[PATCH 00/10] remote: support multiple certificate identities

Thu, 06 Nov 2025 06:52:12 -0800 

This series adds support for multiple certificate identities.
This is intended to aid in the transition to post-quantum
cryptography by allowing use of certs with RSA in parallel
with certs using MLDSA algorithms.

Daniel P. Berrangé (10):
  remote: use g_strfreev for free()ing lists of strings
  rpc: change 'isServer' parameter from 'int' to 'bool'
  rpc: refactor TLS sanity checking to support many cert files
  rpc: add support for loading multiple certs & keys
  remote: support specifying multiple keys/certs in libvirtd.conf
  rpc: skip fallback when using custom PKI path
  rpc: move file access checks into TLS config API
  rpc: reduce duplication when locating credentials
  rpc: support loading multiple certificate identities
  docs: describe support for multiple certs & PQC config

 docs/kbase/tlscerts.rst           |  88 +++++++++
 po/POTFILES                       |   1 +
 src/libvirt_probes.d              |   3 +-
 src/remote/libvirtd.aug.in        |   2 +
 src/remote/libvirtd.conf.in       |  16 ++
 src/remote/remote_daemon.c        |  24 +--
 src/remote/remote_daemon_config.c |  66 ++++---
 src/remote/remote_daemon_config.h |   4 +-
 src/remote/test_libvirtd.aug.in   |   8 +
 src/rpc/virnettlscert.c           |  35 ++--
 src/rpc/virnettlscert.h           |   2 +-
 src/rpc/virnettlsconfig.c         | 302 +++++++++++++++++++++++++-----
 src/rpc/virnettlsconfig.h         |  44 +++--
 src/rpc/virnettlscontext.c        | 231 +++++++++++------------
 src/rpc/virnettlscontext.h        |  26 +--
 tests/virnettlscontexttest.c      |  10 +-
 tests/virnettlssessiontest.c      |   9 +-
 tools/virt-pki-validate.c         |   3 +-
 18 files changed, 612 insertions(+), 262 deletions(-)

-- 
2.51.1

Reply via email to