bool isServer;
bool requireValidCert;
const char *const*x509dnWhitelist;
+ char *priority;
};
struct _virNetTLSSession {
const char *cert,
const char *key,
const char *const*x509dnWhitelist,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert,
bool isServer)
if (!(ctxt = virObjectLockableNew(virNetTLSContextClass)))
return NULL;
+ if (VIR_STRDUP(ctxt->priority, priority) < 0)
+ goto error;
+
err = gnutls_certificate_allocate_credentials(&ctxt->x509cred);
if (err) {
virReportError(VIR_ERR_SYSTEM_ERROR,
static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
bool tryUserPkiPath,
const char *const*x509dnWhitelist,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert,
bool isServer)
return NULL;
ctxt = virNetTLSContextNew(cacert, cacrl, cert, key,
- x509dnWhitelist, sanityCheckCert,
+ x509dnWhitelist, priority, sanityCheckCert,
requireValidCert, isServer);
VIR_FREE(cacert);
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath,
const char *const*x509dnWhitelist,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnWhitelist,
+ return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnWhitelist, priority,
sanityCheckCert, requireValidCert, true);
}
virNetTLSContextPtr virNetTLSContextNewClientPath(const char *pkipath,
bool tryUserPkiPath,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNewPath(pkipath, tryUserPkiPath, NULL,
+ return virNetTLSContextNewPath(pkipath, tryUserPkiPath, NULL, priority,
sanityCheckCert, requireValidCert, false);
}
const char *cert,
const char *key,
const char *const*x509dnWhitelist,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnWhitelist,
+ return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnWhitelist, priority,
sanityCheckCert, requireValidCert, true);
}
const char *cacrl,
const char *cert,
const char *key,
+ const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNew(cacert, cacrl, cert, key, NULL,
+ return virNetTLSContextNew(cacert, cacrl, cert, key, NULL, priority,
sanityCheckCert, requireValidCert, false);
}
PROBE(RPC_TLS_CONTEXT_DISPOSE,
"ctxt=%p", ctxt);
+ VIR_FREE(ctxt->priority);
gnutls_dh_params_deinit(ctxt->dhParams);
gnutls_certificate_free_credentials(ctxt->x509cred);
}
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- if ((err = gnutls_priority_set_direct(sess->session, TLS_PRIORITY, NULL)) != 0) {
+ if ((err = gnutls_priority_set_direct(sess->session,
+ ctxt->priority ? ctxt->priority : TLS_PRIORITY,
+ NULL)) != 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Failed to set TLS session priority to %s: %s"),
- TLS_PRIORITY, gnutls_strerror(err));
+ ctxt->priority ? ctxt->priority : TLS_PRIORITY, gnutls_strerror(err));
goto error;
}
projects / thirdparty / libvirt.git / commitdiff
