On Mon, Feb 13, 2023 at 12:58:21PM -0500, matoro_mailinglist_libvirt@xxxxxxxxx wrote: > From: matoro <11910244-matoro3@xxxxxxxxxxxxxxxxxxxxxxxx> > > The existing implementation assumes that client/server certificates are > single individual certificates. If using publicly-issued certificates, > or internal CAs that use an intermediate issuer, this is unlikely to be > the case, and they will instead be certificate chains. While this can > be worked around by moving the intermediate certificates to the CA > certificate, which DOES currently support multiple certificates, this > instead allows the issued certificate chains to be used as-is, without > requiring the overhead of shuffling certificates around. > > See: https://gitlab.com/libvirt/libvirt/-/merge_requests/222 > Signed-off-by: matoro <matoro_github@xxxxxxxxx> > --- > src/rpc/virnettlscontext.c | 97 +++++++++++++----------------------- > tests/virnettlscontexttest.c | 72 +++++++++++++++++++++++++- > 2 files changed, 104 insertions(+), 65 deletions(-) Sorry I forgot to respond to this previously. On the libvirt side we unfortunately have the same problem as on the QEMU[1] side, in that we can't knowingly take contributions from anonymous users / obvious psuedonyms. With regards, Daniel [1] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg06942.html -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
