[libvirt] failure to build on rawhide

Simon Josefsson simon at josefsson.org
Mon May 23 16:56:26 CEST 2011


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On 05/23/2011 11:54 AM, Daniel P. Berrange wrote:
>
>>> Try gnutls_priority_set.  What did you use 
>>> gnutls_certificate_type_set_priority for?  It is rare to really
>>> need it, a call to gnutls_set_default_priority() is usually
>>> sufficient.
>> Agreed, our current use of gnutls_certificate_type_set_priority is
>> bogus and can/should be removed, leaving just set_default_priority
>> calls.
>
> If you expect random (other than gnutls/openssl/nss) TLS implementations
> to connect to you (or you plan to connect to them), then the
> set_default_priority() might not be enough. I tried to sketch the
> reasons at:
> http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.html#Compatibility-Issues
>
> In those cases you might want to have some options configurable.

Yes, it would be nice if libvirt had a configuration knob for user to
specify the priority string.

However, as I understand it, libvirt only talks to its own
implementation, and doesn't need to be compatible with any browser SSL
legacy.  So you probably don't need to use any compatibility settings at
all.

/Simon




More information about the Gnutls-devel mailing list