[PATCH] virnettlscontext: allow client/server cert chains

[Daniel P. Berrangé]

On Mon, Feb 13, 2023 at 12:58:21PM -0500, matoro_mailinglist_libvirt at matoro.tk wrote:
> From: matoro <11910244-matoro3 at users.noreply.gitlab.com>
> 
> The existing implementation assumes that client/server certificates are
> single individual certificates.  If using publicly-issued certificates,
> or internal CAs that use an intermediate issuer, this is unlikely to be
> the case, and they will instead be certificate chains.  While this can
> be worked around by moving the intermediate certificates to the CA
> certificate, which DOES currently support multiple certificates, this
> instead allows the issued certificate chains to be used as-is, without
> requiring the overhead of shuffling certificates around.
> 
> See: https://gitlab.com/libvirt/libvirt/-/merge_requests/222
> Signed-off-by: matoro <matoro_github at matoro.tk>
> ---
>  src/rpc/virnettlscontext.c   | 97 +++++++++++++-----------------------
>  tests/virnettlscontexttest.c | 72 +++++++++++++++++++++++++-
>  2 files changed, 104 insertions(+), 65 deletions(-)

Sorry I forgot to respond to this previously. On the libvirt side
we unfortunately have the same problem as on the QEMU[1] side, in that
we can't knowingly take contributions from anonymous users / obvious
psuedonyms.

With regards,
Daniel

[1] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg06942.html

-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|