On Tue, Jul 15, 2025 at 11:46:31AM +0200, Philippe Mathieu-Daudé wrote: > On 15/7/25 11:29, Daniel P. Berrangé wrote: > > From: matoro <mat...@users.noreply.github.com> > > Should we use <matoro_mailinglist_q...@matoro.tk> here?
I generally don't like to change the git metadata that a user submits with unless it is clearly broken, which I don't think is the case here. > > > > > The existing implementation assumes that client/server certificates are > > single individual certificates. If using publicly-issued certificates, > > or internal CAs that use an intermediate issuer, this is unlikely to be > > the case, and they will instead be certificate chains. While this can > > be worked around by moving the intermediate certificates to the CA > > certificate, which DOES currently support multiple certificates, this > > instead allows the issued certificate chains to be used as-is, without > > requiring the overhead of shuffling certificates around. > > > > Corresponding libvirt change is available here: > > https://gitlab.com/libvirt/libvirt/-/merge_requests/222 > > > > Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> > > Signed-off-by: matoro <matoro_mailinglist_q...@matoro.tk> > > [DB: adapted for code conflicts with multi-CA patch] > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > > --- > > crypto/tlscredsx509.c | 157 ++++++++++++-------------- > > tests/unit/test-crypto-tlscredsx509.c | 77 +++++++++++++ > > 2 files changed, 147 insertions(+), 87 deletions(-) > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
