Package: libvirt-daemon Version: 11.3.0-3 Libvirt currently enforces the Key Encipherment certificate extension to be present in configured TLS certificates. This goes against the specification that ECDSA certificates should never contain the Key Encipherment extension.
Dropping the requirement altogether is the better option, as it is no longer a requirement with modern ciphers. Upstream references: This requirement was dropped for ECDSA certificates in 11.5.0: https://gitlab.com/libvirt/libvirt/-/commit/11867b0224a2b8dc34755ff0ace446b6842df1c1 The requirement was dropped altogether in 11.6.0: https://gitlab.com/libvirt/libvirt/-/commit/8cecd3249e5fa5478a7c53567971b4d969274ea3 Tests were corrected in: https://gitlab.com/libvirt/libvirt/-/commit/e67952b0e612c9ad3c3eec8bb692589602953ee8 Thanks in advance, Karel Van Hecke
