diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2018-02-28 14:04:38 +0000 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2018-04-06 11:28:31 +0100 |
commit | 057ad0b46992e3ec4ce29b9103162aa3c683f347 (patch) | |
tree | bf99c928d0e20fcd4bc145aa44eb3237a2f010c5 /tests | |
parent | 00e5e9df29453964c724f2156b6fbf32620d8b7e (diff) | |
download | qemu-057ad0b46992e3ec4ce29b9103162aa3c683f347.zip qemu-057ad0b46992e3ec4ce29b9103162aa3c683f347.tar.gz qemu-057ad0b46992e3ec4ce29b9103162aa3c683f347.tar.bz2 |
crypto: ensure we use a predictable TLS priority setting
The TLS test cert generation relies on a fixed set of algorithms that are
only usable under GNUTLS' default priority setting. When building QEMU
with a custom distro specific priority setting, this can cause the TLS
tests to fail. By forcing the tests to always use "NORMAL" priority we
can make them more robust.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test-crypto-tlssession.c | 1 | ||||
-rw-r--r-- | tests/test-io-channel-tls.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c index 1a4a066..82f21c2 100644 --- a/tests/test-crypto-tlssession.c +++ b/tests/test-crypto-tlssession.c @@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint, "server" : "client"), "dir", certdir, "verify-peer", "yes", + "priority", "NORMAL", /* We skip initial sanity checks here because we * want to make sure that problems are being * detected at the TLS session validation stage, diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c index 32743b2..bb88ee8 100644 --- a/tests/test-io-channel-tls.c +++ b/tests/test-io-channel-tls.c @@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint, "server" : "client"), "dir", certdir, "verify-peer", "yes", + "priority", "NORMAL", /* We skip initial sanity checks here because we * want to make sure that problems are being * detected at the TLS session validation stage, |