[PATCH] virnettlscontext: allow client/server cert chains
Daniel P. Berrangé
berrange at redhat.com
Wed Mar 22 18:44:30 UTC 2023
On Mon, Feb 13, 2023 at 12:58:21PM -0500, matoro_mailinglist_libvirt at matoro.tk wrote:
> From: matoro <11910244-matoro3 at users.noreply.gitlab.com>
>
> The existing implementation assumes that client/server certificates are
> single individual certificates. If using publicly-issued certificates,
> or internal CAs that use an intermediate issuer, this is unlikely to be
> the case, and they will instead be certificate chains. While this can
> be worked around by moving the intermediate certificates to the CA
> certificate, which DOES currently support multiple certificates, this
> instead allows the issued certificate chains to be used as-is, without
> requiring the overhead of shuffling certificates around.
>
> See: https://gitlab.com/libvirt/libvirt/-/merge_requests/222
> Signed-off-by: matoro <matoro_github at matoro.tk>
> ---
> src/rpc/virnettlscontext.c | 97 +++++++++++++-----------------------
> tests/virnettlscontexttest.c | 72 +++++++++++++++++++++++++-
> 2 files changed, 104 insertions(+), 65 deletions(-)
Sorry I forgot to respond to this previously. On the libvirt side
we unfortunately have the same problem as on the QEMU[1] side, in that
we can't knowingly take contributions from anonymous users / obvious
psuedonyms.
With regards,
Daniel
[1] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg06942.html
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list