On Mon, Feb 13, 2023 at 12:58:21PM -0500, matoro_mailinglist_libvirt@matoro.tk wrote:
From: matoro <11910244-matoro3@users.noreply.gitlab.com>
The existing implementation assumes that client/server certificates are single individual certificates. If using publicly-issued certificates, or internal CAs that use an intermediate issuer, this is unlikely to be the case, and they will instead be certificate chains. While this can be worked around by moving the intermediate certificates to the CA certificate, which DOES currently support multiple certificates, this instead allows the issued certificate chains to be used as-is, without requiring the overhead of shuffling certificates around.
See: https://gitlab.com/libvirt/libvirt/-/merge_requests/222 Signed-off-by: matoro <matoro_github@matoro.tk> --- src/rpc/virnettlscontext.c | 97 +++++++++++++----------------------- tests/virnettlscontexttest.c | 72 +++++++++++++++++++++++++- 2 files changed, 104 insertions(+), 65 deletions(-)
Sorry I forgot to respond to this previously. On the libvirt side we unfortunately have the same problem as on the QEMU[1] side, in that we can't knowingly take contributions from anonymous users / obvious psuedonyms. With regards, Daniel [1] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg06942.html -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|