Re: [libvirt-users] certificate pinning
On Mon, Dec 10, 2018 at 01:36:37PM +0300, Anastasiya Ruzhanskaya wrote:
Ok, thank you. I will play around with it.
I also noticed, that libvirt does not use this SNI extension. Actually,this
not needed here, as we have only one location for server certificate, but
this requires some modifications in mitmproxy, as for example tls in web
browsers always include this SNI extensions.
SNI is not relevant to libvirt as it does not use HTTP / virtual hosting.
It is a completely custom binary protocol
Are there maybe other big differences in tls implementation in
libvirt or
maybe some assumptions that are taken during tls handhake process?
Libvirt just uses gnutls which is a standard impl.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|