Skip to content

Conversation

chucklever
Copy link
Member

Commit 9253f9d added the use of the @System keyword as the initial keyword in the priority string used by tlshd. Unfortunately @System doesn't appear to work on systems that do not have a system-wide library configuration set up.

Instead of trying to pick an initial keyword that will work on all systems, let's instead use gnutls_priority_init2() with the GNUTLS_PRIORITY_INIT_DEF_APPEND flag instead. That will append our priority string to the default options.

Fixes: 9253f9d ("tlshd: Fix priority string to allow PQC")

Tested-by: Alistair Francis [email protected]
Reviewed-by: Alistair Francis [email protected]
Reviewed-by: Hannes Reinecke [email protected]

Commit 9253f9d added the use of the @System keyword as the initial
keyword in the priority string used by tlshd.  Unfortunately @System
doesn't appear to work on systems that do not have a system-wide
library configuration set up.

Instead of trying to pick an initial keyword that will work on all
systems, let's instead use gnutls_priority_init2() with the
GNUTLS_PRIORITY_INIT_DEF_APPEND flag instead.  That will *append* our
priority string to the default options.

Fixes: 9253f9d ("tlshd: Fix priority string to allow PQC")
Signed-off-by: Scott Mayhew <[email protected]>
Tested-by: Alistair Francis <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Signed-off-by: Chuck Lever <[email protected]>
@chucklever chucklever merged commit 142ee70 into main Oct 2, 2025
12 checks passed
@chucklever chucklever deleted the fix-priority-string branch October 2, 2025 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants