.3
Re: [Qemu-devel] [PATCH v2] crypto: ensure we use a predictable TLS priority setting
Posted by Eric Blake 7 years, 7 months ago 
On 02/28/2018 12:49 PM, Daniel P. Berrangé wrote:
> The TLS test cert generation relies on a fixed set of algorithms that are
> only usable under GNUTLS' default priority setting. When building QEMU
> with a custom distro specific priority setting, this can cause the TLS
> tests to fail. By forcing the tests to always use "NORMAL" priority we
> can make them more robust.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> 
> Changed in v2:
> 
>   - Fix both test cases which use TLS creds !

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.