Re: [libvirt-users] certificate pinning

2018-12-10 Thread Daniel P . Berrangé
On Mon, Dec 10, 2018 at 01:36:37PM +0300, Anastasiya Ruzhanskaya wrote: > Ok, thank you. I will play around with it. > > I also noticed, that libvirt does not use this SNI extension. Actually,this > not needed here, as we have only one location for server certificate, but > this requires some modi

Re: [libvirt-users] certificate pinning

2018-12-10 Thread Anastasiya Ruzhanskaya
Ok, thank you. I will play around with it. I also noticed, that libvirt does not use this SNI extension. Actually,this not needed here, as we have only one location for server certificate, but this requires some modifications in mitmproxy, as for example tls in web browsers always include this SNI

Re: [libvirt-users] certificate pinning

2018-12-10 Thread Daniel P . Berrangé
On Mon, Dec 10, 2018 at 01:22:32PM +0300, Anastasiya Ruzhanskaya wrote: > And how libvirt checks that it trusts the CA? Just simply inspects the > cacert.pem file? Or it has some information inside about by which CA were > signed client and server certificates and then compares against stored > val

Re: [libvirt-users] certificate pinning

2018-12-10 Thread Anastasiya Ruzhanskaya
And how libvirt checks that it trusts the CA? Just simply inspects the cacert.pem file? Or it has some information inside about by which CA were signed client and server certificates and then compares against stored values? I mean can I just concatenate after signing or I need to combine two CAs be

Re: [libvirt-users] certificate pinning

2018-12-10 Thread Daniel P . Berrangé
Re-adding the libvirt-users list - please don't take discussions off-list. On Mon, Dec 10, 2018 at 01:10:18PM +0300, Anastasiya Ruzhanskaya wrote: > I already found out how to set up all the certificates and tls works fine > for me. > What if I want to put a proxy between client and server in libv

Re: [libvirt-users] certificate pinning

2018-12-10 Thread Daniel P . Berrangé
On Sat, Dec 08, 2018 at 11:19:40AM +0300, Anastasiya Ruzhanskaya wrote: > Hello! > Does libvirt uses certificate pinning in tls? I want to setup a transparent > proxy (mitmproxy) and can't do this even after I added mitmproxy ca > certificate to the trusted certificates in ubuntu. Libvirt doesn't

Re: [libvirt-users] certificate pinning

2018-12-08 Thread Anastasiya Ruzhanskaya
And how I can tell libvirt to trust multiple CAs? сб, 8 дек. 2018 г. в 11:19, Anastasiya Ruzhanskaya < anastasiya.ruzhansk...@frtk.ru>: > Hello! > Does libvirt uses certificate pinning in tls? I want to setup a > transparent proxy (mitmproxy) and can't do this even after I added > mitmproxy ca ce

[libvirt-users] certificate pinning

2018-12-08 Thread Anastasiya Ruzhanskaya
Hello! Does libvirt uses certificate pinning in tls? I want to setup a transparent proxy (mitmproxy) and can't do this even after I added mitmproxy ca certificate to the trusted certificates in ubuntu. ___ libvirt-users mailing list libvirt-users@redhat.c