a1c5e949dd
Modern gnutls can use a global config file to control the crypto priority settings for TLS connections. For example the priority string "@SYSTEM" instructs gnutls to find the priority setting named "SYSTEM" in the global config file. Latest gnutls GIT codebase gained the ability to reference multiple priority strings in the config file, with the first one that is found to existing winning. This means it is now possible to configure QEMU out of the box with a default priority of "@QEMU,SYSTEM", which says to look for the settings "QEMU" first, and if not found, use the "SYSTEM" settings. To make use of this facility, we introduce the ability to set the QEMU default priority at build time via a new configure argument. It is anticipated that distro vendors will set this when building QEMU to a suitable value for use with distro crypto policy setup. eg current Fedora would run ./configure --tls-priority=@SYSTEM while future Fedora would run ./configure --tls-priority=@QEMU,SYSTEM Signed-off-by: Daniel P. Berrange <berrange@redhat.com> |
||
---|---|---|
.. | ||
aes.c | ||
afsplit.c | ||
block-luks.c | ||
block-luks.h | ||
block-qcow.c | ||
block-qcow.h | ||
block.c | ||
blockpriv.h | ||
cipher-builtin.c | ||
cipher-gcrypt.c | ||
cipher-nettle.c | ||
cipher.c | ||
desrfb.c | ||
hash-gcrypt.c | ||
hash-nettle.c | ||
hash-stub.c | ||
hash.c | ||
init.c | ||
ivgen-essiv.c | ||
ivgen-essiv.h | ||
ivgen-plain64.c | ||
ivgen-plain64.h | ||
ivgen-plain.c | ||
ivgen-plain.h | ||
ivgen.c | ||
ivgenpriv.h | ||
Makefile.objs | ||
pbkdf-gcrypt.c | ||
pbkdf-nettle.c | ||
pbkdf-stub.c | ||
pbkdf.c | ||
random-gcrypt.c | ||
random-gnutls.c | ||
random-stub.c | ||
secret.c | ||
tlscreds.c | ||
tlscredsanon.c | ||
tlscredspriv.h | ||
tlscredsx509.c | ||
tlssession.c | ||
trace-events | ||
xts.c |