search for: tls_priority

...;--tls=require>) about the missing certificates. If TLS certificates can be loaded from the built-in path or from the I<--tls-certificates> directory, then TLS will by default be enabled @@ -968,6 +1000,7 @@ L<https://en.wikipedia.org/wiki/Fibre_Channel_over_Ethernet>. L<gnutls_priority_init(3)>, L<qemu-img(1)>, +L<psktool(1)>, L<systemd.socket(5)>. =head1 AUTHORS diff --git a/src/crypto.c b/src/crypto.c index 23c5c8f..6af3977 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -37,10 +37,12 @@ #include <stdlib.h> #include <stdarg.h> #include &...

...ut there does not seem to be a way to specify TLS priority in libvirt's qemu conf. Solvable via compile time --tls-priority flag, but that's not very convenient. Is there a way to set TLS priority for QEMU TLS connections from libvirt configs? This would be equivalent to libvirtd.conf's tls_priority setting, but for QEMU, not for libvirt's own connections. 3) After setting up default_tls_x509_cert_dir and default_tls_x509_verify = 1 (and directories as required see 1), virsh initiated migrations with --tls flag succeed and captures show that it's using TLS. However, they equally succ...

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

v2: * Improved documentation. * Added a test (interop with qemu client).

...em to be a > way to specify TLS priority in libvirt's qemu conf. Solvable via > compile time --tls-priority flag, but that's not very convenient. Is > there a way to set TLS priority for QEMU TLS connections from libvirt > configs? This would be equivalent to libvirtd.conf's tls_priority > setting, but for QEMU, not for libvirt's own connections. Hmm, this might be useful. Please file a feature request. > 3) After setting up default_tls_x509_cert_dir and > default_tls_x509_verify = 1 (and directories as required see 1), > virsh initiated migrations with --tls fla...

...erify_peer (lp_ctx=0x0) at default/lib/param/param_functions.c:352 No locals. #1 0x00007fffe3ce895f in ldap_connect_send (conn=0xd30e70, url=url at entry=0xad02d4 "ldaps://ldap.motec.com.au") at ../source4/libcli/ldap/ldap_client.c:469 ca_file = 0x0 crl_file = 0x0 tls_priority = 0x0 verify_peer = <optimized out> status = {v = 0} result = 0xd31180 ctx = <optimized out> state = 0xd31220 protocol = "ldaps\000\000\000", <incomplete sequence \336> ret = <optimized out> #2 0x00007fffe3ce...

On Fri, 2017-02-17 at 07:48 +1100, Tom Robinson via samba wrote: > Anyone? Can you please post a gdb backtrace --full? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 862 bytes Desc: This is a digitally signed message part URL:

This isn't quite finished because not all of the tests or examples have been updated, but it demonstrates an idea: Should we forget about the concept of having multiple connections managed under a single handle? In this patch there is a single ‘struct nbd_handle *’ which manages a single state machine and connection (and therefore no nbd_connection). To connect to a multi-conn server you must