We were not correctly checking key usage/purpose as per RFC recommendations. We should have been treated unavailable info as a non-fatal condition, and should have honoured the criticality field -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list