Use @System priority for TLS on Fedora >= 21

In Fedora >= 21, there is a new crypto priority framework that sets TLS policies globally for all apps. To activate this with GNUTLS we must request "@System" instead of the traditional "NORMAL" string. The '@' causes gnutls todo a lookup in its config file for the 'SYSTEM' keyword entry. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
open-power-host-os · Jun 8, 2016 · 8dfb796 · 8dfb796
1 parent 6d310c9
commit 8dfb796
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/libvirt.spec.in b/libvirt.spec.in
@@ -206,6 +206,12 @@
     %define enable_werror --disable-werror
 %endif
 
+%if 0%{?fedora} >= 21
+    %define tls_priority "@SYSTEM"
+%else
+    %define tls_priority "NORMAL"
+%endif
+
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
@@ -1152,6 +1158,7 @@ rm -f po/stamp-po
            %{arg_packager_version} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
+           --with-tls-priority=%{tls_priority} \
            %{?arg_loader_nvram} \
            %{?enable_werror} \
            --enable-expensive-tests \