haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/include
History
Daniel P. Berrange 13f12430d4 crypto: add support for TLS priority string override 
The gnutls default priority is either "NORMAL" (most historical
versions of gnutls) which is a built-in label in gnutls code,
or "@SYSTEM" (latest gnutls on Fedora at least) which refers
to an admin customizable entry in a gnutls config file.

Regardless of which default is used by a distro, they are both
global defaults applying to all applications using gnutls. If
a single application on the system needs to use a weaker set
of crypto priorities, this potentially forces the weakness onto
all applications. Or conversely if a single application wants a
strong default than all others, it can't do this via the global
config file.

This adds an extra parameter to the tls credential object which
allows the mgmt app / user to explicitly provide a priority
string to QEMU when configuring TLS.

For example, to use the "NORMAL" priority, but disable SSL 3.0
one can now configure QEMU thus:

  $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
                priority="NORMAL:-VERS-SSL3.0" \
        ..other args...

If creating tls-creds-anon, whatever priority the user specifies
will always have "+ANON-DH" appended to it, since that's mandatory
to make the anonymous credentials work.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-04 15:52:43 +01:00
..
block blockjob: add AioContext attached callback 2016-06-20 14:25:41 +01:00
crypto crypto: add support for TLS priority string override 2016-07-04 15:52:43 +01:00
disas qemu-common: push cpu.h inclusion out of qemu-common.h 2016-05-19 16:42:29 +02:00
exec memory: Add MemoryRegionIOMMUOps.notify_started/stopped callbacks 2016-06-30 13:00:23 -06:00
fpu softfloat: Implement run-time-configurable meaning of signaling NaN bit 2016-06-24 13:40:37 +01:00
hw ppc/xics: Replace "icp" with "xics" in most places 2016-07-01 13:41:47 +10:00
io socket: add listen feature 2016-06-29 16:49:41 +02:00
libdecnumber include: Clean up includes 2016-02-23 12:43:05 +00:00
migration scsi: esp: fix migration 2016-06-29 14:03:47 +02:00
monitor Use scripts/clean-includes to drop redundant qemu/typedefs.h 2016-03-22 22:20:16 +01:00
net vhost-net: save & restore vring enable state 2016-06-17 03:28:03 +03:00
qapi migration: add reporting of errors for outgoing migration 2016-05-26 11:31:30 +05:30
qemu qapi: Simplify use of range.h 2016-06-30 15:28:51 +02:00
qom qom: API to get instance_size of a type 2016-06-17 16:33:48 +10:00
standard-headers linux-headers: update 2016-06-14 13:34:50 +02:00
sysemu char: change qemu_chr_fe_add_watch to return unsigned 2016-06-29 14:03:47 +02:00
ui vnc: generalize "VNC server running on ..." message 2016-06-29 14:03:47 +02:00
elf.h linux-user: Update preprocessor constants for Mips-specific e_flags bits 2016-06-24 13:41:45 +01:00
glib-compat.h vhost-user-test: fix g_cond_wait_until compat implementation 2016-06-29 16:49:40 +02:00
qemu-common.h qemu-common.h: Drop WORDS_ALIGNED define 2016-06-07 18:19:24 +03:00
qemu-io.h qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
trace-tcg.h trace: [tcg] Generate TCG tracing routines 2014-08-12 14:26:12 +01:00
trace.h trace: [tcg] Include event definitions in "trace.h" 2014-08-12 14:26:12 +01:00