remote: allow TLS priority to be customized

Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg

 $ cat $HOME/.config/libvirt/libvirt.conf
 tls_priority="NORMAL:-VERS-SSL3.0"

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 6094afe6226386fb802839e60a25b42f397563be..f494cbf3a300a8707a2c17e9fea758f6133eb622 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -638,6 +638,7 @@ static int
 doRemoteOpen(virConnectPtr conn,
              struct private_data *priv,
              virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+             virConfPtr conf,
              unsigned int flags)
 {
     char *transport_str = NULL;
@@ -844,6 +845,19 @@ doRemoteOpen(virConnectPtr conn,
     /* Connect to the remote service. */
     switch (transport) {
     case trans_tls:
+        if (conf && !tls_priority) {
+            virConfValuePtr val = virConfGetValue(conf, "tls_priority");
+            if (val) {
+                if (val->type != VIR_CONF_STRING) {
+                    virReportError(VIR_ERR_INVALID_ARG, "%s",
+                                   _("Config file 'tls_priority' must be a string"));
+                    goto failed;
+                }
+                if (VIR_STRDUP(tls_priority, val->str) < 0)
+                    goto failed;
+            }
+        }
+
 #ifdef WITH_GNUTLS
         priv->tls = virNetTLSContextNewClientPath(pkipath,
                                                   geteuid() != 0 ? true : false,
@@ -1180,7 +1194,7 @@ remoteAllocPrivateData(void)
 static virDrvOpenStatus
 remoteConnectOpen(virConnectPtr conn,
                   virConnectAuthPtr auth,
-                  virConfPtr conf ATTRIBUTE_UNUSED,
+                  virConfPtr conf,
                   unsigned int flags)
 {
     struct private_data *priv;
@@ -1239,7 +1253,7 @@ remoteConnectOpen(virConnectPtr conn,
 #endif
     }
 
-    ret = doRemoteOpen(conn, priv, auth, rflags);
+    ret = doRemoteOpen(conn, priv, auth, conf, rflags);
     if (ret != VIR_DRV_OPEN_SUCCESS) {
         conn->privateData = NULL;
         remoteDriverUnlock(priv);