On 11/6/25 15:50, Daniel P. Berrangé via Devel wrote: > This series adds support for multiple certificate identities. > This is intended to aid in the transition to post-quantum > cryptography by allowing use of certs with RSA in parallel > with certs using MLDSA algorithms. > > Daniel P. Berrangé (10): > remote: use g_strfreev for free()ing lists of strings > rpc: change 'isServer' parameter from 'int' to 'bool' > rpc: refactor TLS sanity checking to support many cert files > rpc: add support for loading multiple certs & keys > remote: support specifying multiple keys/certs in libvirtd.conf > rpc: skip fallback when using custom PKI path > rpc: move file access checks into TLS config API > rpc: reduce duplication when locating credentials > rpc: support loading multiple certificate identities > docs: describe support for multiple certs & PQC config > > docs/kbase/tlscerts.rst | 88 +++++++++ > po/POTFILES | 1 + > src/libvirt_probes.d | 3 +- > src/remote/libvirtd.aug.in | 2 + > src/remote/libvirtd.conf.in | 16 ++ > src/remote/remote_daemon.c | 24 +-- > src/remote/remote_daemon_config.c | 66 ++++--- > src/remote/remote_daemon_config.h | 4 +- > src/remote/test_libvirtd.aug.in | 8 + > src/rpc/virnettlscert.c | 35 ++-- > src/rpc/virnettlscert.h | 2 +- > src/rpc/virnettlsconfig.c | 302 +++++++++++++++++++++++++----- > src/rpc/virnettlsconfig.h | 44 +++-- > src/rpc/virnettlscontext.c | 231 +++++++++++------------ > src/rpc/virnettlscontext.h | 26 +-- > tests/virnettlscontexttest.c | 10 +- > tests/virnettlssessiontest.c | 9 +- > tools/virt-pki-validate.c | 3 +- > 18 files changed, 612 insertions(+), 262 deletions(-) >
Reviewed-by: Michal Privoznik <[email protected]> Michal
