On 15/7/25 18:09, Daniel P. Berrangé wrote:
On Tue, Jul 15, 2025 at 11:46:31AM +0200, Philippe Mathieu-Daudé wrote:
On 15/7/25 11:29, Daniel P. Berrangé wrote:
From: matoro <mat...@users.noreply.github.com>
Should we use <matoro_mailinglist_q...@matoro.tk> here?
I generally don't like to change the git metadata that a user
submits with unless it is clearly broken, which I don't think
is the case here.
I find confusing to have a distinct email for author ...
The existing implementation assumes that client/server certificates are
single individual certificates. If using publicly-issued certificates,
or internal CAs that use an intermediate issuer, this is unlikely to be
the case, and they will instead be certificate chains. While this can
be worked around by moving the intermediate certificates to the CA
certificate, which DOES currently support multiple certificates, this
instead allows the issued certificate chains to be used as-is, without
requiring the overhead of shuffling certificates around.
Corresponding libvirt change is available here:
https://gitlab.com/libvirt/libvirt/-/merge_requests/222
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Signed-off-by: matoro <matoro_mailinglist_q...@matoro.tk>
... and the S-o-b. Anyway this isn't the first case, so I don't
mind at all.
[DB: adapted for code conflicts with multi-CA patch]
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
crypto/tlscredsx509.c | 157 ++++++++++++--------------
tests/unit/test-crypto-tlscredsx509.c | 77 +++++++++++++
2 files changed, 147 insertions(+), 87 deletions(-)
With regards,
Daniel
