crypto: ensure we use a predictable TLS priority setting

The TLS test cert generation relies on a fixed set of algorithms that are only usable under GNUTLS' default priority setting. When building QEMU with a custom distro specific priority setting, this can cause the TLS tests to fail. By forcing the tests to always use "NORMAL" priority we can make them more robust. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
8 years ago · 057ad0b469
2 changed files with 2 additions and 0 deletions
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@ -75,6 +75,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                     "server" : "client"),
        "dir", certdir,
        "verify-peer", "yes",
+        "priority", "NORMAL",
        /* We skip initial sanity checks here because we
         * want to make sure that problems are being
         * detected at the TLS session validation stage,
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@ -78,6 +78,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
                     "server" : "client"),
        "dir", certdir,
        "verify-peer", "yes",
+        "priority", "NORMAL",
        /* We skip initial sanity checks here because we
         * want to make sure that problems are being
         * detected at the TLS session validation stage,